Based on the knowledge sources, I can see you're trying to implement a passwordless registration flow using one-time codes (OTC) for Enterprise SSO users in Ory Network. From reviewing the available information, there are a few potential issues that could be causing your 502 Bad Gateway errors: 1. Implementation of the registration flow: When using the code method for registration, you need to ensure you're following the correct API structure. According to the API reference, when updating a registration flow with the code method, you need to include: -

method: "code"

-

traits

(containing the user's identity traits) - The OTC code received via email - CSRF token 2. Potential issues with account linking: The issue you referenced (#400) discusses problems with account linking when using SSO, particularly when an organization's OIDC connection has been removed and recreated. This might be related to your situation if you're trying to link accounts. 3. Passwordless one-time code configuration: Make sure you've properly enabled passwordless one-time codes in your project configuration. As mentioned in the [Passwordless documentation](https://www.ory.sh/docs/kratos/passwordless/one-time-code), you need to set:

selfservice:   methods:     code:       passwordless_enabled: true

4. Known issues with onSubmit handling: There appears to be a known issue with the

onSubmit

method not being called when using passwordless one-time codes with the

UserAuthCard

component, as mentioned in [issue #386](https://github.com/ory/network/issues/386). If you're using Ory Elements, this might be affecting your implementation. 5. Custom identity schema configuration: If you're using a custom identity schema, ensure it's properly configured for passwordless authentication. Unfortunately, the knowledge sources don't provide specific information about 502 Bad Gateway errors in this context or a complete example of the registration flow with one-time codes. I would recommend: 1. Double-check your API request structure against the [API reference](https://www.ory.sh/docs/reference/api) 2. Ensure your SMTP provider is correctly configured for reliable email delivery 3. Consider using the Ory CLI to check your configuration and logs for more detailed error information 4. If possible, try implementing the flow using the

UserAuthForm

with

AuthCodeSection

instead of

UserAuthCard

as mentioned in issue #386 If the problem persists, you might want to share more details about your specific implementation in the Ory Community Slack for more targeted assistance.

Based on the code you've shared, I can see some issues with your implementation of the registration flow using one-time codes. The sequence you're using has some correct elements, but there are a few problems: 1. The 400 response is expected - This is actually normal behavior when requesting a code. According to the [Kratos API documentation](https://www.ory.sh/docs/kratos/reference/api), a 400 status code is returned when the flow is not yet complete but the code has been sent. This is a known behavior that has caused confusion for many developers, as mentioned in a [GitHub issue](https://github.com/ory/kratos/issues/4052). 2. Flow reuse approach - Your approach of getting the flow again with

getRegistrationFlow

is correct, as you need to continue with the same flow. 3. Missing required fields - In your second request, you're including the correct fields (

method

,

code

,

traits

,

csrf_token

), which matches the [API reference for updateRegistrationFlow](https://www.ory.sh/docs/reference/api). The 502 Bad Gateway error you're encountering is not specifically documented in the knowledge sources, but it suggests there might be an issue with the backend service rather than your implementation. Here's what I recommend: 1. Make sure you're using the most recent flow ID and CSRF token from the response to your first request, not from the original flow creation. 2. Double-check that your

traits

object contains all required fields according to your identity schema. 3. Try implementing the flow using the updated SDK methods as shown in the [SDK V1 upgrade guide](https://www.ory.sh/docs/guides/upgrade/sdk-v1#frontend-apis):

javascript // Create flow const flow = await ory   .frontend.createBrowserRegistrationFlow()   .then(({ data }) => data)  // Update flow to request code await ory.frontend.updateRegistrationFlow({   flow: flow.id,   updateRegistrationFlowBody: {     method: "code",     traits: { email },     csrf_token: flow.ui.nodes.find(n => n.attributes.name === "csrf_token")?.attributes.value   } })  // After receiving code, complete registration await ory.frontend.updateRegistrationFlow({   flow: flow.id,   updateRegistrationFlowBody: {     method: "code",     code: receivedCode,     traits: { email },     csrf_token: flow.ui.nodes.find(n => n.attributes.name === "csrf_token")?.attributes.value   } })

If you continue to experience 502 errors, it might be related to server-side issues or configuration problems that aren't directly related to your code implementation. In that case, I'd recommend reaching out to Ory support through their Slack community for more specific assistance.