OTP and Magic Link expiration

You can change how long a user can use an OTP or a Magic Link to log in by changing the passwordless_code_lifetime core configuration value. This value is set in milliseconds and defaults to 900000 (15 minutes).

caution

Each new OTP / magic link generated, either by opening a new browser or by clicking on the "Resend" button, will have a lifetime as per the passwordless_code_lifetime setting.

With Docker
Without Docker
Managed Service

docker run \
  -p 3567:3567 \
  -e PASSWORDLESS_CODE_LIFETIME=60000 \
  -d registry.supertokens.io/supertokens/supertokens-<db name>

# You need to add the following to the config.yaml file.
# The file path can be found by running the "supertokens --help" command

passwordless_code_lifetime: 60000

Navigate to your SuperTokens managed service dashboard, and click on the Edit Configuration button.
In there, change the values of the following fields, and click on save.

passwordless_code_lifetime: 60000