feat: return verification flow ID after registration flow

[jonas-jonas]

Related issue(s)

Closes #2975

Checklist

• Discuss, how an E2E test for this could look? See feat: return verification flow ID after registration flow #3144 (comment)
• Better way to pass data from the hook executors back to the handler? We attached it to the flow object which is modified by other hooks, anyway.

[zepatrik]

Nice, looking pretty good 👍
What other actions do we expect to be added?

[codecov]

Codecov Report

Merging #3144 (56d29b0) into master (0002668) will increase coverage by 0.04%.
The diff coverage is 94.44%.

❗ Current head 56d29b0 differs from pull request most recent head 6330e71. Consider uploading reports for the commit 6330e71 to get more accurate results

@@            Coverage Diff             @@
##           master    #3144      +/-   ##
==========================================
+ Coverage   77.62%   77.66%   +0.04%     
==========================================
  Files         317      319       +2     
  Lines       20046    20110      +64     
==========================================
+ Hits        15561    15619      +58     
- Misses       3292     3296       +4     
- Partials     1193     1195       +2     

Impacted Files	Coverage Δ
driver/registry_default.go	86.92% <ø> (ø)
identity/identity_verification.go	70.96% <ø> (ø)
selfservice/flow/verification/flow.go	92.00% <ø> (ø)
selfservice/hook/verification.go	73.68% <85.71%> (+1.27%)	⬆️
selfservice/flow/continue_with.go	88.88% <88.88%> (ø)
selfservice/strategy/code/strategy_verification.go	74.25% <93.54%> (-1.24%)	⬇️
driver/registry_default_hooks.go	91.83% <100.00%> (+1.13%)	⬆️
selfservice/flow/registration/flow.go	97.10% <100.00%> (+0.17%)	⬆️
selfservice/flow/registration/hook.go	82.53% <100.00%> (+0.42%)	⬆️
selfservice/flow/settings/flow.go	92.00% <100.00%> (+0.45%)	⬆️
... and 3 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[jonas-jonas]

What other actions do we expect to be added?

For the recovery flow, we could use this and add settings_ui.

For the various expired type of errors, we are planning on also using this, so we would add these for all the flows recovery_ui, etc.

Then we will also have a special one for OIDC.

[jonas-jonas]

Since we aren't returning the registration flow itself, once the registration finishes, this is just used internally, and should not be sent to the client.

[aeneasr]

Remove the required field, and swagger ignore. json:"-" already omits it from swagger

[jonas-jonas]

Done.

[jonas-jonas]

not sure if re-ordering CSRF token "inputs" will be an issue?

[zepatrik]

It should not matter.

[jonas-jonas]

As for E2E tests, right now they (should be) are passing, because the changes are not breaking. We are merely adding new fields to payloads.

I would propose, adding this feature to the reference implementations, once this is merged and adjusting the E2E tests, once that's done. That way we don't need to update the SDK from a branch, etc.

[zepatrik]

Nice 👍

[zepatrik]

It should not matter.

[Benehiko]

Nice! This looks really good :)

[aeneasr]

First sweep

[aeneasr]

Please use a dedicated struct for this and give it a swagger:model annotation

[jonas-jonas]

The names get quite long. Would've liked to avoid those.. But fine with me, done.

[aeneasr]

Remove the required field, and swagger ignore. json:"-" already omits it from swagger

[aeneasr]

Is this good to review?

[jonas-jonas]

Is this good to review?

If CI is green, yes from my POV.

[aeneasr]

This is looking grand! The only thing I'm missing is some proof that continue_with works as intended. Basically, this means an end to end test with registration + verification on mobile and/or SPA?

[jonas-jonas]

The only thing I'm missing is some proof that continue_with works as intended. Basically, this means an end to end test with registration + verification on mobile and/or SPA?

Yes, that's true. I wanted to merge this first and write some E2E tests then, to avoid the SDK release-dance needed to update both. But I can do that before we merge this PR.

[aeneasr]

Yes, that's true. I wanted to merge this first and write some E2E tests then, to avoid the SDK release-dance needed to update both. But I can do that before we merge this PR.

Yes please do that first :) For the SDK - do you know how this works?

[jonas-jonas]

do you know how this works?

No :)

[aeneasr]

https://github.com/ory/kratos-selfservice-ui-node/blob/7a838e2a2900592817df07067f998c4d6325a7ff/Makefile#L27

Make sure to have the paths set correctly, and you'll also need access to the npm package - if you give me your ID i can add you

[jonas-jonas]

TODO

[aeneasr]

This test assertion changed - previously we synthetically created a new verification URL and compared that with the assertion from the DB. Now we fetch both verification flows from the DB and compare them. Is this still a useful test?

[jonas-jonas]

Do you mean removing https://github.com/ory/kratos/pull/3144/files/8169ac2945655590e9210777cf26b7766da2c4a5#diff-24ee502b250d67d70d70ba02ad18f303654b9af76552128958425b1c9043cc18R97-R100? I think that would still be fine, indeed.

[jonas-jonas]

Done.

[aeneasr]

Not sure if I understand what this is doing - you're creating a new original flow and then checking whether it has continue with. That of course will be true, because it's not added in the switch statement.

OR is hf() somehow setting that value?

[jonas-jonas]

hf is executing the verification hook, which persists the verification flow, and since all verifiable addresses are now verified, we expect no continue_with items anymore.

[jonas-jonas]

This test could use some cleanup, for sure. But OOS of this PR IMO.