Problem statement
Users see the below error when clicking on the unblock link they receive in the email that’s triggered by Brute-Force Protection. However, if checking the user profile, the account was unblocked.
The URL can be used only once
Steps to reproduce
- Enable brute force protection.
- Trigger brute force protection as a test user.
- Use the unblock link sent to their email.
- Due to Safelinks or something similar, the email client must have consumed the link. And you get the “This URL may only be consumed once” error page.
- But the user is already unblocked.
Solution
Our engineering team is aware of this issue, and there is a backlog item to track this progress. We currently don’t have a workaround, but we will update this FAQ once further progress is available.