Safelinks process

Problem Statement

Some email clients “pre-click” links in emails to visit them and see if they are malicious. This behavior triggers the email verification flow, and when the actual user clicks the link, they receive an error.

Symptoms

Tickets links being pre-traveled before the actual user can click them

Cause

This happens because a GET request is made to the ticket URL, and once the ticket is consumed, it’s not possible to retry it when using one-time email verification links. Security software that pre-travels verification links consume the ticket URL before the end-user has a chance to use it.

Steps to Reproduce

Pre-travel the link(Just click it twice to see the error the end-user sees)

Solution

As of July 2022, the behavior described in this post is now the default for all Auth0 tenants, old and new. There should be no need to request this feature be enabled for your tenant. If you are experiencing any unexpected behaviors, please open a support ticket or a new thread here in the Community.

References

1 Like