> ## Documentation Index
> Fetch the complete documentation index at: https://docs.groniz.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Activation & Login

> Expired activation links, "jwt malformed", and login API responses

## Activation link doesn't work

Activation links are short-lived JWTs. If you click an old one, or click
it twice, you'll see one of these:

* `jwt malformed` — the link is corrupted or truncated (a mail client
  inserted a line break, or you copied only part of the URL).
* `jwt expired` / abort error on `/auth/activate` — the link has
  passed its lifetime.

**Fix**

1. Request a new activation email from the login page.
2. Copy the link directly from the email rather than typing it.
3. Open it in the same browser you originally signed up in.

## Login API returns 404 or 204

When you're not logged in, calls like `GET /api/health` or
`GET /auth/me` return `204` or `404` by design — that's how the frontend
detects "no session." It is not an error.

If you're already logged in and still see 404 on these endpoints, clear
the Groniz cookies for the site and sign in again — a stale session
cookie is the usual cause.
