It appears that issues with redirects after completing the recovery flow are a known challenge in Ory Kratos and Ory Network, especially when two-factor authentication (2FA) is enabled or when using custom redirect URLs. Here are some key points from the knowledge sources: 1. Default Recovery Flow Behavior: After a successful recovery, Ory Kratos does a 303 redirect to the Settings UI URL, not to a custom redirect URL. The documentation explicitly states: > The Post-Recovery redirect isn't supported and will automatically redirect the user to the Settings UI URL. Use the Post-Settings redirect for Post-Recovery flows. [Browser redirects and flow completion](https://www.ory.sh/docs/concepts/redirects#redirect-flows) 2. Known Issues and Workarounds: - There are multiple reports that setting

selfservice.flows.recovery.after.default_browser_return_url

does not work as expected. Users are always redirected to the settings page, and custom redirects are not respected. - Some users have implemented a workaround by performing a manual redirect from the settings page after checking the source of the redirect, but this is not ideal and results in an extra, unnecessary step for the user. - The only reliable way to control the final redirect is to set the redirect after the settings flow, not directly after recovery. [Github Issue: Recovery flow redirect after success not working as expected](https://github.com/ory/kratos/issues/2371) 3. 2FA and Redirects: - If 2FA is enabled, the flow may redirect the user through login and settings, and the original

return_to

parameter may not be respected or carried over, resulting in the user staying on the settings page after password change. [Github Issue: Recovery flow with Two-Factor does not respect

return_to

](https://github.com/ory/network/issues/222) 4. Allowed Redirect URLs: - If you are using Ory Network, make sure that all UI URLs (including settings and recovery) are included in the allowed return URLs. Otherwise, redirects may be blocked, resulting in an error screen. [Github Issue: redirect to /ui/settings is not allowed for recovery flow when 2FA is enabled](https://github.com/ory/network/issues/363) Summary of what you can do: - Double-check that your settings and recovery UI URLs are included in the allowed return URLs. - Understand that the recovery flow will always redirect to the settings UI, and only after completing the settings flow (e.g., after changing the password) can you control the final redirect. - If you need a custom redirect after recovery, implement it after the settings flow, not directly after recovery. - If you are seeing an error screen, it may be due to a missing allowed return URL or a misconfiguration in the UI URLs. If you need more granular control over redirects, you may need to implement a workaround in your settings UI to perform a manual redirect after the user completes the required action. If you are still seeing errors after checking these points, please provide the exact error message or screen for further troubleshooting. References: [Browser redirects and flow completion](https://www.ory.sh/docs/concepts/redirects#redirect-flows) [Github Issue: Recovery flow redirect after success not working as expected](https://github.com/ory/kratos/issues/2371) [Github Issue: Recovery flow with Two-Factor does not respect

return_to

](https://github.com/ory/network/issues/222) [Github Issue: redirect to /ui/settings is not allowed for recovery flow when 2FA is enabled](https://github.com/ory/network/issues/363)