**Environment**: Rize Windows `app-2.3.7` (Jan 28 2026 build), Windows 11 Pro 26200
## Repro (100%)
1. Be already signed in to rize.io in your default browser (Google SSO session active).
2. Open the Windows app and click **Sign in**.
3. Browser opens `https://app.rize.io/auth/electron` and — because you're already authed — instantly redirects to `rize://auth/?token=...` with **no user interaction in between**.
## Actual
The protocol handler spawns **two** `Rize.exe` instances; both POST the same one-time token to `/auth/magic-link/request`. First succeeds and stores credentials; second gets `Invalid token` and the error handler wipes the credentials the first instance just stored. App ends up unauthenticated (`%APPDATA%\Rize\config.json` → `authCredentials: null`) and shows the sign-in error dialog.
## Workaround
Sign out from rize.io in the browser first, then sign in from the desktop app. The Google OAuth click-through gives the desktop process enough time for its single-instance lock to bind, so the eventual `rize://` callback only spawns one instance.
## Log (`%APPDATA%\Rize\logs\main.log`, 2026-05-06 00:04:54–55)
```
00:04:54.120 [Router] Handling url: rize://auth/?token=63c7bHZGoiVRbmTfdwV-
00:04:54.150 POST /auth/magic-link/request
00:04:55.031 [Router] Handling url: rize://auth/?token=63c7bHZGoiVRbmTfdwV- ← 2nd instance, same token
00:04:55.035 POST /auth/magic-link/request
00:04:55.084 [Auth] Authentication successful → Storing credentials → Setting cookies
00:04:55.657 [error] Authentication error: Invalid token.
00:04:55.664 [Auth] Resetting credentials
00:04:55.674 [Cookies] Clearing auth credentials ← wipes credentials stored 0.59s earlier
```
Full log excerpt attached as `rize-main-log-excerpt.log`.rize-main-log-excerpt.log
56.6 KB
Please authenticate to join the conversation.
In Review
Feature Request
2 months ago

Yǔn Zhōng Lîm
Get notified by email when there are changes.
In Review
Feature Request
2 months ago

Yǔn Zhōng Lîm
Get notified by email when there are changes.