Magic link with >24 hour expiration?

Thanks for the offer.

I eventually got this working but with a slightly different setup than you suggested. An added wrinkle is that we also support regular password login, so wiping out users passwords and replacing with temporary ones in this flow is not an option.

I settled on a backend wf api endpoint that validates the token and cross validates with a hash. If the validation passes, the backend api returns a magic link for the authorized user. On arrival to the router page, I call the workflow api endpoint from the api connector, and if a valid link is returned do an immediate redirect.

End result: functional custom magic login without exposing unnecessary data to the front end.

One slightly surprising thing: if you create a bubble workflow api endpoint that you intend to call with the api connector from inside your own app, this will still require the API endpoint to be exposed externally, as every call through the api connector looks external, even if it is your own app. Anyone else who wants to do this kind of thing: don’t forget to create the api key and require authorization on your endpoint.