hey just wondering what the recommended approach i...
# general
d
hey just wondering what the recommended approach is for handling 403
session_refresh_required
responses when updating Settings flows in a single page app? We can check for this error ID and route the app to perform a refresh login flow. But what’s the recommended way of getting back to the settings flow? This information isn’t in the error payload, and the
redirect_browser_to
field has a Kratos URL, eg:
Copy code
"redirect_browser_to": "<http://KRATOS/self-service/login/browser?refresh=true>\u0026return_to=http%3A%2F%2FKRATOS%2Fself-service%2Fsettings%3Fflow%3Df96a92d9-06d3-473d-9df4-58e5eba810f1"
Are we supposed to parse this URL ourselves, extract and parse the
return_to
, convert it to a route in our SPA? We can’t use as-is because it will cause a bunch of page reloads which we don’t want in an SPA.
I would have thought Kratos would set a return_to to our actual app’s settings URL in this case, but it wants to redirect via a kratos frontend URL first
the example React Native UI also doesn’t handle the 403 redirect, it just logs the user out: https://github.com/ory/kratos-selfservice-ui-react-native/blob/master/src/helpers/form.tsx#L153