[New Feature] Magic login link workflow action

+1 the “Just create code, don’t send email” checkbox isn’t working @governess.simpson


it doesn’t work for me either, were you able to solve it?

I try use checkbox Just create code, don’t send email” checkbox isn’t working

Is magic login working for you?
I have a backend workflow that sends the magic login link and it isn’t working for some reason.

The email comes with the link, the link navigates to the right page. But CurrentUser is empty and not logged in…

@governess.simpson is this feature working at the moment?


Hrm, it’s working fine for me, but I don’t have it as a backend workflow.

1 Like

so I found the issue in my app.

Working fine for me now as well.

For various reasons that I won’t bore people, I didn’t use Schedule API workflow to hit the backend but went via the API connector to call the app itself.

In that scenario, magic login link doesn’t work. (perhaps a little edge case bug?)

Moved the magic login outside into the front-end and it is fine.
Also tested with a simple schedule API workflow to send via backend, that is fine too.



Quick question… Any way to use “stay logged in” with magic link? Setting a manual cookie?

Thanks :slight_smile:


Can you remove the warning if the link has expired? I just want Users to head straight to the backup link.

Did you ever end up figuring this out? I am also running into this issue :thinking:

@mike8 @nick.carroll @governess.simpson

Hi there, just had a very interesting bug and also found a fix with the following flow:

  1. Button in front-end triggering a backend workflow through the API connector

  2. Creating the magic link in the backend workflow as “don’t send email, create link only” and returning the data through the “Return data” workflow action

  3. Opening the link returned from the API call “Result of step …” with a “Open external link”

For some reason, the link was successfully generated, but opening the link resulted in absolutely no effect.
It opened the right page (the success page), without logging the user or showing any error message. Same behaviour on another browser, or if a user was already logged in.
Opening the link multiple times also resulted in no expired error message.

I found that the generated link was https://myapp.bubbleapps.io/version-live/api... and changed it to its set domain name and removed the version path (https://myapp.com/api...) worked well.

So if you’re experiencing this @ZubairLK you can try a “Find and replace” action on the generated URL.


We have received multiple cases of an expired link being received by users.
The user receives the email fine but when they click it, they see

This link is expired or has already been used. Please request another.

Our suspicion is corporate firewalls and spam checkers. But I thought I’d flag this again as this probably needs some fixing, please.


1 Like

Did you ever figure out what caused this? I’m getting the same complaint from our users

Nope. Users facing this in two apps.

I figured out a solution for our users! It’s not the most ideal, but until bubble makes a fix for this, it will do!

So, you were correct that this is due to some corporate spam filters that some companies have in place. This means that the link is being opened before they get the chance to click on it, and causing the error.

Solution: Make a simple “redirect” page that will push the user forward to the correct link. I made a page called /backup-login, and send the user to that page instead if they’re having issues. I put the “key” in the parameters.

When the page loads, it will redirect them to the link: /api/1.1/login-link?key=X

You can have them push a button to go there, (which is what I do) or make them redirect in a different way – either way, make sure you check here: https://wheregoes.com/ to make sure you aren’t loading the /api/ page automatically


Oo. This could work!


@sam8 Could Bubble please enable us to choose to disable the “link can only be used once” aspect of the magic link? That seems like a cleaner solution than @jared8’s workaround for spam filters


I raise @greg18 idea.

Most of the links that we send are openable, but we have multiple times in our error logs a link that triggers an unhandled error: This link is expired or has already been used.

I have settled up a link rebrand to prevent this, but it seems the spam filters can reach the final link anyway, so we still have the issue for a small number of users, but the problem is there.


1 Like

Hi all - just chiming in to let you know your concerns have been heard and we are looking into a fix to prevent spam filters, etc., from eating clicks


Time based limits would suffice (1-hour, 24 hours, etc). Or let us select the number of clicks allowed? Or just allow 2!

I just submitted as an idea to allow the magic link to verify a new user’s email.
Together with the “send data on login” feature this would create a really powerful system to:

sign up → confirm email by clicking on magic link → automatic login and redirect to last visited page (usually checkout/order confirm page)

This would be huge, less chances to loose a customer before the last click

1 Like