diff --git a/package-lock.json b/package-lock.json
index e69944e..6d75c7a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -18707,7 +18707,7 @@
     },
     "package": {
       "name": "@userfront/toolkit",
-      "version": "1.0.9-alpha.1",
+      "version": "1.0.9-alpha.2",
       "license": "MIT",
       "dependencies": {
         "@r2wc/react-to-web-component": "^2.0.2",
diff --git a/package/package-lock.json b/package/package-lock.json
index 43d2d1f..66d083a 100644
--- a/package/package-lock.json
+++ b/package/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@userfront/react",
-  "version": "1.0.9-alpha.1",
+  "version": "1.0.9-alpha.2",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "@userfront/react",
-      "version": "1.0.9-alpha.1",
+      "version": "1.0.9-alpha.2",
       "license": "MIT",
       "dependencies": {
         "@r2wc/react-to-web-component": "^2.0.2",
diff --git a/package/package.json b/package/package.json
index 2d66e0f..53d1d8f 100644
--- a/package/package.json
+++ b/package/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@userfront/toolkit",
-  "version": "1.0.9-alpha.1",
+  "version": "1.0.9-alpha.2",
   "description": "Bindings and components for authentication with Userfront with React, Vue, other frameworks, and plain JS + HTML",
   "type": "module",
   "directories": {
diff --git a/package/src/forms/UniversalForm.jsx b/package/src/forms/UniversalForm.jsx
index 9608653..a566ac1 100644
--- a/package/src/forms/UniversalForm.jsx
+++ b/package/src/forms/UniversalForm.jsx
@@ -553,6 +553,7 @@ const componentForStep = (state) => {
 
     // Already logged in - for forms on pages without redirect-on-load
     case "alreadyLoggedIn":
+    case "initRefreshTokens":
     case "refreshTokens":
       return {
         title: strings.general.welcome,
diff --git a/package/src/models/forms/universal.ts b/package/src/models/forms/universal.ts
index 026918a..69875d4 100644
--- a/package/src/models/forms/universal.ts
+++ b/package/src/models/forms/universal.ts
@@ -365,7 +365,7 @@ const universalMachineConfig: AuthMachineConfig = {
 
         // If there's already a user refresh their tokens, proceed.
         {
-          target: "refreshTokens",
+          target: "initRefreshTokens",
           cond: "isLoggedIn",
         },
 
@@ -397,6 +397,20 @@ const universalMachineConfig: AuthMachineConfig = {
       ],
     },
 
+    initRefreshTokens: {
+      always: [
+        // Try to use the query params if they exist
+        {
+          target: "handleLoginWithLink",
+          cond: "hasLinkQueryParams",
+        },
+        // If no query params, proceed refreshing tokens
+        {
+          target: "refreshTokens",
+        },
+      ],
+    },
+
     refreshTokens: {
       invoke: {
         // Update the tokens
@@ -699,6 +713,11 @@ const universalMachineConfig: AuthMachineConfig = {
           },
         ],
         onError: [
+          // If logged in go to refresh tokens
+          {
+            target: "refreshTokens",
+            cond: "isLoggedIn",
+          },
           // If there was a problem logging in with the link token and uuid,
           // go back to first factor selection and show the error.
           // Mark the query params invalid, so we don't infinitely retry them.