[Outlook specific issue] Magic link not working if opening by clicking the link
Closed this issue · 3 comments
I am using the "New Outlook" Windows application which is going to replace Windows Mail app in the future.
When I clicked on the link to login, I got redirected to https://www.referalah.com/?error=unauthorized_client&error_code=401&error_description=Email+link+is+invalid+or+has+expired#error=unauthorized_client&error_code=401&error_description=Email+link+is+invalid+or+has+expired instead of logging in.
I went back to the old Mail app and tried again, and it worked smoothly. I doubt that the New Outlook app might perform some security check or preview thing when I clicked on the link, so the link was already triggered before the new tab got opened.
I suggest that the magic link should not be sent to user via email directly, we may setup a new page with a single button 'you can sign in now' which contain the magic link, and the email will send the link to that page. In this way, we can prevent the magic link got triggered by email client and expired before user able to login.
Supabase suggests this method as well: https://supabase.com/docs/guides/platform/going-into-prod#email-link-validity
I encountered this issue when in my uni FYP. Microsoft will click the link to check the link is safe or not.
Did you set "not spam" to the email in your old app ?
I already added the referalah email to the whitelist, and turned off preview link feature, but the issue still exist. Not sure if there is an option for the new outlook app to disable link checking.
And for the old mail app, I just used the default setting.
In both cases, the email already located in Inbox but not Junk when I clicked on the link, and actually I tried copying the link instead of clicking it, it works. So the link check by outlook is performed on the time I clicked the link, not when I open or receive the email. It might not related to whether it is identified as spam or not.
This issue should be fixed. We use one time password instead of magic link. This avoid the unstable link.