Would appreciate an automated way to never have to really worry about expiration. I have a magic link login flow where my users could be waiting days to login from the magic link, so if it expires I’d like them to be able to just click on the link they get in the email and then it just automatically creates a new one and sends them the updated one. In an ideal world they just never expire frankly though and stay persistent until being used one but I understand for security reasons if that’s not possible.
Typically when people sign up they are expecting the magic login to complete so a 1 hour duration seems fine. For my apps, we have a staff table that holds contact details and admins invite staff to join as users as required.
So users aren’t expecting the email and might be on leave/sick/too busy to see the email. we built a page for admins to see if staff have joined as users and can do a one click resend of the email. We can also automate this if required.
Your suggestion of automating a resend would save all of this and would get my vote but could we limit it to x number of resends? Otherwise it could loop for months.
I agree we don’t want links lasting more than 24 hours. There needs to be some urgency in dealing with a link thats a potentially insecure way to log in.
Anyone know if users are still logged out after a couple days?
I need to keep users logged in (forever)…like the normal login workflow. I saw the bubble team and @nickc working on a fix last year but haven’t seen an update since.
1 Like
Would be really nice to fix this
Hi there, just had a very interesting bug and also found a fix with the following flow:
- Button in front-end triggering a backend workflow through the API connector
- Creating the magic link in the backend workflow as “don’t send email, create link only” and returning the data through the “Return data” workflow action
- Opening the link returned from the API call “Result of step …” with a “Open external link”
For some reason, the link was successfully generated, but opening the link resulted in absolutely no effect.
It opened the right page (the success page), without logging the user or showing any error message. Same behaviour on another browser, or if a user was already logged in.
Opening the link multiple times also resulted in no expired error message.I found that the generated link was
https://myapp.bubbleapps.io/version-live/api...and changed it to its set domain name and removed the version path (https://myapp.com/api...) worked well.So if you’re experiencing this @ZubairLK you can try a “Find and replace” action on the generated URL.
Hi! I found a way to do it. 3 simple steps:
-
In the magic link send UTM parameter “magiclink=yes”
-
Workflow when page loads “get data from UR” => magiclink=yes
-
In the workflow, create action 1. “Assign a temporary password to the user” and 2. “Log in the user” (with “Stay logged = yes”) using the temporary password from the previous step
ps: I’ve created a condition for this Workflow “only if the user is logged in” for security reasons
ps2: the problem with this solution is that you gonna change the user password
Unfortunately no, due to the behaviour, I removed the functionality and never tried again.
@bmbroch @aestela Might be able to do it if instead you generate a code that they copy/paste back into their original browser… not the most elegant but also not out of the ordinary
Then some additional logic on the page to generate a magic login link once the code is verified and navigate to that new link. Would prob require a workaround by pinging your own app via API connector so it can return a magic login link (Only works in backend)
The thing is, in my case, we have a native app wrapped with Natively, we use deep linking and any links clicked outside from the email app work as expected (when clicked, the user is directed to the app), this doesn’t happen from email app.
If there was a way to alter the login link to be able to send the user to their system browser, that would do the trick. Or, does someone know of a free HTML email plugin? You can send the user to a different browser if you can customize HTML in your email.
Over the last couple of months I’ve been getting many enterprise users (banks, healthcare etc) and their browser security software (or firewall) is mangling the clicks, or their corporate email servers are scanning all the links before the magic link email hits their inbox making it invalid.
I use OTP as a backup, but I don’t know if there’s a way to know by the header if it’s malware scanning software, or the user who’s clicking it.