Validate Link and Session
When a user opens the magic link, the portal validates the token and creates a session.
What happens
- Magic link token is checked for validity and expiry.
- User email is matched to an authorized client identity.
- Session cookie or token is issued.
- User is redirected to dashboard.
TTL details (code-grounded)
- Magic-link token purpose:
developer_portal_login; expires in 30 minutes. - Session token purpose:
developer_portal_session; expires in 24 hours. - Expired or malformed token returns
401. - Valid token with unauthorized client/email access returns
403.
Troubleshooting
- Expired link: request a new magic link.
- Unauthorized email: contact portal admin to grant access.
- Browser cookie blocked: allow cookies for portal domain.