Hello guys ! Small questions regarding the passwor...
# support-questions-legacyr
ronflai
02/09/2023, 10:40 AMHello guys ! Small questions regarding the passwordless flow. When a user do multiple login attempts and so received multiples login links in his email account, he can still click on the first generated link. Why the first link is not invalide ?
r
rp_st
02/09/2023, 10:43 AMHey @
rp_st
02/09/2023, 10:43 AMHey @ronflai
rp_st
02/09/2023, 10:43 AMThat’s unexpected.
rp_st
02/09/2023, 10:44 AMThe first link should be valid
rp_st
02/09/2023, 10:44 AMWe only revoke passwordless links if any one of them is successfully consumed or has expired.
r
ronflai
02/09/2023, 11:01 AM@Hey @rp_st Thanks for the reply. Ok but if the user has requested 2 links within the same hour and he did not click on any oh those links, he can still click on the oldest one ?
r
rp_st
02/09/2023, 11:02 AMYes
r
ronflai
02/09/2023, 11:03 AMand why ?
ronflai
02/09/2023, 11:04 AMis there a way to invalide the old one even if he did not clicked on any link ?
r
rp_st
02/09/2023, 11:06 AMWhy - cause it’s a better UX
rp_st
02/09/2023, 11:07 AMand yes you can invalidate the older one by overriding the create code function on the backend to fetch all the codes for the input email and revoke them.
rp_st
02/09/2023, 11:08 AM@porcellus can help with code snippet if you tell us which backend SDK is being used.
r
ronflai
02/09/2023, 11:09 AMThanks for the answer @rp_st we are using the python passwordless sdk
p
porcellus
02/09/2023, 12:09 PMhi
porcellus
02/09/2023, 12:10 PMyou can check here for information about overriding functions: https://supertokens.com/docs/emailpassword/advanced-customizations/backend-functions-override/usage
porcellus
02/09/2023, 12:10 PMI'll come up with a code snippet shortly 🙂
porcellus
02/09/2023, 12:42 PMSo you'd need something like this:
Copy code
py
from supertokens_python import init, InputAppInfo
from supertokens_python.recipe import passwordless
from supertokens_python.recipe.passwordless.interfaces import CreateCodeOkResult
from supertokens_python.recipe.passwordless.interfaces import RecipeInterface
from typing import Union, Dict, Any
def override_passwordless_functions(original_implementation: RecipeInterface):
original_create_code = original_implementation.create_code
async def create_code(
email: Union[None, str],
phone_number: Union[None, str],
user_input_code: Union[None, str],
user_context: Dict[str, Any],
) -> CreateCodeOkResult:
await original_implementation.revoke_all_codes(email, phone_number, user_context)
return await original_create_code(email, phone_number, user_input_code, user_context)
original_implementation.create_code = create_code
return original_implementation
init(
app_info=InputAppInfo(api_domain="...", app_name="...", website_domain="..."),
framework='...',
recipe_list=[
passwordless.init(
contact_config=...,
flow_type="...",
override=passwordless.InputOverrideConfig(
functions=override_passwordless_functions
)
)
]
)porcellus
02/09/2023, 12:42 PMthis will call
revoke_all_codesporcellus
02/09/2023, 12:43 PMBtw, you can also control how long the magic links are valid if that's the basis of this issue.