cli
cli copied to clipboard
ory
OIDC flows doesn't respect return_to
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
https://auth-app-stage.gilion.com/
Describe the bug
We are implementing our own UI and it works well for logging in, signing up, etc. However, we have scenarios where a user has previously signed up with email/password and then tries to connect using Google (as an example). Ory detects this and wants the user to verify the connection, however, it's not possible to direct that experience off of the Ory account experience and the user gets redirected to that login view instead of ours.
Reproducing the bug
We run a simple Next app and start up the Ory CLI using ory tunnel http://localhost:3000 --dev (the correct ENV is set pointing to the project) we then create a new browser flow with fetch (because the Ory JS client wasn't working for us, with a lot of weirdness going on), that flow is created using return_to=http://localhost:3000 (which is whitelisted in the project settings).
The network requests are then as follows;
POST to http://localhost:4000/self-service/login?flow=... with provider set. It redirects to Google to handle their process.
Google then sends the user to https://optimistic-snyder-xxx.projects.oryapis.com/self-service/methods/oidc/callback/google which in turns send the user to http://localhost:4000/self-service/methods/oidc/callback/google which in turn sends them to http://localhost:4000/ui/login, hence our issue.
Relevant log output
No response
Relevant configuration
No response
Version
0.3.1
On which operating system are you observing this issue?
macOS
In which environment are you deploying?
None
Additional Context
No response
