I'm trying to implement a user invite flow based on the recovery flow, just as mentioned in the documentation. For the invite, I want a different URL and UI than the usual recovery. In my invite flow, I create an identity and generate a recovery link. Then I send this link to the user myself. I get a /recovery?flow=...token=... url, but because I want my own UI, in my React app I've created a route /invite?=flow=...token=... which then sends an AJAX request to the original /recovery?flow=...token=, then tries to redirect to the settings (and fails since it's AJAX), but does initialize the settings flow and log the user in. So in a sense I can get it to work. However I would have preferred a proper way to do this because this might lead to problems and bugs, but it seems there is no AJAX equivalent to this. I would have expected to be able to send an AJAX request to the same endpoint, and just receive a session cookie and the initialized settings flow ID...

Hello. Do you initialize settings flow? What kind of errors do you receive?

Hi. The endpoint /recovery/link generates a /recovery?flow=..token=.. to be sent to the user. This GET endpoint (not mentioned in the docs) is valid for a configured amount of time, it logs the user in and initializes a new settings flow by itself. However this all happens with a redirect, and there's no AJAX equivalent.

so are you saying that the link provided in the email always redirects to the settings page defined in the kratos conifg?

@witty-actor-17128 there is an issue to replace magic links with temporary codes, but we just do not have time right now to work on it because there are so many other priorities. Is a redirect a killer for your app? Or just inconvenient?

We can't work with that redirect, since we have two different URLs as mentioned (one for user invite, one for recovery). Using this endpoint with ajax sorta works, but this is hacky and may cause other issues - the redirect is treated as an error, but it does set the session cookie and start the initialize flow, but that means the rest of the settings flow depends on getting an error rather than a 200.