By default, the authorization links that you send to your users are not limited in use, and do not "expire," but you can change that configuration so that the links expire after being used twice.
From the management dashboard:
- Select Settings> Security
- Under "Account Security," select the checkbox for "Invalidate magic sign-in links after use" and Save.
Authorization links generated after this box has been checked (but not before) will log the user in exactly twice, then will no longer allow the user to log in. This gives the user a chance to use it for their first login, plus one more time, before the link is deactivated.