Week in review
This week we improved the reliability of the sign-in callback flow.Bug fixes
-
Auth callback handles missing authorization codes gracefully — Previously, if the OAuth callback was reached without a valid authorization code, the endpoint could return an error. Now it redirects you to the sign-in page with a clear message instead. This makes the sign-in experience more resilient when browser extensions, network issues, or expired links interfere with the OAuth flow. Learn more
-
Auth callback rate limit removed — The OAuth callback endpoint no longer applies per-IP rate limiting. Rate limits on this endpoint could block legitimate sign-in attempts when multiple users shared the same IP address (for example, in office networks). Sign-in rate limits still apply to the login form itself.
Last modified on April 16, 2026