submitSelfServiceSettingsFlow method

Future<Response<SelfServiceSettingsFlow>> submitSelfServiceSettingsFlow({
  1. required String flow,
  2. String? xSessionToken,
  3. SubmitSelfServiceSettingsFlowBody? submitSelfServiceSettingsFlowBody,
  4. CancelToken? cancelToken,
  5. Map<String, dynamic>? headers,
  6. Map<String, dynamic>? extra,
  7. ValidateStatus? validateStatus,
  8. ProgressCallback? onSendProgress,
  9. ProgressCallback? onReceiveProgress,
})

Complete Settings Flow Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `application/json` to be sent in the body and respond with HTTP 200 and an application/json body with the session token on success; HTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low. Implies that the user needs to re-authenticate. Browser flows without HTTP Header `Accept` or with `Accept: text/_*` respond with a HTTP 302 redirect to the post/after settings URL or the `return_to` value if it was set and if the flow succeeded; a HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise. a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached or the session's AAL is too low. Browser flows with HTTP Header `Accept: application/json` respond with HTTP 200 and a application/json body with the signed in identity and a `Set-Cookie` header on success; HTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set; HTTP 401 when the endpoint is called without a valid session cookie. HTTP 403 when the page is accessed without a session cookie or the session's AAL is too low. HTTP 400 on form validation errors. Depending on your configuration this endpoint might return a 403 error if the session has a lower Authenticator Assurance Level (AAL) than is possible for the identity. This can happen if the identity has password + webauthn credentials (which would result in AAL2) but the session has only AAL1. If this error occurs, ask the user to sign in with the second factor (happens automatically for server-side browser flows) or change the configuration. If this endpoint is called with a `Accept: application/json` HTTP header, the response contains the flow without a redirect. In the case of an error, the `error.id` of the JSON response body can be one of: `session_refresh_required`: The identity requested to change something that needs a privileged session. Redirect the identity to the login init endpoint with query parameters `?refresh=true&return_to=<the-current-browser-url>`, or initiate a refresh login flow otherwise. `security_csrf_violation`: Unable to fetch the flow because a CSRF violation occurred. `session_inactive`: No Ory Session was found - sign in a user first. `security_identity_mismatch`: The flow was interrupted with `session_refresh_required` but apparently some other identity logged in instead. `security_identity_mismatch`: The requested `?return_to` address is not allowed to be used. Adjust this in the configuration! `browser_location_change_required`: Usually sent when an AJAX request indicates that the browser needs to open a specific URL. Most likely used in Social Sign In flows. More information can be found at Ory Kratos User Settings & Profile Management Documentation.

Parameters:

  • flow - The Settings Flow ID The value for this parameter comes from flow URL Query parameter sent to your application (e.g. /settings?flow=abcde).
  • xSessionToken - The Session Token of the Identity performing the settings flow.
  • submitSelfServiceSettingsFlowBody
  • cancelToken - A CancelToken that can be used to cancel the operation
  • headers - Can be used to add additional headers to the request
  • extras - Can be used to add flags to the request
  • validateStatus - A ValidateStatus callback that can be used to determine request success based on the HTTP status of the response
  • onSendProgress - A ProgressCallback that can be used to get the send progress
  • onReceiveProgress - A ProgressCallback that can be used to get the receive progress

Returns a Future containing a Response with a SelfServiceSettingsFlow as data Throws DioError if API call or serialization fails

Implementation

Future<Response<SelfServiceSettingsFlow>> submitSelfServiceSettingsFlow({
  required String flow,
  String? xSessionToken,
  SubmitSelfServiceSettingsFlowBody? submitSelfServiceSettingsFlowBody,
  CancelToken? cancelToken,
  Map<String, dynamic>? headers,
  Map<String, dynamic>? extra,
  ValidateStatus? validateStatus,
  ProgressCallback? onSendProgress,
  ProgressCallback? onReceiveProgress,
}) async {
  final _path = r'/self-service/settings';
  final _options = Options(
    method: r'POST',
    headers: <String, dynamic>{
      if (xSessionToken != null) r'X-Session-Token': xSessionToken,
      ...?headers,
    },
    extra: <String, dynamic>{
      'secure': <Map<String, String>>[],
      ...?extra,
    },
    contentType: 'application/json',
    validateStatus: validateStatus,
  );

  final _queryParameters = <String, dynamic>{
    r'flow': encodeQueryParameter(_serializers, flow, const FullType(String)),
  };

  dynamic _bodyData;

  try {
    const _type = FullType(SubmitSelfServiceSettingsFlowBody);
    _bodyData = submitSelfServiceSettingsFlowBody == null ? null : _serializers.serialize(submitSelfServiceSettingsFlowBody, specifiedType: _type);

  } catch(error, stackTrace) {
    throw DioError(
       requestOptions: _options.compose(
        _dio.options,
        _path,
        queryParameters: _queryParameters,
      ),
      type: DioErrorType.other,
      error: error,
    )..stackTrace = stackTrace;
  }

  final _response = await _dio.request<Object>(
    _path,
    data: _bodyData,
    options: _options,
    queryParameters: _queryParameters,
    cancelToken: cancelToken,
    onSendProgress: onSendProgress,
    onReceiveProgress: onReceiveProgress,
  );

  SelfServiceSettingsFlow _responseData;

  try {
    const _responseType = FullType(SelfServiceSettingsFlow);
    _responseData = _serializers.deserialize(
      _response.data!,
      specifiedType: _responseType,
    ) as SelfServiceSettingsFlow;

  } catch (error, stackTrace) {
    throw DioError(
      requestOptions: _response.requestOptions,
      response: _response,
      type: DioErrorType.other,
      error: error,
    )..stackTrace = stackTrace;
  }

  return Response<SelfServiceSettingsFlow>(
    data: _responseData,
    headers: _response.headers,
    isRedirect: _response.isRedirect,
    requestOptions: _response.requestOptions,
    redirects: _response.redirects,
    statusCode: _response.statusCode,
    statusMessage: _response.statusMessage,
    extra: _response.extra,
  );
}