I need to know if I'm doing something
I need to know if I'm doing something wrong with convex auth. When I configure Resend for Magic Link, the client can enter an incorrect email address and it will still be added to the user table, which, in my opinion, should only contain users who have already clicked on the magic link at least once.
This way, a client can abuse this and overload my table with incorrect data.
3 Replies
Magic link will create a user and then send the email, you aren't using it wrong. You could set up a global rate limit if you're concerned about this being abused, but for what it's worth I haven't heard of it being a common issue for Convex Auth users.
Global rate limit could be set up with the Rate Limit component and Convex Auth's
createOrUpdateUser() callback.Thanks for the response.
So i imagine that i need to add also a cron job to delete all the unverified emails (from the emailVerificationTime field) of the users table ?
Yeah if you find in practice that they're stacking up you could use a cron to handle clean up.