Skip to main content

OTP and Magic Link expiration

You can change how long a user can use an OTP or a Magic Link to log in by changing the passwordless_code_lifetime core configuration value. This value is set in milliseconds and defaults to 900000 (15 minutes).

caution

Each new OTP / magic link generated, either by opening a new browser or by clicking on the "Resend" button, will have a lifetime as per the passwordless_code_lifetime setting.

docker run \
-p 3567:3567 \
-e PASSWORDLESS_CODE_LIFETIME=60000 \
-d registry.supertokens.io/supertokens/supertokens-<db name>
Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react