Hey everyone, I am encountering an issue for using custom ui with recovery flow redirection. Our Ory Api endpoint is configured to https://auth.our-domain.co.uk, and our custom UI base URL is set to https://enterprise.our-domain.co.uk/auth/ After the user submits the recovery code, we get this response.

{
  "error": {
    "id": "browser_location_change_required",
    "code": 422,
    "status": "Unprocessable Entity",
    "reason": "In order to complete this flow please redirect the browser to: <https://auth.our-domain.co.uk/auth/settings?flow=f601c736-fd5e-4d89-ac92-1ea8e4f694df>",
    "message": "browser location change required"
  },
  "redirect_browser_to": "<https://auth.our-domain.co.uk/auth/settings?flow=f601c736-fd5e-4d89-ac92-1ea8e4f694df>"
}

I understand that we are supposed to parse the error and redirect the user according to the

redirect_browser_to

field of the response. However, the response is pointing to the Ory API URL instead of the custom UI URL, so that the browser fails to displays the page and shows 404. If we manually modify it to https://enterprise.our-domain.co.uk/auth/settings?flow=f601c736-fd5e-4d89-ac92-1ea8e4f694df, it does work. We reckon this is probably an Ory configuration mistake on our part. Would love to hear your insights on this.

Hi DJIMERA, thank you for sharing your chat history with Jonas. I have went through it thoroughly. It was very insightful and also confused me even more at the same. I reckon our scenarios are different because in our case we are creating the browser flow, while in your case an API flow. Based on my interpretation of Jonas' messages, I think it's expected when doing a browser recovery flow, we encounter the 422 error and follow the link provided in the error message. This is how it's implemented in the Ory examples. We also had production code using this method before and it was working fine. I spent some time to look into the "Native Recovery flows". feature toggle you suggested. With that enabled, when completing a recovery flow, we do get a settings flow id in the

continue_with

(but not the full link). So technically we can make it work by crafting the URL manually in the application. However in the description it says it is intended for "recovery flows on mobile applications". So I'm not centain if it is appropriate to use in our scenario, which is a browser environment. To sum up, we have two questions for the Ory engineers. 1. Is it by design that we go through the 422 error when completing a browser recovery flow? 2. If so, how can we modify the

redirect_browser_to

URL in the 422 error response?