Self Hosted Password Reset Link Expired (Mimecast)
We’ve built an application that uses a self-hosted Supabase instance, and we’ve run into an issue with the default password-reset email.
Because Supabase sends a single-use link for password resets, our users behind Mimecast are finding that the link has already been consumed by the time they open the email. It appears Mimecast is pre-scanning or “clicking” the link to check it for safety, which triggers the one-time token before the user ever sees it.
Has anyone else experienced this behaviour, or found a good workaround for password resets when using Supabase with Mimecast (e.g. multi-use links, custom reset flow, or alternative verification method)?
Thanks in advance for any advice!
Because Supabase sends a single-use link for password resets, our users behind Mimecast are finding that the link has already been consumed by the time they open the email. It appears Mimecast is pre-scanning or “clicking” the link to check it for safety, which triggers the one-time token before the user ever sees it.
Has anyone else experienced this behaviour, or found a good workaround for password resets when using Supabase with Mimecast (e.g. multi-use links, custom reset flow, or alternative verification method)?
Thanks in advance for any advice!
