The

selfservice.default_browser_return_url

is a configuration key in Ory Kratos that specifies the default URL to which the browser should be redirected after completing a self-service flow, such as login or registration. For example, if no specific redirection URL is set for a flow, the

default_browser_return_url

will be used:

yaml selfservice:    default_browser_return_url: <https://always-end-up-here-per-default/>

You can also specify a redirect URL for each self-service flow. For instance, you can set different redirect URLs for login and registration flows:

yaml selfservice:    flows:     login:      after:       default_browser_return_url: <https://end-up-here-after-login/>     registration:      after:       default_browser_return_url: <https://end-up-here-after-registration/>

Moreover, you can set redirect URLs per method, which overrides the `selfservice.flows.<login|registration|...>.default_return_to`:

yaml selfservice:    flows:     login:      after:       default_browser_return_url: <https://this-is-overridden-by-password/>     password:      default_browser_return_url: <https://end-up-here-after-login-with-password/>

For more details, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/concepts/browser-redirect-flow-completion).

To override the default return URL when making a request to the

selfservice/login

endpoint, you can pass a

return_to=<url>

query parameter. This

return_to

URL will be used as the redirect URL after the login flow is completed. Here's an example of how to initialize a login flow with a

return_to

URL:

http /self-service/{flow_type}/browser?return_to=<https://myapp.com/protected>

In this example,

<https://myapp.com/protected>

is the URL to which the user will be redirected after a successful login. Please note that the

return_to

query parameter doesn't automatically persist across different flows and must be added to new flows. For example, if the user starts a login flow with a

return_to

URL set and then switches to a registration flow, the

return_to

URL isn't used for the registration flow. In such a case, your application can re-use the same

return_to

from the login flow by extracting the

return_to

URL from the login flow's

flow.return_to

and adding it to the registration flow. For more details, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration).

For native applications, the process is slightly different. When initializing a login or registration flow through the Ory Network APIs, you can set the

return_to

parameter to the URL of the native application. This URL is used to redirect the user back to the app after the social sign-in. Here's an example of how to initialize a login flow with a

return_to

URL:

http /self-service/{{flow_type}}/api?return_to=<myapp://callback>

In this example,

<myapp://callback>

is the URL scheme of your native application to which the user will be redirected after a successful login. Please note that the

return_to

parameter should be a URL that your native application can handle. For more details, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/social-signin/native-apps).

The

redirect_uri

that is sent by Ory Kratos in the login flow is determined by the configuration of the Ory Kratos server and the specific identity provider being used. This

redirect_uri

is where the identity provider will send the user after they have authenticated. In general, the

redirect_uri

is not something that you can change in the request to the

selfservice/login

endpoint. It is typically a server-side configuration that is set when you configure your Ory Kratos server and the identity providers that you are using. For example, when configuring an OAuth2 identity provider, you would specify the

redirect_uri

in the provider's configuration:

yaml identity_providers:   - id: github     provider: github     config:       client_id: YOUR_CLIENT_ID       client_secret: YOUR_CLIENT_SECRET       redirect_uri: <https://your-kratos-server.com/self-service/browser/flows/strategies/oauth2/callback/github>

In this example, the

redirect_uri

is set to

<https://your-kratos-server.com/self-service/browser/flows/strategies/oauth2/callback/github>

, which is where GitHub will redirect the user after they have authenticated. For more details, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/self-service/flows/user-login).

Yes, you can set up different redirect URLs for browser-based and native app flows in Ory Kratos. For browser-based flows, the redirect URL is typically set in the Ory Kratos configuration file under the

selfservice

key:

yaml selfservice:    flows:     login:      after:       default_browser_return_url: <https://end-up-here-after-login/>     registration:      after:       default_browser_return_url: <https://end-up-here-after-registration/>

For native app flows, you can specify the

return_to

parameter when initializing the flow:

http /self-service/{{flow_type}}/api?return_to=<myapp://callback>

In this example,

<myapp://callback>

is the URL scheme of your native application to which the user will be redirected after a successful login. Please note that the

return_to

parameter should be a URL that your native application can handle. For more details, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/social-signin/native-apps).