I m getting an unexpected response whilst using the `updateR Ory Community #talk-kratos

I'm getting an unexpected response whilst using th...

miniature-sunset-64101

03/31/2023, 1:37 PM

I'm getting an unexpected response whilst using the

updateRecoveryFlow

function in the ory-client SDK for JavaScript. I can see in the network tab the request goes as follows:

Copy code

{
  "csrf_token": "oCJ6a700PweBaPPHVdagxBErBWbP0xf9UEt0keCjF5c7QRi15fUart4tZyU5Topd6OYHMyhlg8qWDpR4Cyyqzg==",
  "code": "565775",
  "method": "code",
  "email": "<mailto:mcq29944@omeie.com|mcq29944@omeie.com>"
}

But regardless of the code value, whether the correct one from the email received or any random value, I always get the success response with the state of `sent_email`:

Copy code

{
  "id": "dceeeb30-937d-4de4-bc48-e258690d41d7",
  "type": "browser",
  "expires_at": "2023-03-31T14:09:47.653731Z",
  "issued_at": "2023-03-31T13:09:47.653731Z",
  "request_url": "<http://localhost:4000/self-service/recovery/browser>",
  "active": "code",
  "ui": {
    "action": "<http://localhost:4000/self-service/recovery?flow=dceeeb30-937d-4de4-bc48-e258690d41d7>",
    "method": "POST",
    "nodes": [
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "csrf_token",
          "type": "hidden",
          "value": "67iiFTH56ANkSAA1U3pmc2qgYUCs3GRdnRicBvyq9nNw28DLaTjNqjsNlNc/4kzqk21jFUtq8GpbXXzvFyVLKg==",
          "required": true,
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {}
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "code",
          "type": "text",
          "required": true,
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {
          "label": {
            "id": 1070006,
            "text": "Verify code",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "method",
          "type": "hidden",
          "value": "code",
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {}
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "method",
          "type": "submit",
          "value": "code",
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {
          "label": {
            "id": 1070005,
            "text": "Submit",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "code",
        "attributes": {
          "name": "email",
          "type": "submit",
          "value": "<mailto:mcq29944@omeie.com|mcq29944@omeie.com>",
          "disabled": false,
          "node_type": "input"
        },
        "messages": [],
        "meta": {
          "label": {
            "id": 1070008,
            "text": "Resend code",
            "type": "info"
          }
        }
      }
    ],
    "messages": [
      {
        "id": 1060003,
        "text": "An email containing a recovery code has been sent to the email address you provided. If you have not received an email, check the spelling of the address and make sure to use the address you registered with.",
        "type": "info",
        "context": {}
      }
    ]
  },
  "state": "sent_email"
}

There is no error in the response, the status is 200, but it doesn't continue to the

passed_challenge

state as expected. What am I missing here? I'm trying to build a custom UI, and all the flows are working well, except this one. Not sure if I'm missing something or if the endpoint is behaving weirdly CC: @magnificent-energy-493

bland-eye-99092

03/31/2023, 3:07 PM

The documentation isn’t great here, but in essence: If the

email

is present in the body, a new email is sent, regardless of whether a code was sent or not. Removing the email should work.

miniature-sunset-64101

03/31/2023, 4:12 PM

Awesome sauce, I have removed the email from the request, and I now get this:

Copy code

{
  "error": {
    "id": "browser_location_change_required",
    "code": 422,
    "status": "Unprocessable Entity",
    "reason": "In order to complete this flow please redirect the browser to: /ui/settings?flow=da66a4dc-997e-4c92-ba03-3eff3d649f80",
    "message": "browser location change required"
  },
  "redirect_browser_to": "/ui/settings?flow=da66a4dc-997e-4c92-ba03-3eff3d649f80"
}

Is it not possible to reset the password with AJAX? I will redirect for now, but this means that part of the flow won't have my custom UI. Also, please note that the

ui_nodes

in the

sent_email

response contains an

email

node, you may want to remove that from the response, since if one iterates over the

ui_nodes

to build a form, the email gets included unless explicitly removed

bland-eye-99092

03/31/2023, 4:13 PM

Is it not possible to reset the password with AJAX?

Not yet. We’re working on it though.

ui_nodes
in the
sent_email
response contains an
email
node,

That node is of type

submit

which should be rendered as a form submit button and can be used to re-send the code.

bland-eye-99092

03/31/2023, 4:13 PM

Hence, the behavior you observed.

miniature-sunset-64101

03/31/2023, 4:16 PM

OK cool, I just performed the redirect and I got returned to my UI with an active session, I suppose a workaround for now is to use that session and the Settings Flow to update the password. Thank you for the assistance 🤘🖖

4 Views

Open in Slack

Previous Next