[Rust] update_registration_flow error handling

[fraschm1998]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [X] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

UpdateRegistrationFlow ResponseContent.entity returns a different empty status compared to ResponseContent.statuscode. ErrorBrowserLocationChangeRequired always returns None:

pub struct ResponseContent<T> {
    pub status: [StatusCode](https://docs.rs/http/0.2.11/http/status/struct.StatusCode.html),
    pub content: [String](https://doc.rust-lang.org/nightly/alloc/string/struct.String.html),
    pub entity: [Option](https://doc.rust-lang.org/nightly/core/option/enum.Option.html)<T>,
}

ResponseContent {                                                                                                                                              
    status: 400,                                                                                                                                                          
    content: "{\"id\":\"523d1fbe-ea1c-41f5-9668-ea5f2e835e77\",\"oauth2_login_challenge\":null,\"type\":\"browser\",\"expires_at\":\"2024-02-17T20:32:11.599968Z\",\"issue
d_at\":\"2024-02-17T20:22:11.599968Z\",\"request_url\":\"http://127.0.0.1:4433/self-service/registration/browser\",\"ui\":{\"action\":\"http://127.0.0.1:4455/.ory/kratos/
public/self-service/registration?flow=523d1fbe-ea1c-41f5-9668-ea5f2e835e77\",\"method\":\"POST\",\"nodes\":[{\"type\":\"input\",\"group\":\"default\",\"attributes\":{\"na
me\":\"csrf_token\",\"type\":\"hidden\",\"value\":\"lHGdy8Jg7U2bc4Zj8LSvvi953WxVSvOPOwDlzQt6A1IU5LcDNs1TeTmCPbgRgepwTonOjLUALwkP3kfbpxe4wQ==\",\"required\":true,\"disable
d\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.email\",\"type\":\"email\",\"
value\":\"test@example.com\",\"required\":true,\"autocomplete\":\"email\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":107
0002,\"text\":\"E-Mail\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"password\",\"type\":\"password\",\"required\":true,\"a
utocomplete\":\"new-password\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[{\"id\":4000005,\"text\":\"The password can not be used because the password has 
been found in data breaches and must no longer be used.\",\"type\":\"error\",\"context\":{\"reason\":\"the password has been found in data breaches and must no longer be 
used\"}}],\"meta\":{\"label\":{\"id\":1070001,\"text\":\"Password\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.name
.first\",\"type\":\"text\",\"value\":\"adsasd\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1070002,\"text\":\"First Name\",\"
type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attributes\":{\"name\":\"traits.name.last\",\"type\":\"text\",\"value\":\"asdasd\",\"disabled\":false,\"no
de_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1070002,\"text\":\"Last Name\",\"type\":\"info\"}}},{\"type\":\"input\",\"group\":\"password\",\"attribut
es\":{\"name\":\"method\",\"type\":\"submit\",\"value\":\"password\",\"disabled\":false,\"node_type\":\"input\"},\"messages\":[],\"meta\":{\"label\":{\"id\":1040001,\"tex
t\":\"Sign up\",\"type\":\"info\",\"context\":{}}}}]}}\n",                                                                                                                
    entity: Some(                                                                                                                                                         
        Status422(                                                                                                                                                        
            ErrorBrowserLocationChangeRequired {                                                                                                                          
                error: None,                                                                                                                                              
                redirect_browser_to: None,                                                                                                                                
            },                                                                                                                                                            
        ),                                                                                                                                                                
    ),                                                                                                                                                                    
}

Reproducing the bug

Make a post request with an already registered email address.

Relevant log output

No response

Relevant configuration

No response

Version

ory-client 1.6.1 with latest docker container

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response

[Jeremiah-Griffin]

Despite what the return value says, your login is may be succesful: If the error is successful, following the link returned in the action field of the json object will supply the session and user data. Additionally, you can strip the flow id from the ?flow= parameter of the url:

\"action\":\"http://127.0.0.1:4455/.ory/kratos/
public/self-service/registration?flow=523d1fbe-ea1c-41f5-9668-ea5f2e835e77

A few notes for posterity:

• If you're building an SPA, the docs say to never redirect to the "BrowserRedirect" link
• the api will request a redirect even if you request an native flow, in which case it knows you don't have a browser to redirect. You have to query the redirect endpoint regardless. Likewise, if ever you introduce a native/api flow, you still have to initiate and submit a flow ID despite what the documentation says; it should be treated identically to a browser with the exception of the token type the api returns.
• The status 422 error is returned even when the login is successful.. If your login is a failure, to the best of my recollection you will still get the 422 error, but the error field will switch from none to a string description of the error that should be viewed by the user. If you're doing automatic backoff, logging, etc you should be sure to adjust your predicates to distinguish between a successful 422 error and an erroneous 422 error. However, since it's not documented as whether this endpoint can emit an 422: unprocessable content , I would advise against handling it as a general case

Some if this is probably wrong. The api's use of 422 is really poorly documented - for example, the documentation explicitly that a 422 should not be returned on successs...yet it does. Likewise, native flows aren't supposed to return 422 at all, but they do 🤷

You shouldn't trust what the docs say or what the api returns, but instead either search the identities using the admin api or the ory console.