Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I am trying to implement an email recovery in my browser app using the one-time-token, but I cannot seem to get the last step to work. I create a Recovery flow and then update it using the email, provided by the user. This leads to the email, being sent with the code and then I try to update the flow again, this time with the code instead of the email. However, I receive an 422 error  'In order to complete this flow please redirect the browser to: /reset-password?flow=646b01c7-3460-4de2-9745-4096193e0983'.   /reset-password is the "settings" url I have setup in the Ory console, but the url in the error also contains a specific settings flow id and I don't understand where it comes from. I have not been able to locate in anywhere in the response from the first recovery flow update nor the recovery flow itself. Any help would be greatly appreciated.