[GH-ISSUE #6907] [Bug] Incorrect Redirect URL for Web Login #3059

New issue

Closed

opened 2026-03-23 21:27:17 +00:00 by mirror · 6 comments

mirror commented 2026-03-23 21:27:17 +00:00

Owner

Copy link

Originally created by @indigomado on GitHub (Dec 2, 2024).
Original GitHub issue: https://github.com/AppFlowy-IO/AppFlowy/issues/6907

Originally assigned to: @speed2exe, @qinluhe on GitHub.

Bug Description

When attempting to log in through the web version of AppFlowy using the magic link, the redirect URL in the verification email points to a mobile app URL scheme (appflowy-flutter://). This causes the user to be redirected to the mobile app, which prevents the user from completing the login process on the web platform.

How to Reproduce

1. On the web platform, input your email and click "Continue".
2. Open the magic link sent to your email.
3. The link contains a redirect URL (redirect_to=appflowy-flutter://).
4. The redirect fails or causes incorrect behavior in the web browser, as the URL is intended for mobile use.

Expected Behavior

The magic link should redirect the user to a web-based login page (e.g., https://yourwebapp.com/login-success), allowing the user to complete the login process on the web platform.

Operating System

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

AppFlowy Version(s)

0.7.5

Screenshots

No response

Additional Context

No response

Originally created by @indigomado on GitHub (Dec 2, 2024). Original GitHub issue: https://github.com/AppFlowy-IO/AppFlowy/issues/6907 Originally assigned to: @speed2exe, @qinluhe on GitHub. ### Bug Description When attempting to log in through the web version of AppFlowy using the magic link, the redirect URL in the verification email points to a mobile app URL scheme (appflowy-flutter://). This causes the user to be redirected to the mobile app, which prevents the user from completing the login process on the web platform. ### How to Reproduce 1. On the web platform, input your email and click "Continue". 2. Open the magic link sent to your email. 3. The link contains a redirect URL (redirect_to=appflowy-flutter://). 4. The redirect fails or causes incorrect behavior in the web browser, as the URL is intended for mobile use. ### Expected Behavior The magic link should redirect the user to a web-based login page (e.g., https://yourwebapp.com/login-success), allowing the user to complete the login process on the web platform. ### Operating System Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 ### AppFlowy Version(s) 0.7.5 ### Screenshots _No response_ ### Additional Context _No response_

mirror closed this issue 2026-03-23 21:27:17 +00:00

mirror commented 2026-03-23 21:27:18 +00:00

Author

Owner

Copy link

@qinluhe commented on GitHub (Dec 3, 2024):

Our cloud will limit the domain name whitelist of front-end applications. For test.appflowy.cloud, it can accept localhost domain names, but beta.appflowy.cloud only accepts appflowy.com domain names. Other domain names that do not meet the requirements will be opened to the client in a unified manner on the backend. Is this logic correct? @speed2exe

<!-- gh-comment-id:2513437007 --> @qinluhe commented on GitHub (Dec 3, 2024): Our cloud will limit the domain name whitelist of front-end applications. For `test.appflowy.cloud`, it can accept `localhost `domain names, but `beta.appflowy.cloud` only accepts `appflowy.com `domain names. Other domain names that do not meet the requirements will be opened to the client in a unified manner on the backend. Is this logic correct? @speed2exe

mirror commented 2026-03-23 21:27:18 +00:00

Author

Owner

Copy link

@qinluhe commented on GitHub (Dec 3, 2024):

Are you using self hosted or magic link login from appflowy.com?

<!-- gh-comment-id:2513453357 --> @qinluhe commented on GitHub (Dec 3, 2024): Are you using self hosted or magic link login from appflowy.com?

mirror commented 2026-03-23 21:27:18 +00:00

Author

Owner

Copy link

@indigomado commented on GitHub (Dec 3, 2024):

您是否使用 appflowy.com 的自托管或魔术链接登录？

I conducted local testing and logged into the web app using localhost:3000.

Below are my environment variable settings:

AF_WS_URL=wss://test.appflowy.cloud/ws/v1
AF_BASE_URL=https://beta.appflowy.cloud
AF_GOTRUE_URL=https://beta.appflowy.cloud/gotrue

Let me know if you need any further adjustments!

