ory client-go 1.6.1: cannot deserialize continue_with response

[peterkulacs]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

I'm using the native version of the self service recovery. The Ory client (golang) cannot deserialize the continue_with field.

Reproducing the bug

1. Set the feature flag in kratos.yml (self hosted) or on the cloud UI.

feature_flags:
  use_continue_with_transitions: true

2. Trigger the recovery flow

3. Update the recovery flow with code method

4. Update (finish) the recovery flow by sending the code

var body = &client.UpdateRecoveryFlowWithCodeMethod{
	Code:                 &code,
	CsrfToken:            &csrfToken,
}
	
return oc.publicClient.FrontendAPI.
	UpdateRecoveryFlow(ctx).
	Flow(flowID).
	Cookie(cookies).
	UpdateRecoveryFlowBody(client.UpdateRecoveryFlowWithCodeMethodAsUpdateRecoveryFlowBody(body)).
	Execute()

Error: data matches more than one schema in oneOf(ContinueWith)

Relevant log output

Json response body:

{
    "id": "c4c9b365-7ab5-43f1-b974-4b77f4a77392",
    "type": "api",
    "expires_at": "2024-02-16T09:47:08Z",
    "issued_at": "2024-02-16T09:27:08Z",
    "request_url": "http://kratos:4433/self-service/recovery/api",
    "active": "code",
    "ui": {
        "action": "http://127.0.0.1:4433/self-service/recovery?flow=c4c9b365-7ab5-43f1-b974-4b77f4a77392",
        "method": "POST",
        "nodes": [
            {
                "type": "input",
                "group": "default",
                "attributes": {
                    "name": "csrf_token",
                    "type": "hidden",
                    "value": "",
                    "required": true,
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {}
            },
            {
                "type": "input",
                "group": "code",
                "attributes": {
                    "name": "code",
                    "type": "text",
                    "required": true,
                    "pattern": "[0-9]+",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {
                    "label": {
                        "id": 1070010,
                        "text": "Recovery code",
                        "type": "info"
                    }
                }
            },
            {
                "type": "input",
                "group": "code",
                "attributes": {
                    "name": "method",
                    "type": "hidden",
                    "value": "code",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {}
            },
            {
                "type": "input",
                "group": "code",
                "attributes": {
                    "name": "method",
                    "type": "submit",
                    "value": "code",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {
                    "label": {
                        "id": 1070005,
                        "text": "Submit",
                        "type": "info"
                    }
                }
            },
            {
                "type": "input",
                "group": "code",
                "attributes": {
                    "name": "email",
                    "type": "submit",
                    "value": "test@example.com",
                    "disabled": false,
                    "node_type": "input"
                },
                "messages": [],
                "meta": {
                    "label": {
                        "id": 1070008,
                        "text": "Resend code",
                        "type": "info"
                    }
                }
            }
        ]
    },
    "state": "passed_challenge",
    "continue_with": [
        {
            "action": "set_ory_session_token",
            "ory_session_token": "ory_st_vOv43b4maJRbIC2yD3gg6AVM5pK5eyBy"
        },
        {
            "action": "show_settings_ui",
            "flow": {
                "id": "6f9b6275-45e7-4fdb-a7bf-2956685380bc"
            }
        }
    ]
}

Relevant configuration

feature_flags:
  use_continue_with_transitions: true

Version

1.6.1

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Docker Compose

Additional Context

No response

[siraphobk]

I'm facing the exact same problem on Kratos v1.1.0. Here's my code.

clientConf := client.NewConfiguration()
clientConf.HTTPClient = &http.Client{Timeout: 90 * time.Second}
clientConf.Servers = []client.ServerConfiguration{{URL: KratosEndpoint}}
kratos := client.NewAPIClient(clientConf)

registerFlow, _, err := kratos.FrontendAPI.CreateNativeRegistrationFlow(ctx).Execute()
if err != nil {
	return nil, fmt.Errorf("cannot create reigstration flow: %w", err)
}

success, h, err := kratos.FrontendAPI.
	UpdateRegistrationFlow(ctx).
	UpdateRegistrationFlowBody(client.UpdateRegistrationFlowBody{
		UpdateRegistrationFlowWithPasswordMethod: &client.UpdateRegistrationFlowWithPasswordMethod{
			Method:   "password",
			Password: input.Password,
			Traits: map[string]interface{}{
				"emails":       []string{input.Email},
                                // snip
			},
		},
	}).
	Flow(registerFlow.Id).
	Execute()
if err != nil {
	if h != nil {
		respBody, _ := io.ReadAll(h.Body)
		fmt.Println("respBody: ", string(respBody))
	}
	if success != nil {
		fmt.Println("result payload: ", *success)
	}
	return nil, fmt.Errorf("cannot update registration flow: %w", err)
}

// read http response
if h != nil {
	body, err := io.ReadAll(h.Body)
	if err != nil {
		return nil, fmt.Errorf("cannot read response body: %w", err)
	}
	defer h.Body.Close()
	fmt.Println("body: ", string(body))
}

Here's the response body.

