Skip to main content
Activation links are short-lived JWTs. If you click an old one, or click it twice, you’ll see one of these:
  • jwt malformed — the link is corrupted or truncated (a mail client inserted a line break, or you copied only part of the URL).
  • jwt expired / abort error on /auth/activate — the link has passed its lifetime.
Fix
  1. Request a new activation email from the login page.
  2. Copy the link directly from the email rather than typing it.
  3. Open it in the same browser you originally signed up in.

Login API returns 404 or 204

When you’re not logged in, calls like GET /api/health or GET /auth/me return 204 or 404 by design — that’s how the frontend detects “no session.” It is not an error. If you’re already logged in and still see 404 on these endpoints, clear the Groniz cookies for the site and sign in again — a stale session cookie is the usual cause.