Usefulness of 24 hour Token Login link expiration

Hi all!

On today’s Round Up call there were some questions around the expiration period of Token Login (Magic Links) and if it could be changed from the hard coded amount of 24 hours.

The duration of 24 was originally selected as a balance between usefulness (give CHW time to click) and security (anyone who clicks the link will be immediately logged in). While each link can only be used once, maybe there is interest in the community in this 24 hour expiration being longer?

We’d love to hear about use cases where this comes up in the field.

Also note - it is trivial for CHT admins to resend login links if needed - it’s just a single click on that user’s profile in the CHT Admin!

1 Like