Its been a while @mattblake since ive thought about this and the Microsoft active threat defence for corps follows the links to check they dont redirect to bad things and therefore invalidate magic links.
Ill assume this may be built in to a few other things aswell to protect against malicious actors, and sadly yes, hours of testing led me to step in the middle.
Theoretically you dont need a button click, just an arbitrary delay and a redirect 
. Glad it was useful
This (!!!) was a BRILLIANT workaround. Saved me so much. THANK YOU.
This works really nicely, thanks. Can I just check that the 1s delay is because Outlook will click on the link but not keep it open for a full second, so won’t actually trigger the magic login link?
I just wanted to check that I’d understood why this works properly.
thanks!
No, it is because the magic link itself is hosted on the page, and passed as a URL parameter. So the firewall just opens the page where the magic link exists (linked on a button, for example), but the magic link itself is not the actual link passed in the email to the user.
I couldn’t get it to work… 
Any body here can explain the url structure that needs to be built ?
Thank you 
hey there, its been a while since ive looked at the issue, so ill try to refresh.
you need a back end workflow to send the magic link, and capture the token.
this is important, you dont get a clean token so yo need this to get the right part:
this sends the user a link with a link to the page youtwebsite.com/magic?key=23123131113121312x12312313113 (<-- for example)
on the magic page we look for the parameter and then redirect to the bubble native token login url -
![{B32ADF40-839E-4416-81B7-EF61D6817610}|690x226]
hope that helps
Hey @stuart4 thanks very much.
But it seems some of the content didnt’t work/upload…
I did the first part (url generation + cropping).
But I’m missing the redirect url structure…
And I guess the redirection (open an external website) has to direct to the same page as the ‘create magic link’ action? Or can the token be used anywhere ?
I’m still missing something but I can’t see what…
Thank you
happy to help, can you show me screen shots, loop, gif etc of what you have?
the key here is to make sure you first can view the magic link tokens in an email to yourself - ill assume you did that.
then in the email build out a structure like this
yourbubbleapp.com/version-test/magic?= ← then add the token and only the token
make sure its in there
then on the /magic page check to see if the parameter is there and if it contains a value.
then if it does we have the button link to yourdomain.com/ → this path → api/1.1/login-link?key=Get key from page URL (where this is the token that needs to be unique, and only ever used once… or you start again)
this image is probably the key one tha went missing
its the secret api path to your bubble app that get the token and logs you in… well not secret… but you get me 
Thanks @stuart4
I did everything you describe and I can’t get it to work 
All I get is ‘invalid login link’…
ok so it can be tricky because it can and will invalidate every time you use it and you can get lost
The way i do it is forget the buttons etc for the time being - do it bit by bit.
get a google sheet with the full redirect url e.g what you have above. where its just missing the token.
then send yourself an email where you get the maigic link token - then add the token to the end of the url and test that in isolation… then work backward to constructing the button and all the other clever stuff.
it will almost certainly be the url youve constructed is incorrect or the token is expired via a click… so just get the token id in the email.
Hey @stuart4
Thanks for your patience and your kind words.
I was 
that close to giving up.
Turns out I just had a typo in the ‘get data from url’ 
It works now 
Brilliant - I was expecting that to be the case.. glad you dint give up, I was happy to help. I know the pain of fighting in isolation with only the faceless (kind of) forum to ‘help’ and our AI friends.
I’ve just been fighting with bubble and CORS and to be honest I am 90% sure it was not me… but I guess I will never know.. it ‘works’ now… @tart2000design
