Hi @puriarte ,
It sounds like the user’s email client may be opening the link by default. If you can narrow it down to this issue, and your users aren’t able to adapt to it, you may need to switch to OTPs instead of links.
Here are a couple of threads that describe this issue:
Hi there, we use passwordless-email auth. One of our customers has some awful “Mimecast” security software, it runs all emailed links through a proxy. This breaks passwordless login for them; I think because the link-protection software tries to generate a preview and thus consumes the token, and then the user’s browser visits the link but it’s already been visited.
Does anyone have any suggestions to work around this? Is there a way to allow emailed links to be used twice?
We get lots of reports from users, who are using corporate e-mail domains, failing to sign up and login with the passwordless login mechanism on our application. They receive our login e-mail, but when they click the link, they’re not able to complete the process. It’s like the token had expired immediately.
If I look into the logs, I see several instances of “Failed Login (wrong password)” (but also “Success Exchange” and “Success Login”) so I’m not sure what is happening. A friend tells me th…