Ory may not send a code value in an OIDC native flow if there is an error during the OIDC authentication or registration process, particularly when required identity traits are missing and cannot be mapped from the OIDC provider's claims. In such cases, instead of completing the flow and issuing a code that can be exchanged for a session token, Ory may redirect the user back to the application's return URL without a code parameter. This behavior has been observed when the identity schema requires traits that the OIDC provider does not supply, resulting in a failed mapping (e.g., JSONNET data mapping failure). As a result, the user is redirected without a finish token or code, and the frontend cannot complete the session exchange process. There may also be a lack of detailed error information in the redirect, making it difficult for the frontend to distinguish that an error has occurred in the flow [OIDC native login/registration does not query for missing traits](https://github.com/ory/kratos/issues/4073). Additionally, if there are misconfigurations or unsupported parameters (such as invalid scopes) in the OIDC request, the OIDC provider may return an error, and Ory's handling of such errors may result in a redirect without the expected code parameter [OIDC error parameters are not forwarded to application URL](https://github.com/ory/network/issues/325). In summary, Ory does not send a code value in a native OIDC flow when: - Required identity traits are missing and cannot be mapped from the OIDC provider. - There is a failure in the data mapping or flow completion. - There are errors or misconfigurations in the OIDC request or response. If you need to handle such cases, you should check for the presence of the code parameter and implement error handling for redirects that do not include it.