mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-07-16 05:54:01 +03:00
🐛 Bug Report: invalid login codes sent by the administrator to the email address #597
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @FolkiDevv on GitHub (Jan 7, 2026).
Reproduction steps
Administration -> Users -> (select any user) -> Login Code -> Send Email
Expected behavior
The user clicks on the link in the email and successfully logs into their account in the system.
Actual Behavior
The user clicks on the link in the email, and a page opens with the error message “One time access code must be used on the device it was generated for. Please try again.”.
Pocket ID Version
v2.1.0
Database
SQLite
OS and Environment
Docker on Ubuntu 24, served using Traefik v3.6.1
Log Output
The IP address and domain have been replaced with placeholders.
@gymnae commented on GitHub (Jan 8, 2026):
Just ran into this bug as well
@owenvoke commented on GitHub (Jan 9, 2026):
Also just hit this issue. It looks like this should be fixed by
03f9be0d12though in the next release. 👀 🙌🏻As a temporary workaround, I found that I could either:
device_token = nullon the entries@stonith404 commented on GitHub (Jan 11, 2026):
Thanks for reporting this, this should be fixed in
03f9be0d12, I'll create a release today.@ptath commented on GitHub (Jan 21, 2026):
Same problem on latest pocket-id version
Sending email code via https://mydomain/api/one-time-access-email and "One time access code must be used on the device it was generated for. Please try again."
PS Oops, it looks like these methods are only intended for admins
Is there no way to request a one‑time code for user via the API?