< magnificent energy 493> I get the following response durin Ory Community #talk-kratos

<@U011D3UQKNY>, I get the following response durin...

miniature-sunset-64101

05/18/2023, 2:46 PM

@magnificent-energy-493, I get the following response during password recovery:

Copy code

{
  "id": "browser_location_change_required",
  "code": 422,
  "status": "Unprocessable Entity",
  "reason": "In order to complete this flow please redirect the browser to: /ui/settings?flow=cba299f7-a581-487c-95ee-9cd0a374c671",
  "message": "browser location change required"
}

How can I make this not redirect to /ui/settings?flow={flow_id} and instead redirect the user to a custom ui where they can change the password on for example 'http://localhost:3000/recovery/set-password?flow={flow_id}'? All the other flows are working as expected but this recovery flow is being a problem child and the API docs don't quite explain what I need to do for each step of the process? Currently I do the following: Step 1 (on
/recovery/send-email
) :

Copy code

const ory_recovery_flow_response = await oryApiClient.createBrowserRecoveryFlow();

Step 2 (on
/recovery/verify-code
):

Copy code

oryApiClient..updateRecoveryFlow(FLOW_ID_FROM_PREVIOUS_RESPONSE, {
      method: 'code',
      csrf_token: CSRF_TOKEN_FROM_PREVIOUS_RESPONSE,
      email: RECOVERY_EMAIL
    }, undefined, COOKIE_STRING))();

Where

undefined

above is the

token

which I do not have, and do not know how to obtain. Step 3 (on
/recovery/confirmation
):

Copy code

oryApiClient..updateRecoveryFlow(FLOW_ID_FROM_PREVIOUS_RESPONSE, {
      method: 'code',
      csrf_token: CSRF_TOKEN_FROM_PREVIOUS_RESPONSE,
      code: CODE_RECIEVED_IN_EMAIL
    }, undefined, COOKIE_STRING))();

But, then ERROR

Copy code

{
  "id": "browser_location_change_required",
  "code": 422,
  "status": "Unprocessable Entity",
  "reason": "In order to complete this flow please redirect the browser to: /ui/settings?flow=cba299f7-a581-487c-95ee-9cd0a374c671",
  "message": "browser location change required"
}

^ It's at this point where I understand that: 1. The email was sent (and I received it) 2. The code was submitted and is valid 3. But then what am I supposed to do? I expect to then reset the password, but I'm told to redirect to the UI, even though we're not using the pre-built UI PS: Even if I do redirect to the pre-built UI, it starts the recovery flow all over again with a new email 🤔 Please assist, I feel like I've been here before during my client-side implementation and solved it, but can't remember how...

miniature-sunset-64101

05/18/2023, 3:25 PM

PS: I think I solved this tentatively, I needed to set the session cookie returned by the last response header before redirecting in order to allow access to the

/account-settings

page, think it's fine now, will revert back tomorrow

narrow-flower-8731

05/19/2023, 12:52 PM

I've done a hacky workaround for this (I'm using this for a native app, but native flow for recovery is not available yet). Instead of using the SDK methods for this part, I'm directly accessing the HTTP API and handling the 422 error to consider it as SUCCESS response. I'm using Java with Spring Boot 3, have attached a screenshot for the relevant code snippet.

narrow-flower-8731

05/19/2023, 12:58 PM

You can use the cookies for the

"Set-Cookies"

in the response's

Headers

to use in the

Settings

flow as your user session mechanism for changing the password.

miniature-sunset-64101

05/19/2023, 2:52 PM

^ I have done the same thing as you mentioned, in a slightly different way, but it works. Thanks for sharing @narrow-flower-8731 🙏🖖

9 Views

Open in Slack

Previous Next