Email update does not indicate show_verification_ui
if session is no longer privileged
#4053
Open
5 tasks done
Labels
bug
Something is not working.
show_verification_ui
if session is no longer privileged
#4053
Preflight checklist
Ory Network Project
No response
Describe the bug
If the user has a privileged session (i.e. less than 15m since login), it works fine. When trying to change the email, I get a 200 and a
show_verification_ui
andredirect_browser_to
inside the continue_with which enables me to redirect user to the verification page and then redirect user back to settings page after verification.However, the problem is when the user does not have a privileged session (which I assume will be the most common route, unless we change the privileged session expiry to something higher).
When the session is not privileged, I will receive a 403 and a
redirect_browser_to
to the login screen withrefresh=true
.But the
redirect_browser_to
typically looks like this:It sends the user to the login screen, with a
return_to
back to the settings page. Which means it skips the whole verification ui, even though an email is sent to the user.Reproducing the bug
See above
Relevant log output
No response
Relevant configuration
No response
Version
master
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response
The text was updated successfully, but these errors were encountered: