Trey t
90a1d98322
Android UI Tests / ui-tests (push) Has been cancelled
The recovery code was submitted to a freshly-initialised recovery flow, but Kratos binds the emailed code to the original flow, so verification could never succeed. The settings step then ran with no privileged session, so the password change would be rejected too. - forgotPassword remembers its recovery flow action; verifyResetCode submits the code back to that SAME flow. - verifyResetCode parses Kratos continue_with for the privileged session token + the settings flow id; resetPassword submits the new password to that settings flow authenticated with X-Session-Token. - KratosFlow / KratosContinueWith models extended (continue_with, ory_session_token). Resolves the TODO(kratos) in AuthApi.resetPassword. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>