To reset a user's password using the recovery flow in Ory, you need to follow these steps: 1. The user must initiate the account recovery flow. This can be done by the user themselves or by an administrator using the admin API endpoints. 2. The system will then send a link or a one-time code to the recovery address defined by the user. This recovery address is usually the email address provided by the user during registration. 3. The user must access the link or enter the code they received to confirm their identity and ownership of the account. 4. Once the user accesses the configured recovery method, they receive a privileged session and are taken to their account's settings page. 5. On the settings page, the user must create a new password to regain access to their account. Here is an example of how to create a recovery flow using the Ory client in a React application:

tsx import {    Configuration,    FrontendApi,    RecoveryFlow,    UiNode,    UiNodeInputAttributes,   } from "@ory/client"   import {    filterNodesByGroups,    isUiNodeInputAttributes,   } from "@ory/integrations/ui"   import { useEffect, useState } from "react"   import { useSearchParams } from "react-router-dom"      const frontend = new FrontendApi(    new Configuration({    basePath: "<http://localhost:4000>", // Use your local Ory Tunnel URL    baseOptions: {    withCredentials: true, // we need to include cookies    },    }),   )      export const Recovery = () => {    const [flow, setFlow] = useState<RecoveryFlow>()    const [searchParams] = useSearchParams()       useEffect(() => {    // we can redirect the user back to the page they were on before login    const returnTo = searchParams.get("return_to")       frontend    .createBrowserRecoveryFlow({    returnTo: returnTo || "/", // redirect to the root path after login    })    .then(({ data: flow }) => {    // set the flow data    setFlow(flow)    })    .catch((err) => {    // Couldn't create login flow    // handle the error    })    }, [])

Please note that the account recovery flow doesn't reset the user's second authentication factor. For more details, you can refer to the following documentation: - [Account recovery and password reset](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset) - [Recovery flow in custom UI integration](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#recovery) - [Administrative account recovery](https://www.ory.sh/docs/kratos/manage-identities/account-recovery)

Based on the provided extracts, it's not possible to reset a password without redirection to the settings flow. The recovery flow in Ory Kratos is designed to transition into the settings flow. This is where the user can update their password. Here's a brief overview of how the process works: 1. A recovery flow is created with a

return_to

URL. 2. An email is sent with a

link

or

code

method. 3. The user completes the recovery flow by submitting the

code

or clicking the

link

. 4. The user gets a session and is redirected through the

settings

flow. 5. The user submits the

settings

flow with an updated password. 6. The user is redirected to the

return_to

URL. This process ensures that the user is authenticated and authorized to change the password, providing an additional layer of security. For more details, you can refer to the [Advanced redirects](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration#advanced-redirects) section in the Ory Kratos documentation.