<!-- gh-comment-id:2513464006 --> @indigomado commented on GitHub (Dec 3, 2024): > 您是否使用 appflowy.com 的自托管或魔术链接登录？ I conducted local testing and logged into the web app using localhost:3000. Below are my environment variable settings: AF_WS_URL=wss://test.appflowy.cloud/ws/v1 AF_BASE_URL=https://beta.appflowy.cloud AF_GOTRUE_URL=https://beta.appflowy.cloud/gotrue Let me know if you need any further adjustments!

mirror commented 2026-03-23 21:27:18 +00:00

Author

Owner

Copy link

@qinluhe commented on GitHub (Dec 3, 2024):

AF_BASE_URL=https://beta.appflowy.cloud/ AF_GOTRUE_URL=https://beta.appflowy.cloud/gotrue to
AF_BASE_URL=https://test.appflowy.cloud/ AF_GOTRUE_URL=https://test.appflowy.cloud/gotrue

beta.appflowy.cloud does not allow localhost access, we restrict web access to the whitelisted *appflowy.com

<!-- gh-comment-id:2513466026 --> @qinluhe commented on GitHub (Dec 3, 2024): `AF_BASE_URL=https://beta.appflowy.cloud/ AF_GOTRUE_URL=https://beta.appflowy.cloud/gotrue` to `AF_BASE_URL=https://test.appflowy.cloud/ AF_GOTRUE_URL=https://test.appflowy.cloud/gotrue` beta.appflowy.cloud does not allow localhost access, we restrict web access to the whitelisted *appflowy.com

mirror commented 2026-03-23 21:27:18 +00:00

Author

Owner

Copy link

@speed2exe commented on GitHub (Dec 3, 2024):

@MADAOKAKU
The default URL schema is appflowy-flutter://
Due to security reason, only certain URL are valid to be redirected to after authentication, if invalid, it will fallback to this URL.
If you are doing local testing, this is expected.
For testing purposes, after receive the email, you should copy the url, change the redirect_to to http://yourhost/auth/callback

<!-- gh-comment-id:2513473136 --> @speed2exe commented on GitHub (Dec 3, 2024): @MADAOKAKU The default URL schema is `appflowy-flutter://` Due to security reason, only certain URL are valid to be redirected to after authentication, if invalid, it will fallback to this URL. If you are doing local testing, this is expected. For testing purposes, after receive the email, you should copy the url, change the `redirect_to` to `http://yourhost/auth/callback`

mirror commented 2026-03-23 21:27:18 +00:00

Author

Owner

Copy link

@indigomado commented on GitHub (Dec 3, 2024):

@speed2exe Thank you! I'll close this issue.

<!-- gh-comment-id:2513654354 --> @indigomado commented on GitHub (Dec 3, 2024): @speed2exe Thank you! I'll close this issue.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

