some-bear-63847
06/21/2024, 10:26 AMbland-eye-99092
06/21/2024, 10:30 AMlink
recovery, but for code
it was never there. Nothing changed in Kratos v1.2. in that regard.
The security issue is, that we need to invalidate the link after it has been visited, because otherwise, someone could obtain the link, and get a valid session out of it. However, email scanners sometimes open links in emails to check their content, invalidating the recovery link, making recovery not possible for some users.
For verification (I assume you mean that by ValidationURL
), this is not the case, so it won't go away.some-bear-63847
06/21/2024, 10:33 AM