dmitriim
commented
1 month ago Hi @Altheran88,
Please reread README file. In particular steps 6-8. If you set up everything correctly, users can't call auth_userkey_request_login_url wsfunction. You should have "a system user" for that.
Hope that helps.
Could anyone with access to the wsfunction "auth_userkey_request_login_url" obtain a working login URL for any user provided they guess their email adress ? Isn't it a HUGE security issue ? Or is their something I am missing and there are ways to secure this API function ?