Hi I m working on recovery flow for native APIs but I get a Ory Community #talk-kratos

Hi, I'm working on recovery flow for native APIs b...

shy-fish-88756

06/05/2023, 2:57 PM

Hi, I'm working on recovery flow for native APIs but I get a

Method Not Allowed

I can start a new flow at GET http://127.0.0.1:4433/self-service/recovery/api

Copy code

{
    "id": "06db2b3b-cc6b-413c-995e-72d64846e131",
    "type": "api",
    "expires_at": "2023-06-05T15:06:36.577294041Z",
    "issued_at": "2023-06-05T14:06:36.577294041Z",
    "request_url": "<http://127.0.0.1:4433/self-service/recovery/api>",
    "active": "code",

When I try to select "method: code" through POST http://127.0.0.1:4433/self-service/recoveryapi?flow=<flow-id> with body

Copy code

{
  "email": "<mailto:email@example.com|email@example.com>",
  "method": "code"
}

I get the Method Not Allowed What am I doing wrong?

dazzling-napkin-4938

06/05/2023, 10:25 PM

my understanding is that it is not currently possible to do a complete recovery flow in a native app

dazzling-napkin-4938

06/05/2023, 10:26 PM

we recently ran into the same issue - our workaround was to have our native app launch an in-app web browser to complete the flow

shy-fish-88756

06/06/2023, 6:30 AM

Thanks a lot for the reply 🙏

shy-fish-88756

06/06/2023, 6:43 AM

For anyone reading this, there's an open PR to improve this, but it hasn't been touched since it was opened a month ago https://github.com/ory/kratos/pull/3273/files Then, related issues https://github.com/ory/kratos/issues/3163 https://github.com/ory/kratos/issues/3171 https://github.com/ory/kratos/issues/2628

shy-fish-88756

06/06/2023, 6:45 AM

cc @bland-eye-99092 Is the related PR functional? Or do you still expect substantial changes?

bland-eye-99092

06/06/2023, 6:47 AM

It needs some more cleanup and tests. The actual change is pretty simple, but all those error/edge cases are a bit more complicated. And we don’t really have the capacity to finish this right now.

shy-fish-88756

06/06/2023, 6:47 AM

Thanks a lot for the quick reply

victorious-baker-16631

06/06/2023, 8:16 AM

Hi Miguel, lets have a chat about your used case? We offer professional services to accelerate our users success with Ory.

shy-fish-88756

06/06/2023, 10:32 AM

@dazzling-napkin-4938 Could you detail how exactly you succeeded with recovery flow? At which step do you open an in-app browser? For now, I'm using Postman to test After I send the code, I get this response

Copy code

{
  "error": {
    "id": "browser_location_change_required",
    "code": 422,
    "status": "Unprocessable Entity",
    "reason": "In order to complete this flow please redirect the browser to: /settings?flow=17aee486-1ecd-4f30-a5ae-07a5046c614e",
    "message": "browser location change required"
  },
  "redirect_browser_to": "/settings?flow=17aee486-1ecd-4f30-a5ae-07a5046c614e"
}

But I can't open on my computer browser

localhost:4433/settings?flow=17aee486-1ecd-4f30-a5ae-07a5046c614e

nor

<http://localhost:4434/admin/settings?flow=17aee486-1ecd-4f30-a5ae-07a5046c614e>

Both return Error 404. I probably need some session token.

shy-fish-88756

06/06/2023, 10:36 AM

This looks like what's mentioned in https://github.com/ory/kratos/issues/2628#issuecomment-1428097843

we can't get the
POST /self-service/recovery
endpoint to return a
session token
. It's instead returning a
session cookie
.

[...]

We have to keep the
session cookie
around on mobile for the subsequent /settings requests to change the users password, and then re-login to return to using a
session token
.

Is that also your solution?

dazzling-napkin-4938

06/06/2023, 11:56 PM

We do the entire recovery flow in an in-app browser using the web UI we already have

dazzling-napkin-4938

06/06/2023, 11:56 PM

user taps “forgot password”, app pushes to a new screen with a web browser

dazzling-napkin-4938

06/06/2023, 11:57 PM

to do the entire flow

shy-fish-88756

06/07/2023, 6:19 AM

Thanks!

2 Views

Open in Slack

Previous Next