If you give them a response in that way, it actually would be a security concern because people can try different emails until they find one that is valid. I have seen different apps give a response that says, if you have an account associated with this email then you will get an email with a link… etc. Not sure if that would help though.
its all good, i actually made one part better whilst I was figuring it out…
Problem is because ‘something’ appears to be following the magic links and invalidating them, it will undoubtably be the same for password recovery links…
So I guess I will have to set a random ‘pin’ on the account that expires using some logic after a set period to get around it so they can login and reset the password (by first me setting a new random password and using that to allow them to reset ) seems like madness for something that is actually working
I think I have seen something like that before on the forum. Either something in outlook or a preview of the link makes it invalid because it was already used. I can’t remember how this was resolved though.
I did have a dig around and found a few recent issue with people an Magic links being invalid but I don’t think they knew the reason. I posted that it could be Microsoft security related… due to my issues.
It appears the password reset has a 24 hour grace window and following the link doesn’t invalidate the token, so that is good at least for this situation - but I didn’t want passwords