https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> what is the use of recovery token a...
# ory-copilot
l
@chilly-king-10285 what is the use of recovery token after passed-challenge state recovery flow?
c
A message from kapa.ai
The recovery token is used in the 
passed_challenge
state of the recovery flow. According to the [Ory API Reference](https://www.ory.sh/docs/reference/api), this token is expected to be sent in the URL query. The 
passed_challenge
state does not have any API capabilities. If the recovery token is valid, the server responds with a HTTP 303 See Other redirect to the Settings UI URL and instructs the user to update their password. If the recovery token is invalid (e.g., expired), the server redirects to the Recover UI URL with a new Recovery Flow ID, which contains an error message that the recovery link was invalid. Please note that the recovery token completes the recovery request and is usually set in a link, not used by any direct API call.
l
@chilly-king-10285 I don't want automatic settings flow redirect instead want to create settings flow manually?
c
A message from kapa.ai
Sure, you can manually create a settings flow using the Ory API. There are two methods available for this: 1. Create Settings Flow for Browsers: This endpoint initializes a browser-based user settings flow. The endpoint is 
GET /self-service/settings/browser
. Once initialized, the browser will be redirected to 
selfservice.flows.settings.ui_url
with the flow ID set as the query parameter 
?flow=
. If no valid Ory Kratos Session Cookie is included in the request, a login flow will be initialized. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). 2. Create Settings Flow for Native Apps: This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. The endpoint is 
GET /self-service/settings/api
. You must provide a valid Ory Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call 
/self-service/settings/flows?flow=<flow_id>
. More information can be found at [Ory Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). Please note that you should not use the second endpoint in client-side or server-side browser applications as it can make you vulnerable to a variety of CSRF attacks. It should only be used in scenarios such as native mobile apps.
9 Views
Open in Slack
PreviousNext
Powered by