copilot/fix-date-format-issue

feat/mention_a_person

merge_upstream_v6

mobile/release/0.9.3

release/0.9.3

release/0.9.2

select_source

release/0.9.1

refactor_import_data

release/0.8.9.1

release/0.8.9

anon_user_mode

release/0.8.8

fix_windows_selection

release/0.8.7

annieappflowy-patch-1

windows_local_ai

release/0.8.6

release/0.8.5

release/0.8.4

chore/optional-response-format

release/0.8.3

release/0.8.2

release/0.8.1

release/0.8.0

release/0.7.9

feat/support-rename-workspace

chat_rag_only

calculate_ui_test

release/0.7.8

release/0.7.7

stringfi_cells

hotfix/0.7.5

release/0.7.4

client-api-update

feat/collab-editing

fix_calculation_bug

feat/upload-file-in-document

update-client-api

feat/support-global-comment-on-web

update-client-api-2

feat/support-duplicate-publish-on-web

feat/ai-plan-billing

chore/test-web-deploy

chore/enable-billing-for-testing

build/test

ai_tag_feature

chore/enable-billing-plan

feat/billing-client-windows

chore/support-openai-chat

fix/try-no-media-kit

sign-in-error-format

workspace-invite-ci-test

last-workspace

workspace-invite-wip

feat/date-text-input

appflowy_v1

0.11.1

0.11.0

0.10.9

0.11.2

0.10.7

0.10.6

0.10.5

0.11.3

0.11.4

0.10.8

0.10.4

0.10.3

0.10.2

0.10.0

0.10.1

0.9.9

0.9.8

0.9.7

0.9.5

0.9.6

0.9.4

0.9.3

0.9.2

0.9.1

0.9.0

0.8.9

0.8.8

0.8.7

0.8.6

0.8.5

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.9

0.7.8

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.9

0.6.8

0.6.7.2

0.6.7.1

0.6.7

0.6.6

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

v0.6.1

0.6.0

0.5.9

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.9

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.9.1

0.3.9

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

0.3.0

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

0.0.9.1

0.0.9

0.0.8.1

0.0.8

0.0.7.1

0.0.7

0.0.6.2

0.0.6.1

0.0.6

0.0.6_beta.1

0.0.5.3

0.0.5.2

0.0.5.1

0.0.5

0.0.5_beta.2

0.0.5_beta.1

0.0.4

0.0.4_beta.3

0.0.4_beta.2

0.0.4_beta.1

0.0.3

0.0.3_beta.2

0.0.3_beta.1

0.0.2

0.0.1

Labels

Clear labels   

2024

  

2025

  

2026

  

acct mgmt

  

AI

  

automation

  

bug

  

calendar

  

ci

  

CJK

  

cloud

  

code-block

  

collaboration

  

copy-paste

  

database

  

data migration

  

data sync

  

deploy

  

desktop

  

develop

  

develop

  

documentation

  

duplicate

  

editor

  

editor-plugin

  

emoji

  

export

  

files

  

flutter-only

  

follow-up

  

formula

  

good first issue for devs

  

good first issue for experienced devs

  

grid

  

hacktoberfest

  

HACKTOBERFEST-ACCEPTED

  

help wanted

  

i18n

  

icons

  

images

  

importer

  

improvements

  

infra

  

install

  

integrations

  

IR

  

kanban board

  

login

  

look and joy

  

mentorship

  

mobile

  

mobile

  

needs design

  

new feature

  

new feature

  

non-coding

  

notes

  

notifications

  

onboarding

  

organization

  

P0+

  

permission

  

platform-linux

  

platform-mac

  

platform-windows

  

plugins

  

program

  

pull-request

Mirrored from GitHub Pull Request

  

Q1 25

  

Q1 26

  

Q2 24

  

Q2 25

  

Q3 24

  

Q3 25

  

Q4 24

  

Q4 25

  

react

  

regression

  

rust

  

rust

  

Rust-only

  

Rust-only

  

Rust-starter

  

Rust-starter

  

self-hosted

  

shortcuts

  

side panel

  

slash-menu

  

sync v2

  

table

  

tablet

  

task

  

tauri

  

templates

  

tests

  

themes

  

translation

  

v0.5.6

  

v0.5.8

  

v0.5.9

  

v0.6.0

  

v0.6.1

  

v0.6.4

  

v0.6.7

  

v0.6.8

  

v0.7.1

  

v0.7.4

  

v0.7.4

  

v0.7.5

  

v0.7.6

  

v0.7.7

  

v0.7.8

  

v0.8.0

  

v0.8.4

  

v0.8.5

  

v0.8.9

  

web

No labels

2024

2025

2026

acct mgmt

AI

automation

bug

calendar

ci

CJK

cloud

code-block

collaboration

copy-paste

database

data migration

data sync

deploy

desktop

develop

develop

documentation

duplicate

editor

editor-plugin

emoji

export

files

flutter-only

follow-up

formula

good first issue for devs

good first issue for experienced devs

grid

hacktoberfest

HACKTOBERFEST-ACCEPTED

help wanted

i18n

icons

images

importer

improvements

infra

install

integrations

IR

kanban board

login

look and joy

mentorship

mobile

mobile

needs design

new feature

new feature

non-coding

notes

notifications

onboarding

organization

P0+

permission

platform-linux

platform-mac

platform-windows

plugins

program

pull-request

Q1 25

Q1 26

Q2 24

Q2 25

Q3 24

Q3 25

Q4 24

Q4 25

react

regression

rust

rust

Rust-only

Rust-only

Rust-starter

Rust-starter

self-hosted

shortcuts

side panel

slash-menu

sync v2

table

tablet

task

tauri

templates

tests

themes

translation

v0.5.6

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.4

v0.6.7

v0.6.8

v0.7.1

v0.7.4

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.8.0

v0.8.4

v0.8.5

v0.8.9

web

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

AppFlowy-IO/AppFlowy#3059

No description provided.