submitSelfServiceSettingsFlow method
- required String flow,
- String? xSessionToken,
- SubmitSelfServiceSettingsFlowBody? submitSelfServiceSettingsFlowBody,
- CancelToken? cancelToken,
- Map<
String, dynamic> ? headers, - Map<
String, dynamic> ? extra, - ValidateStatus? validateStatus,
- ProgressCallback? onSendProgress,
- ProgressCallback? onReceiveProgress,
Complete Settings Flow Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with HTTP 200 and an application/json body with the session token on success; HTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low. Implies that the user needs to re-authenticate. Browser flows without HTTP Header `Accept` or with `Accept: text/_*` respond with a HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded; a HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise. a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low. Browser flows with HTTP Header `Accept: application/json` respond with HTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success; HTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set; HTTP 401 when the endpoint is called without a valid session cookie. HTTP 403 when the page is accessed without a session cookie or the session's AAL is too low. HTTP 400 on form validation errors. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor (happens automatically for server-side browser flows) or change the configuration. If this endpoint is called with a `Accept: application/json` HTTP header, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of: `session_refresh_required`: The identity requested to change something that needs a privileged session. Redirect the identity to the login init endpoint with query parameters `?refresh=true&return_to=<the-current-browser-url>`, or initiate a refresh login flow otherwise. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other identity logged in instead. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. Most likely used in Social Sign In flows. More information can be found at Ory Kratos User Settings & Profile Management Documentation.
Parameters:
flow
- The Settings Flow ID The value for this parameter comes fromflow
URL Query parameter sent to your application (e.g./settings?flow=abcde
).xSessionToken
- The Session Token of the Identity performing the settings flow.submitSelfServiceSettingsFlowBody
cancelToken
- ACancelToken
that can be used to cancel the operationheaders
- Can be used to add additional headers to the requestextras
- Can be used to add flags to the requestvalidateStatus
- AValidateStatus
callback that can be used to determine request success based on the HTTP status of the responseonSendProgress
- AProgressCallback
that can be used to get the send progressonReceiveProgress
- AProgressCallback
that can be used to get the receive progress
Returns a Future containing a Response
with a SelfServiceSettingsFlow as data
Throws DioError
if API call or serialization fails
Implementation
Future<Response<SelfServiceSettingsFlow>> submitSelfServiceSettingsFlow({
required String flow,
String? xSessionToken,
SubmitSelfServiceSettingsFlowBody? submitSelfServiceSettingsFlowBody,
CancelToken? cancelToken,
Map<String, dynamic>? headers,
Map<String, dynamic>? extra,
ValidateStatus? validateStatus,
ProgressCallback? onSendProgress,
ProgressCallback? onReceiveProgress,
}) async {
final _path = r'/self-service/settings';
final _options = Options(
method: r'POST',
headers: <String, dynamic>{
if (xSessionToken != null) r'X-Session-Token': xSessionToken,
...?headers,
},
extra: <String, dynamic>{
'secure': <Map<String, String>>[],
...?extra,
},
contentType: 'application/json',
validateStatus: validateStatus,
);
final _queryParameters = <String, dynamic>{
r'flow': encodeQueryParameter(_serializers, flow, const FullType(String)),
};
dynamic _bodyData;
try {
const _type = FullType(SubmitSelfServiceSettingsFlowBody);
_bodyData = submitSelfServiceSettingsFlowBody == null ? null : _serializers.serialize(submitSelfServiceSettingsFlowBody, specifiedType: _type);
} catch(error, stackTrace) {
throw DioError(
requestOptions: _options.compose(
_dio.options,
_path,
queryParameters: _queryParameters,
),
type: DioErrorType.other,
error: error,
)..stackTrace = stackTrace;
}
final _response = await _dio.request<Object>(
_path,
data: _bodyData,
options: _options,
queryParameters: _queryParameters,
cancelToken: cancelToken,
onSendProgress: onSendProgress,
onReceiveProgress: onReceiveProgress,
);
SelfServiceSettingsFlow _responseData;
try {
const _responseType = FullType(SelfServiceSettingsFlow);
_responseData = _serializers.deserialize(
_response.data!,
specifiedType: _responseType,
) as SelfServiceSettingsFlow;
} catch (error, stackTrace) {
throw DioError(
requestOptions: _response.requestOptions,
response: _response,
type: DioErrorType.other,
error: error,
)..stackTrace = stackTrace;
}
return Response<SelfServiceSettingsFlow>(
data: _responseData,
headers: _response.headers,
isRedirect: _response.isRedirect,
requestOptions: _response.requestOptions,
redirects: _response.redirects,
statusCode: _response.statusCode,
statusMessage: _response.statusMessage,
extra: _response.extra,
);
}