Help Center
← Back to all posts

Outlook Safe Links breaks PhotoAI magic-login links with `Invalid or expired login token`

## Summary

PhotoAI magic-login links fail when opened through Microsoft Outlook Safe Links. Clicking the Outlook-wrapped link redirects to PhotoAI, but PhotoAI shows `Invalid or expired login token`. Requesting a fresh login email, copying the Safe Links URL without opening it, extracting the original `https://photoai.com/?login_token=...` URL from the Safe Links `url=` parameter, and opening that original URL directly works.

This suggests the Outlook Safe Links wrapper, scanner, or redirect flow is consuming or invalidating PhotoAI's one-time login token before the user can use it.

## Environment

- Email client/provider: Microsoft Outlook
- Link wrapper: Microsoft Safe Links, `*.safelinks.protection.outlook.com`
- Browser: Chrome
- PhotoAI login method: email magic-login link
- Account context: paid `Starter` plan

## Steps to Reproduce

1. Request a PhotoAI login email using an Outlook email address.
2. Open the login email in Outlook.
3. Click the PhotoAI login link as presented by Outlook.
4. Outlook opens a Safe Links URL and redirects to `https://photoai.com/?login_token=...`.
5. PhotoAI displays `Invalid or expired login token`.

## Actual Result

PhotoAI rejects the token and displays:

```text
Invalid or expired login token. Try logging in again
```

The user cannot log in by clicking the email link normally from Outlook.

## Expected Result

The emailed login link should successfully log the user into PhotoAI, even when the email is opened from Outlook with Safe Links enabled.

If Safe Links or email scanners are known to invalidate one-time links, PhotoAI should provide a login flow that remains reliable for Outlook users, such as:

- A token that is not consumed by link prefetch/scanning.
- A confirmation page with a user action before consuming the token.
- A fallback code-based login flow.
- Clear instructions for Outlook users.

## Confirmed Workaround

1. Request a fresh login email.
2. Do not click the Outlook Safe Links URL.
3. Copy the link address from Outlook.
4. Extract the original PhotoAI URL from the Safe Links `url=` query parameter.
5. Open the original `https://photoai.com/?login_token=...` URL directly.

Using this workaround, login succeeds.

Please authenticate to join the conversation.

Upvoters
Status

Under Review

Board

πŸ“Έ Photo AI

Date

About 2 hours ago

Subscribe to post

Get notified by email when there are changes.