Different behaviours can be see for links that are invalid on Magic link

[aaujayasena]

Describe the issue: Two different behaviours can be see for links that are invalid

• For linked that already used - Navigate ti authentication error page

• Link that expired (5minutes) - Navigate to login page a again

How to reproduce: Scenarios 01

1. Login to the management console
2. Create application with authentication steps as Magic links.
3. Login to the application with identifiers 1st authentication.
4. Get the received link and login
5. Log out
6. Login again with same link

Scenarios 02

1. Login to the management console
2. Create application with authentication steps as Magic links.
3. Login to the application with identifiers 1st authentication.
4. Login with the link after expired time exceed (5 minutes)

Expected behavior: Have same behaviours for links that are invalid. Better to navigate authentication error page

Environment information (Please complete the following information; remove any unnecessary fields) :

• Product Version: IS 6.0.0-beta
• OS: Mac
• Database: MSSQL
• Userstore: JDBC

---

Optional Fields

Related issues:

Suggested labels:

[Avarjana]

Both the scenarios should have a similar handling mechanism with OIDC response. Following are the reasons for current behaviour,

• Expired link: Link will be checked against the cached entry and validate if it is expired.
• Used link: Try to get the cache entry to validate. Since the cache is cleared after the first attempt, context will be null.

Suggestion to fix (Will not be addressed ATM)

• Handle the null context in the used link scenario by sending additional required parameters with the magic link.
• Send a redirect url along with the magic link to redirect on failure to get context. (This can be captured without context)