Implement account recovery with an API-based flow

[ujaved-doc-ai]

I'm trying to implement account recovery with an API flow. Conceptually this is a two-part flow: 1) Initiate a recovery flow that sends an email to the user; 2) User authenticates by clicking the email, and being redirected to the "settings" URL where they can update their information.

The problem is that this mixes the API flow with a browser-based flow because the user has to click on an email link and then the browser app has to complete the modification. Part 2 is equivalent to a Profile update where the "settings" endpoint can be called with the session token. What is the best way to complete this step in absence of a browser-based flow? Do we need to extract a cookie from the redirection in Step 1 for the settings update to work in Step 2?

Any help would be greatly appreciated!

[zepatrik]

I don't think this is currently supported. If the mail would only contain an app URI, I don't think it would solve the problem. Some users might open their email on a desktop device then, where the app URI would fail. Maybe you can either register your domain with the phone OS so that the link will be opened in your app? Or alternatively, in your backend implement logic to redirect the user to an app URI? Maybe someone else solved this already and can give some more ideas, but these are the ones I can think of as a non-mobile dev 😅

[aeneasr]

This will hopefully be resolved with #1451 :)