Passwordless/verify is not working for unique email + verification_code combination

Hi Team,

/passwordless/verify API is working when an email have one verification code. When user tries to have more than one verification_code for same email, API throws “invalid_user_password” error for all the links except the last created one.

This was working fine when I worked on this API three months back. Any assistance is much appreciated - thank you in advance.



Howdy @merzzrc,

If I understand you correctly, this is intended functionality.

From this doc:

Only the last one-time password (or link) issued will be accepted. Once the latest one is issued, any others are invalidated. Once used, the latest one is also invalidated.

If this is something you would like to give feedback on that can be done here.


1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.