After the recovery flow successfully verifies the code, a session is issued to the application. This allows the user to reset their password and update their profile information on the settings page. For browser applications, they are automatically redirected to the settings page, while native applications must take the user to the settings page. Here is the relevant extract from the documentation: "The recovery flow allows users to recover access to their accounts and is used in conjunction with the settings flow. When a recovery flow is submitted successfully, a session is issued to the application. This allows the user to reset their password and update their profile information on the settings page. Browser applications are automatically redirected to the settings page, while native applications must take the user to the settings page." [source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#recovery)

For native applications, the process is slightly different. Native applications must use the API flows which don't set any cookies. The response contains all data required to render the UI. On successful login, Ory issues a session token that can be used to authenticate subsequent requests to Ory. Here is the relevant extract from the documentation: "Native applications must use the API flows which don't set any cookies. The response contains all data required to render the UI. On successful login, Ory issues a session token that can be used to authenticate subsequent requests to Ory." [source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#native-application) For creating a recovery flow in a native application, you should use the

/self-service/recovery/api

endpoint. Here is an example of how to create a recovery flow:

bash curl -H 'Content-Type: application/json' \    -H 'Accept: application/json' \    -c cookies.txt \    "https://{project.slug}.<http://projects.oryapis.com/self-service/recovery/api|projects.oryapis.com/self-service/recovery/api>"

[source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#create-recovery-flow) After the recovery flow is successfully completed, you need to manually take the user to the settings page where they can reset their password and update their profile information.

When the recovery flow successfully verifies the code in a native application, the response contains a

recovery_link

with the flow ID and a

recovery_code

. The user must access the link and enter the recovery code in the form available at the link. The response also includes an

expires_at

field indicating the expiry time of the recovery link. Here is an example of the response:

json {    "recovery_link": "/ui/recovery?flow=79686c66-e427-4c1b-861e-083572f97964",    "recovery_code": "76453943",    "expires_at": "2022-10-25T03:09:37.60684766Z"   }

After successfully recovering their account, users can connect to a social sign-in provider or create a new password. [source](https://www.ory.sh/docs/kratos/manage-identities/account-recovery#response)

Hmm, I don't know enough to give you a confident answer yet. The extracts provided do not specify whether a session token is provided immediately after the recovery code is verified for a native application. For more detailed information, you may want to refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/).

Based on the provided extracts, there is no automatic redirection to the settings flow for native applications after the recovery code is verified. The Post-Recovery redirect isn't supported and will automatically redirect the user to the Settings UI URL only for browser applications. For native applications, you would need to manually handle the redirection to the settings flow in your application logic. Here is the relevant extract from the documentation: "The Post-Recovery redirect isn't supported and will automatically redirect the user to the Settings UI URL. Use the Post-Settings redirect for Post-Recovery flows." [source](https://www.ory.sh/docs/concepts/redirects#verification-recovery-and-logout)

The endpoint for initiating a recovery flow for native applications in Ory is:

GET /self-service/recovery/api

Here is the relevant extract from the documentation: "Native applications must use

/self-service/recovery/api

." [source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#recovery)

To verify the code for native applications, you need to submit a POST request to the

/self-service/recovery

endpoint. Here is the relevant extract from the documentation: "The last step is to submit the recovery flow with the user's email. To do that, send a POST request to the

/self-service/recovery

endpoint." [source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#submit-recovery-flow) Here is an example of how to submit the recovery flow:

bash curl -X POST \    -H 'Content-Type: application/json' \    -H 'Accept: application/json' \    -d '{"method":"link","email":"[email protected]","csrf_token":"your-csrf-token"}' \    "https://{project.slug}.<http://projects.oryapis.com/self-service/recovery?flow=<your-flow-id|projects.oryapis.com/self-service/recovery?flow=<your-flow-id>>"

[source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#submit-recovery-flow) Please replace

[email protected]

,

your-csrf-token

,

{project.slug}

, and

<your-flow-id>

with your actual values.

Based on the provided extracts, there isn't a specific endpoint mentioned for verifying the recovery code for native applications. The extracts mention initiating the recovery flow and submitting the recovery flow, but they do not provide explicit details about an endpoint for verifying the recovery code. For more detailed information, you may want to refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/).

To verify the recovery code for a native application recovery flow, you need to submit a POST request to the

/self-service/recovery

endpoint with the method set to

code

and the received code. Here is an example of how to submit the recovery flow:

bash curl -X POST \    -H 'Content-Type: application/json' \    -H 'Accept: application/json' \    -d '{"method":"code","email":"[email protected]","csrf_token":"your-csrf-token", "code":"your-recovery-code"}' \    "https://{project.slug}.<http://projects.oryapis.com/self-service/recovery?flow=<your-flow-id|projects.oryapis.com/self-service/recovery?flow=<your-flow-id>>"

[source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#submit-recovery-flow) Please replace

[email protected]

,

your-csrf-token

,

your-recovery-code

,

{project.slug}

, and

<your-flow-id>

with your actual values. Note: The provided extracts do not explicitly mention the

code

field in the request body for the recovery endpoint. This is an inferred step based on the information available. For more accurate information, please refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/).