To redirect a browser to the verification flow when a user has an unverified email, you can use Ory’s built-in configuration and flow handling: 1. Enable Verification Requirement: In the Ory Console, go to Authentication → Account verification and enable Require Verified Address for Login. This ensures that users with unverified emails are prompted to verify before they can log in. You can also do this via the CLI by adding the

require_verified_address

hook to the login flow. 2. Automatic Redirection on Login: When a user with an unverified email tries to log in, Ory will automatically redirect the browser to the verification flow. For HTML form submissions, the

/self-service/login

endpoint responds with an HTTP 302 redirect to the verification flow. For SPA or native clients, the API responds with a 400 error containing a

continue_with

field, which includes the verification flow URL. You can use this URL to redirect the user in your application logic. Example error response for SPA/native clients:

json    {      "id": "session_verified_address_required",      "code": 400,      "status": "Bad Request",      "reason": "Your account's email or phone address are not verified yet. Please check your email or phone inbox or re-request verification.",      "details": {        "continue_with": [          {            "action": "show_verification_ui",            "flow": {              "id": "7f4dfb3b-c3cc-4e35-9f09-286b09e77beb",              "verifiable_address": "<mailto:user@example.com|user@example.com>",              "url": "https://<your-slug>.<http://projects.oryapis.com/verification?flow=7f4dfb3b-c3cc-4e35-9f09-286b09e77beb|projects.oryapis.com/verification?flow=7f4dfb3b-c3cc-4e35-9f09-286b09e77beb>"            }          }        ]      },      "message": "your email or phone address is not yet verified"    }

You should redirect the browser to the

url

provided in the

continue_with

field to start the verification flow for the user’s email address. 3. Manual Redirection: If you want to manually trigger the verification flow, you can initialize it by redirecting the browser to the

/self-service/verification/browser

endpoint. This will start a new verification flow and redirect the user to the verification UI with the appropriate flow ID as a query parameter. Example:

GET /self-service/verification/browser

The browser will be redirected to the verification UI with

?flow=<flow-id>

in the URL, where the user can proceed with email verification. For more details, see the official documentation on [address verification](https://www.ory.sh/docs/actions/require-verified-address) and [browser verification flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#create-verification-flow) [Address verification](https://www.ory.sh/docs/actions/require-verified-address) [Create verification flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#create-verification-flow).

For a self-managed Ory Kratos instance, you can redirect a browser to the verification flow for an unverified email by sending the user to the verification UI URL you have configured in your Kratos config (

selfservice.flows.verification.ui_url

) with the

flow

query parameter. How it works: 1. Configure the Verification UI URL In your Kratos config (

config.yml

), set the verification UI URL:

yaml    selfservice:      flows:        verification:          ui_url: <http://your-app.com/verify>

Or set the environment variable

SELFSERVICE_FLOWS_VERIFICATION_UI_URL

accordingly. This is where Kratos will redirect users for verification flows [Verification UI config](https://www.ory.sh/docs/kratos/fallback/verification). 2. Trigger the Verification Flow When you want to redirect a user to verify their email, redirect their browser to:

GET /self-service/verification/browser

Kratos will redirect the browser to your configured

ui_url

with a

flow

query parameter, e.g.:

<http://your-app.com/verify?flow=<flow-id>>

Your UI should then fetch the verification flow data from Kratos using the flow ID and render the verification form [Create verification flow](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#create-verification-flow). 3. Automatic Redirection on Login (Optional) If you want Kratos to enforce verification before login, add the following to your config:

yaml    selfservice:      flows:        login:          after:            hooks:              - hook: require_verified_address

This will cause Kratos to automatically redirect users with unverified emails to the verification flow when they attempt to log in [Require verified address](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation#allow-login-only-with-verified-email). Summary: - Set the verification UI URL in your config. - Redirect users to

/self-service/verification/browser

to start the flow. - Optionally, enforce verification on login with the

require_verified_address

hook. If you need to show the verification screen after registration or address change, you can use the

show_verification_ui

hook as described in the documentation [Verification on sign up](https://www.ory.sh/docs/actions/require-verified-address#verification-on-sign-up) [Verification on address change](https://www.ory.sh/docs/actions/require-verified-address#verification-on-address-change).

Yes, this approach works when using Ory Elements. Ory Elements is designed to render self-service flows—including the verification flow—using the flow data provided by Ory Kratos. When you redirect the browser to your verification UI (e.g.,

/verify?flow=<flow-id>

), you can use the

<Verification />

component from Ory Elements to render the verification form. This component expects the verification flow object and the Ory client configuration as props [Ory Elements Verification component](https://www.ory.sh/docs/elements/reference/@ory/elements-react/theme/functions/Verification). In summary: - Redirect the user to your verification UI with the

flow

parameter. - Fetch the verification flow data from Kratos using the flow ID. - Pass the flow data to the

<Verification />

component in your React app. This is the intended integration pattern for custom UIs with Ory Elements and self-managed Kratos [Ory Elements overview](https://www.ory.sh/docs/ecosystem/projects#ory-elements).

