Using the user-permissions plugin, I enabled the confirmation email and it works just fin when subscribing using a gmail account. Unfortunately, my app is made for my university and users might subscribe using their university mail (microsoft). It seems that the university has a security bot the validates links before the users get the mail, so when a user gets to click on the link it has expired because the bot used it and the account is confirmed already.
Any suggestion on how to prevent this? I was think captcha v3 could prevent the bot from validating the confirmation code, but I am not sure how to add this since the page is generated by the plugin (cms_url…/api/auth/email-confirmation) .
I could also just rewrite the confirmation manually to send a 6 digit random code and have the user input it, but that feels like too much rewriting for an existing system.
This topic has been created from a Discord post (1222218609623826432) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord