feat: add support for recovery on native flows

[jonas-jonas]

Adds the ability to complete the recovery flow properly on API flows. This PR also streamlines the behavior for SPA flows to not return 422 errors anymore. To enable this new behavior, set the features.use_continue_with_transitions flag in the config to true.

Fixes #2628

Related issue(s)

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[codecov]

Codecov Report

Attention: 48 lines in your changes are missing coverage. Please review.

Comparison is base (0fa648d) 78.29% compared to head (d9fee0b) 78.39%.
Report is 3 commits behind head on master.

❗ Current head d9fee0b differs from pull request most recent head 18a5f48. Consider uploading reports for the commit 18a5f48 to get more accurate results

Files	Patch %	Lines
selfservice/strategy/code/strategy_recovery.go	60.00%	18 Missing and 8 partials ⚠️
...lfservice/strategy/code/strategy_recovery_admin.go	78.87%	10 Missing and 5 partials ⚠️
selfservice/flow/recovery/handler.go	33.33%	2 Missing and 2 partials ⚠️
selfservice/flow/recovery/error.go	92.30%	1 Missing and 1 partial ⚠️
identity/handler.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3273      +/-   ##
==========================================
+ Coverage   78.29%   78.39%   +0.10%     
==========================================
  Files         343      343              
  Lines       23418    23470      +52     
==========================================
+ Hits        18334    18400      +66     
+ Misses       3703     3685      -18     
- Partials     1381     1385       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[jonas-jonas]

This definitely still needs e2e tests (either PW or cypress), for all the cases. Since the react-native PR got merged, that should be quite easy to do.

[Benehiko]

LGTM :)

[hperl]

LGTM! I just have a small suggestion regarding the naming of the feature flag.

Also, IIRC, the DX of the 422 errors is not really great in all SDKs. For Java, it requires explicitly overriding some error factory to extract the error. Is this really the best way? We should probably discuss this elsewhere.

[jonas-jonas]

Also, IIRC, the DX of the 422 errors is not really great in all SDKs. For Java, it requires explicitly overriding some error factory to extract the error. Is this really the best way? We should probably discuss this elsewhere.

Yes, you're right, but I am not sure what error code we could use instead. A 200 OK response would still be okay, but it doesn't convey the "urgency" that there is another step required here.

[aeneasr]

What changes are needed in the docs for this?

[jonas-jonas]

What changes are needed in the docs for this?

I'll need to figure out how to document this properly. Since we now use the feature flag, and we'll need a UI in the console for it, I'll first try to get this into the network and then do the docs changes, if that's okay with you. @aeneasr

[aeneasr]

Can you please add an entry for the changelog here?