https://www.ory.sh/ logo
Join Slack
Powered by
Subject: Issue with Account Recovery API in Ory Kr...
# general
b
Subject: Issue with Account Recovery API in Ory Kratos Hi everyone, I've been working on a project using Ory Kratos for user authentication and management. While the sign-up and sign-in functionalities are working perfectly, I'm encountering an issue with the account recovery feature. Problem Description When I attempt to send a recovery email through the account recovery API, I receive a 400 error. The exact response from the API is as follows:
Copy code
{
  "error": "Bad Request",
  "message": "Invalid request"
}
What I've Tried API Endpoint and Payload: I've double-checked the API endpoint and the payload being sent. The payload structure follows the Ory Kratos documentation:
Copy code
{
  "email": "user@example.com"
}
Configuration: I have reviewed my Kratos configuration file to ensure the recovery settings are correctly configured. The 
selfservice.recovery
section is enabled. Request I would appreciate any guidance or suggestions on what might be causing this issue. Specifically: 1. Are there any common misconfigurations that could lead to this 400 error? 2. What additional steps can I take to debug this problem? 3. Are there any specific logs or configurations I should focus on? Additional Information You can find my project's configurations and code on GitHub: GitHub Repository Link. This repository includes: • 
kratos.yml
docker-compose.yml
• Application code Thank you for your help! Best regards, Tanmay Vaij @magnificent-energy-493 @steep-lamp-91158 @dazzling-napkin-4938
d
which endpoint is this? The create or update recovery flow? create recovery flow doesn’t require a payload. If it’s the update recovery flow then your payload is incorrect: https://www.ory.sh/docs/reference/api#tag/frontend/operation/updateRecoveryFlow Need more information about what exactly you’re doing, because it sounds like Bad Request is the correct response here…
Also, I’m just “Some Guy” - we use Kratos in production but I’m not on the Ory team and can only give advice on issues we’ve encountered. Recovery flow works for us, but we haven’t had a chance to implement the new native recovery flow yet
❤️ 1
b
the problem actually occurs in the .updateRecoveryFlow(), can you tell what are the exact params which i need to pass while calling this method. I am using react native
d
if you’re using React Native are you using the javascript sdk or making the http calls yourself?
are you recovering via code or link?
b
I am using the sdk, using the library @ory/client and using 'code' for the recovery
d
Update Recovery flow needs a method, and probably a csrf_token, as well as the email address
for example, our code using 
@ory/client
FrontendApi looks like this:
Copy code
kratos.updateRecoveryFlow({
  flow: flow.data.id,
  updateRecoveryFlowBody: {
    method: 'code',
    email: action.email,
    csrf_token: flow.data.ui.nodes.find((n) => n.attributes['name'] === 'csrf_token')
                  .attributes['value'],
  },
})
b
but , do we get csrf_token for a native, because i am not getting it, i think we get that in browser approach. can you please point out where i am making the mistake https://github.com/tanmayvaij/ory-native-test
d
like I said, we haven’t built the native recovery flow into our app yet. Are you getting any other information from Kratos’s response? Anything in kratos logs?
32 Views
Open in Slack
PreviousNext
Powered by