Skip to content

Microsoft's link checker using user's recovery token by browsing to url #14478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
samip5 opened this issue May 12, 2025 · 2 comments
Open

Microsoft's link checker using user's recovery token by browsing to url #14478

samip5 opened this issue May 12, 2025 · 2 comments
Labels
bug Something isn't working

Comments

@samip5
Copy link
Contributor

samip5 commented May 12, 2025

Describe the bug
I think this shouldn't happen that when user gets their recovery url, and Microsoft verifies the link, it shouldn't use the token.

To Reproduce
Steps to reproduce the behavior:

  1. Try to reset password with an email address on O365
  2. See that the Microsoft link checker thing checks it
  3. Try to use it after it was checked
  4. See that you're unable to use the token as Microsoft's automation used it already

Expected behavior
I would have expected Microsoft's link checker to not count as using the link.

Screenshots

Image

Version and Deployment:

  • authentik version: 2025.2.3
  • Deployment: docker-compose
@samip5 samip5 added the bug Something isn't working label May 12, 2025
@dominic-r
Copy link
Contributor

Duplicate of #13805

@dominic-r
Copy link
Contributor

Closed by #14325

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samip5 @dominic-r