Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> During verification flow, when we update the verification flow in the kratos with the code method, can we get the code that is being sent to the email?

No, the Ory Kratos API does not provide the verification code that is sent to the user's email during the verification flow. The code is sent directly to the user's email and is not exposed in the API response for security reasons. The user is expected to check their email and enter the code in the verification form.  When you update the verification flow with the `code` method, you should not include the email field in the request body. If a code was already sent, including the email field in the payload will invalidate the sent code and re-send a new code.   Here is an example of how to update the verification flow:  ```json {   "method": "code",   "csrf_token": "your-csrf-token" } ```  In this example, `csrf_token` is the anti-CSRF token, which is only required for browser login flows. The `method` field should be set to `code` to use the code verification method.  For more information, refer to the [Ory Kratos API Reference](<https://www.ory.sh/docs/kratos/reference/api>).