chore: properly handle session_aal2_required errors on session (#456)

Author: jonas-jonas

.github/workflows/licenses.yml

@@ -18,8 +18,6 @@ jobs:
     steps:
       - name: Install script
         uses: ory/ci/licenses/setup@master
-        with:
-          token: ${{ secrets.ORY_BOT_PAT || secrets.GITHUB_TOKEN }}
       - name: Check licenses
         uses: ory/ci/licenses/check@master
       - name: Write, commit, push licenses

contrib/fetch/src/utils.ts

@@ -9,6 +9,7 @@ import {
   isNeedsPrivilegedSessionError,
   isResponseError,
   isSelfServiceFlowExpiredError,
+  isSessionAal2Required,
 } from "./error"
 
 export type ValidationErrorHandler<T> = (body: T) => void
@@ -80,6 +81,9 @@ export const handleFlowError =
           } else if (isNeedsPrivilegedSessionError(body)) {
             opts.onRedirect(body.redirect_browser_to, true)
             return
+          } else if (isSessionAal2Required(body)) {
+            opts.onRedirect(body.redirect_browser_to, true)
+            return
           } else if (isCsrfError(body)) {
             opts.onRestartFlow()
             return