Token Validity

You can specify how many times a token can be used with the “Token Validity” option, which was added in version 1.8.

If you want to remove the validity limit, you can enter 0. However, we don’t recommend this option when combined with tokens that have long lifetimes.

Is this secure?

Yes! Even if a token can be used more than once, it still respects the lifespan. If you are not setting “0” as TTL (which means the token never expires) it’s safe.

Originally, magic login only allowed to use a link once, but we see various cases (antivirus software that simulates the link clicking behavior, mobile browser preview feature when tapping a link too long) where it’s better to support validity options.