OTP and Magic Link expiration

You can change how long a user can use an OTP or a Magic Link to log in by changing the passwordless_code_lifetime core configuration value. This value is set in milliseconds and defaults to 900000 (15 minutes).

caution

Each new OTP / magic link generated, either by opening a new browser or by clicking on the "Resend" button, will have a lifetime as per the passwordless_code_lifetime setting.

docker run \
  -p 3567:3567 \
  // highlight-start
  -e PASSWORDLESS_CODE_LIFETIME=60000 \
  // highlight-end
  -d registry.supertokens.io/supertokens/supertokens-<db name>