MITRA
Book a meeting
← All postsAuth

Invite links without the pain

Owen BodleyJanuary 15, 20264 min read

Invite links are deceptively tricky. They land on a public URL, carry a secret, and need to authenticate a brand-new account — all before the user has ever seen the product. The usual answer is "put the token in a query param and call it a day", but that leaks the token to every server log and referrer in the chain.

The hash is a feature

We moved the token into the URL hash. Hashes never reach the server, so SSR can render the public conference page without knowing anything about the invite. The browser then reads the hash, posts it to /auth/invitations/redeem-complete, and clears the fragment on success.

One prompt, two entry points

A single InviteRedemptionPromptComponent is mounted inside both the authenticated shell and the public event page. It subscribes to NavigationEnd, dedupes on a cached token, and works whether the user lands on /c/:slug, /app/..., or anywhere in between.

One file, two mount points, and the invite flow finally stopped being the scary part of the codebase.