Anyone has encountered these before when updating password:

time=2023-04-03T18:54:55Z level=info msg=Encountered self-service settings error. audience=audit error=map[message:named insert: ERROR: insert or update on table "identity_verification_codes" violates foreign key constraint "identity_verification_codes_identity_verifiable_addresses_id_fk" (SQLSTATE 23503) stack_trace:stack trace could not be recovered from error type *fmt.wrapError]

Hmm, did you run the SQL migrations? Could you add some context? • I see this is happening on the settings flow, did you create a custom identity? • Did you recently upgrade Kratos with existing users? • Did you create the user using the admin api?

@proud-plumber-24205

Hmm, did you run the SQL migrations?

Yes as init container

I see this is happening on the settings flow, did you create a custom identity?

We have a fairly basic identity with email (marked as credential identifier), first name, last name

Did you recently upgrade Kratos with existing users?

No we didn't, same issue happened over time with a clean database

Did you create the user using the admin api?

Yes we did. Create via admin API, perform recovery, perform password reset, then the database gets corrupted. It may be due to a race condition in the recovery process. We have a post recovery hook with can_interrupt and response.parse, which uses the patch entity admin API to update this user's public_metadata (because modifying entity from the recovery hook is not supported)

🤔 Does the error happen when you remove the recovery hook? Maybe when creating the Identity for some reason by accident the verified address field is specified as an empty array? or object? https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#importing-verified-addresses

Does the error happen when you remove the recovery hook?

The error doesn't always happen which makes it hard to debug. I will keep monitoring, I guess when our devs implementing it in the frontend we have some more data.

Maybe when creating the Identity for some reason by accident the verified address field is specified as an empty array? or object?

We don't specify verified addresses field in the payload at all