Most up to date method of avoiding email prefetching for magic links/OTP from Microsoft Outlook?
Hi, I've been attempting to enable magic links via email and I've tried implementing solutions to prevent magic links from expiring due to Outlook's Safe Links and other email prefetching. I tried the solutions from the documentation (https://supabase.com/docs/guides/auth/auth-email-templates#email-prefetching) and this reddit post (https://www.reddit.com/r/Supabase/comments/1f610fv/outlook_preclicking_links_causing_recover/lnx24kh/) but Outlook seems to click the buttons on the confirmation page as well.
More specifically, I've tried:
* Not using a confirmation page and directly embedding the
{{ .ConfirmationUrl }}
* Using a confirmation page with an <a/> tag and passing the {{ .ConfirmationUrl }} through a query parameter
* Using a confirmation page with an <a/> tag and passing the {{ .TokenHash }} through a query parameter
* Using a confirmation page with a <button onClick={() => /* ... navigation code ... */}/> and passing the {{ .TokenHash }} through a query parameter
All the solutions work with Gmail and none work with Outlook. Outlook seems to be smart enough to click the button on the confirmation page no matter what form it's in. I was wondering if anyone else was running into this issue and had other solutions, before I give up on magic links entirely and switch to OTP codes or another solution.Reddit
kynetyk-42's comment on "Outlook pre-clicking links causing recover...
Explore this conversation and more from the Supabase community
Email Templates | Supabase Docs
Learn how to manage the email templates in Supabase.
2 Replies
I have not seen anyone post the "click button" thing about outlook. I've seen no other suggestions here or Github. OTP seems pretty low friction these days after OAuth as far as what I encounter on the web.
Darn, oh well. Thanks for letting me know, I'll switch to another solution for now.