The error message you're seeing, "browser_location_change_required", is usually sent when an AJAX request indicates that the browser needs to open a specific URL. This is most likely used in Social Sign In flows. The error message is instructing you to redirect the browser to the URL provided in the "redirect_browser_to" field of the error response. In this case, you should redirect the browser to:

<http://localhost/settings?flow=926d0e43-16db-4970-a0d0-168c0f822502>

This redirection is required to complete the flow that you're currently in. For more information, you can refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api) and [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings).

The error message you're seeing is related to the recovery flow in Ory. The recovery flow allows users to recover access to their accounts. When a recovery flow is submitted successfully, a session is issued to the application. This allows the user to reset their password and update their profile information on the settings page. The error message is instructing you to redirect the browser to the URL provided in the "redirect_browser_to" field of the error response. This redirection is required to complete the recovery flow. Here's how the recovery flow works: 1. The user initiates the recovery flow. 2. The system sends a link or a one-time code to the recovery address defined by the user. 3. The user must access the link or enter the code they received to confirm their identity and ownership of the account. 4. When the user accesses the configured recovery method, they receive a privileged session and are taken to their account's settings page where they must create a new password to regain access to their account. You can find more information about the recovery flow in the [Ory Kratos Documentation](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset).

In the API flow, a session is not created until the user successfully logs in. When a user authenticates, for example by signing in with their username and password, they receive a session. The session is proof that the user is authenticated and allows them to interact with the system without the need to re-authenticate for every request. For native applications, which use the API flows, cookies are not set. Instead, upon successful login, Ory issues a session token that can be used to authenticate subsequent requests to Ory. If you're seeing the "browser_location_change_required" error during the recovery flow in a native application, it might be because the recovery flow is trying to redirect the user to a web page to complete the recovery process. This is typical behavior for web-based flows, but for API flows in native applications, you should handle the redirection within your application. You can find more information about session management in Ory in the [Ory Kratos Documentation](https://www.ory.sh/docs/kratos/session-management/overview) and about the API flows in the [Ory Kratos Bring-your-own-ui Documentation](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#native-application).