Solved User invite token: "Please note that the invite link will expire in 7 days."
-
That's not true. I clicked on the link in the mail 5 days later:
"Invalid or Expired Invite Link"Next try with a fresh token in 3 days
Pronouns: he/him | Primary language: German
-
Looking at the code, the user invite token is valid indeed only for 24h while the password reset token is valid for 7 days.
I wonder if either values are good, but at least both should be aligned to be more consistent in what people can expect.
Any input on expiration time?
-
I think the invite links are only valid for 24 hours.
-
Looking at the code, the user invite token is valid indeed only for 24h while the password reset token is valid for 7 days.
I wonder if either values are good, but at least both should be aligned to be more consistent in what people can expect.
Any input on expiration time?
-
- If there is a valid time frame of 24 hours, the information in the email must reflect the same time frame. Currently, there is the information about "will expire in 7 days".
- There is no best time frame. IMHO 24 hours is good for most use cases. But I've heard of admins sending emails to new users on Friday and getting mails in their helpdesk the next Monday about invalid tokens. So maybe 72 hours?
If it is feasible, we should add a variable to the time frame token and allow the admin to set the value.
-
I've synced the expiration now to 7 days to keep changes low until we have a reason to change it
Instead of making it configurable I would prefer a sensible default, since so far no-one else has complained.
