Activation link doesn’t work
Activation links are short-lived JWTs. If you click an old one, or click it twice, you’ll see one of these:jwt malformed— the link is corrupted or truncated (a mail client inserted a line break, or you copied only part of the URL).jwt expired/ abort error on/auth/activate— the link has passed its lifetime.
- Request a new activation email from the login page.
- Copy the link directly from the email rather than typing it.
- Open it in the same browser you originally signed up in.
Login API returns 404 or 204
When you’re not logged in, calls likeGET /api/health or
GET /auth/me return 204 or 404 by design — that’s how the frontend
detects “no session.” It is not an error.
If you’re already logged in and still see 404 on these endpoints, clear
the Groniz cookies for the site and sign in again — a stale session
cookie is the usual cause.