|
|
|
|
|
|
by greengreengrass
3 days ago
|
|
|
Or, even easier, just make the call idempotent. The user doesn’t know anything and doesn’t have extra clicks, and it doesn’t matter much if the mail client actually did the “confirming” given it’s proven the email address is valid at that point. The token was recently used? No problem! Must be a duplicate click, or a refresh, or the user left the browser tab open and their mobile device refreshed when they reopened the browser app, etc. |
|
|