The message "Account not active yet. Did you forget to verify your email address?" with a 400 response is the expected behavior when a user with an unverified email tries to log in and the Require Verified Address for Login feature is enabled. This error message (code

4000010

) is shown to indicate that the account is not yet active because the email address has not been verified [Account not active yet. Did you forget to verify your email address? (4000010)](https://www.ory.sh/docs/kratos/concepts/ui-messages#account-not-active-yet-did-you-forget-to-verify-your-email-address-4000010). If you want to redirect the user to the verification flow instead of just showing this error, you need to ensure that the

require_verified_address

hook is properly configured in your Kratos self-service login flow. When this hook is set, Kratos can either redirect the user to the verification flow (for browser clients) or return a 400 error with a

continue_with

field containing the verification flow URL (for API clients). Your UI should handle this response and redirect the user accordingly [Require verification on login](https://www.ory.sh/docs/actions/require-verified-address). If you are only seeing the error message and not being redirected, check the following: - Make sure your login flow is configured with the

require_verified_address

hook as described in the documentation [Allow login only with verified email](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation#allow-login-only-with-verified-email). - For browser-based flows, Kratos should issue a 302 redirect to the verification flow. For API-based flows, your frontend needs to handle the 400 error and perform the redirect using the URL in the

continue_with

field. If you are using Ory Elements, ensure your frontend is set up to handle the 400 error and redirect the user to the verification UI with the correct

flow

parameter. If you have followed these steps and still only see the error message, please review your Kratos configuration and frontend logic to ensure the redirect is handled as described in the documentation.

Certainly! Here’s a code snippet that demonstrates how to handle the 400 error response from Ory Kratos when a user tries to log in with an unverified email, and how to redirect them to the verification flow using the URL provided in the

continue_with

field. This example assumes you are using a frontend (e.g., React) and making an API call to the Kratos login endpoint:

javascript // Example: Handling login response and redirecting to verification flow  async function handleLogin(formData) {   try {     // Replace with your Kratos public endpoint     const response = await fetch('<https://kratos.yourdomain.com/self-service/login?flow=>' + flowId, {       method: 'POST',       headers: {         'Content-Type': 'application/json',         'Accept': 'application/json', // Important for API response       },       body: JSON.stringify(formData),       credentials: 'include',     });      if (!response.ok) {       const errorData = await response.json();        // Check for the specific error and presence of continue_with       if (         errorData.id === 'session_verified_address_required' &&         errorData.details &&         Array.isArray(errorData.details.continue_with)       ) {         const verificationAction = errorData.details.continue_with.find(           (item) => item.action === 'show_verification_ui'         );         if (verificationAction && verificationAction.flow && verificationAction.flow.url) {           // Redirect the browser to the verification flow URL           window.location.href = verificationAction.flow.url;           return;         }       }        // Handle other errors as needed       throw new Error(errorData.message || 'Login failed');     }      // Handle successful login     // ...   } catch (err) {     // Handle network or unexpected errors     console.error(err);   } }

How it works: - When the login API returns a 400 error with the

session_verified_address_required

id, the code looks for the

continue_with

array. - If it finds an action of type

show_verification_ui

, it redirects the browser to the provided verification flow URL. This approach is based on the documented Kratos behavior for requiring verified addresses at login [Require verification on login](https://www.ory.sh/docs/actions/require-verified-address). If you are using Ory Elements, you would render the

<Verification />

component at the target route (e.g.,

/verify?flow=...

) after the redirect.

Based on the knowledge sources, the value of

data.id

in the error response when a user tries to log in with an unverified email should not be a UUID like

"5d594293-e6e0-44d8-8850-2c008dbe50a8"

. Instead, the

id

field for this specific error is expected to be a string identifier such as

"session_verified_address_required"

or a numeric code like

4000010

, depending on the context and configuration [Require verification on login](https://www.ory.sh/docs/actions/require-verified-address) [Account not active yet. Did you forget to verify your email address? (4000010)](https://www.ory.sh/docs/kratos/concepts/ui-messages#account-not-active-yet-did-you-forget-to-verify-your-email-address-4000010). A UUID in the

id

field typically represents a flow ID, not an error code. If you are seeing a UUID, it is likely the response is not the specific error object for "require verified address," but rather a flow object or a different part of the API response. If you want to check for the "require verified address" error, you should look for: -

id: "session_verified_address_required"

in the error response for API clients, or -

id: 4000010

for the UI message. If you are receiving a UUID, review the structure of the response to ensure you are accessing the correct field for error handling as described in the documentation [Require verification on login](https://www.ory.sh/docs/actions/require-verified-address).

The knowledge sources indicate that when requiring a verified address for login, Ory Kratos should return a structured error response with an

id

like

session_verified_address_required

and a

continue_with

field containing the verification flow URL, especially for API clients using

Accept: application/json

 [Require verification on login](https://www.ory.sh/docs/actions/require-verified-address). For browser-based flows, a 302 redirect to the verification flow is expected. If your error response contains a UUID in the

id

field (e.g.,

"5d594293-e6e0-44d8-8850-2c008dbe50a8"

), this suggests you may be receiving a different type of response—possibly a flow object or a generic error container—rather than the specific error format described in the documentation. The knowledge sources do not provide enough information to definitively explain why your error response is not in the expected format. This could be due to differences in client type (browser vs. API), configuration, or the way the request is made, but the documentation does not explicitly cover all possible causes. If you continue to encounter this issue, reviewing your Kratos configuration and ensuring you are making the request as an API client (with

Accept: application/json

) may help, but the knowledge sources do not provide a definitive answer for this discrepancy.