Hi. I’m working on error handling in the custom login UI, and I have a few questions about the possible 4xx errors. For the Get Login Flow endpoint, when do the following errors occur? • 403 ◦ CSRF error? • 404 • 410 ◦ Is this the “`self_service_flow_expired`: The flow is expired and you should request a new one” case? • What is the status code for the

session_already_available

error? For the Submit Login Flow endpoint, what are the status codes for the following errors? • `session_already_available`: The user is already signed in. • `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. • `security_identity_mismatch`: The requested ?return_to address is not allowed to be used. Adjust this in the configuration! • I assume the

410

status will be a similar error to that in the Get Flow endpoint. Thanks.

Hi @flat-flower-81031 Great questions! We have a document about error ids here: https://www.ory.sh/docs/kratos/concepts/ui-user-interface#ui-error-codes We also have a nice example of handling the errors within a Nextjs application using Ory Elements here https://github.com/ory/elements/blob/main/examples/nextjs-spa/src/pkg/hooks.tsx And in an Express application here https://github.com/ory/kratos-selfservice-ui-node/blob/master/src/routes/login.ts#L21 • 404 could happen if the SDK url is incorrect (this should never happen) • 410 is when the flow expires • 400 for various reasons, could be

session_already_available

• 403 session not available, csrf errors

This is great. Thank you 🙏 .

before I forget: correction: • 404 can also happen if the flow ID isn't found in the database