{
  "session_token": "ory_st_qFoHeGWy7OBmDAkEaVFvKI8pjHXAcVHt",
  "session": {
    "id": "e20ca114-dacd-469b-855d-2bd160074a5b",
    "active": true,
    "expires_at": "2024-04-17T10:45:37.638992126Z",
    "authenticated_at": "2024-03-18T10:45:37.639001314Z",
    "authenticator_assurance_level": "aal1",
    "authentication_methods": [
      {
        "method": "password",
        "aal": "aal1",
        "completed_at": "2024-03-18T10:45:37.638991746Z"
      }
    ],
    "issued_at": "2024-03-18T10:45:37.638992126Z",
    "identity": {
      "id": "99f99bd6-202b-401c-b18a-4eb3f7c50ae8",
      "schema_id": "user_v0",
      "schema_url": "https://kratos.digisense.dev/schemas/dXNlcl92MA",
      "state": "active",
      "state_changed_at": "2024-03-18T10:45:37.633852041Z",
      "traits": {
        "emails": [
          "hzYdwAdmE5@whatever.com"
        ],
        "name_display": "xxxx",
        "name_full": "yyyy"
      },
      "verifiable_addresses": [
        {
          "id": "1c931d51-3aee-4dc1-b82a-bfbf190f3573",
          "value": "hzydwadme5@whatever.com",
          "verified": false,
          "via": "email",
          "status": "sent",
          "created_at": "2024-03-18T10:45:37.635577Z",
          "updated_at": "2024-03-18T10:45:37.635577Z"
        }
      ],
      "recovery_addresses": [
        {
          "id": "a72e3c37-4a35-43d9-832d-079e20316679",
          "value": "hzydwadme5@whatever.com",
          "via": "email",
          "created_at": "2024-03-18T10:45:37.635959Z",
          "updated_at": "2024-03-18T10:45:37.635959Z"
        }
      ],
      "metadata_public": null,
      "created_at": "2024-03-18T10:45:37.635067Z",
      "updated_at": "2024-03-18T10:45:37.635067Z",
      "organization_id": null
    },
    "devices": [
      {
        "id": "b93710cc-2318-443e-bbb4-58cacbfbdc0c",
        "ip_address": "",
        "user_agent": "OpenAPI-Generator/1.0.0/go",
        "location": ""
      }
    ]
  },
  "identity": {
    "id": "99f99bd6-202b-401c-b18a-4eb3f7c50ae8",
    "schema_id": "user",
    "schema_url": "https://snip/schemas/dXNlcl92MA",
    "state": "active",
    "state_changed_at": "2024-03-18T10:45:37.633852041Z",
    "traits": {
      "emails": [
        "hzYdwAdmE5@whatever.com"
      ],
    },
    "verifiable_addresses": [
      {
        "id": "1c931d51-3aee-4dc1-b82a-bfbf190f3573",
        "value": "hzydwadme5@whatever.com",
        "verified": false,
        "via": "email",
        "status": "sent",
        "created_at": "2024-03-18T10:45:37.635577Z",
        "updated_at": "2024-03-18T10:45:37.635577Z"
      }
    ],
    "recovery_addresses": [
      {
        "id": "a72e3c37-4a35-43d9-832d-079e20316679",
        "value": "hzydwadme5@whatever.com",
        "via": "email",
        "created_at": "2024-03-18T10:45:37.635959Z",
        "updated_at": "2024-03-18T10:45:37.635959Z"
      }
    ],
    "metadata_public": null,
    "created_at": "2024-03-18T10:45:37.635067Z",
    "updated_at": "2024-03-18T10:45:37.635067Z",
    "organization_id": null
  },
  "continue_with": [
    {
      "action": "show_verification_ui",
      "flow": {
        "id": "945106bb-b15c-404a-a7a5-b1394868f09b",
        "verifiable_address": "hzydwadme5@whatever.com"
      }
    },
    {
      "action": "set_ory_session_token",
      "ory_session_token": "ory_st_qFoHeGWy7OBmDAkEaVFvKI8pjHXAcVHt"
    }
  ]
}

Here's the result from my test

result payload:  {[] {<nil> <nil>  <nil> <nil> {<nil> false} []   <nil> <nil> <nil> <nil> [] map[]} <nil> <nil> map[]}
--- FAIL: TestCreateUser (0.11s)
    u_test.go:21: cannot update registration flow: data matches more than one schema in oneOf(ContinueWith)
FAIL
FAIL    github.com/snip/client/idp  0.113s
FAIL

[aeneasr]

This should be resolved with the newest versions of the Ory SDK!