Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

image.png

Have you set the redirect URL to the allowed list? Looks like it’s not

<https://www.ory.sh/docs/concepts/redirects|https://www.ory.sh/docs/concepts/redirects>

<@U010F2N7G2X> yes, that solve redirectTo issue

why domain is `.<http://auth.botyshark.com|auth.botyshark.com>` not `.<http://botyshark.com|botyshark.com>`

Why is it http in the screenshot? It should be https!!

but the cf_bm cookie is also irrelevant. ory cookies are prefixed with ory_ :)

i didn’t get it
What do you mean by http vs https?

but that cookie is from ory server

```__cf_bm=90z8_MIW_7Rj_1Fi9vE4DvE.nDjqvddoUFIHqc54Cfw-1693057372-0-Ads/vwVHeMb98SpEQGrx56OAlanEDN+wF4ay2s87wNRC7ce8ifTeclKninlXWHK1dUHa/R2qSlhhsLvn3Ix+zBg=; path=/; expires=Sat, 26-Aug-23 14:12:52 GMT; domain=.<http://auth.botyshark.com|auth.botyshark.com>; HttpOnly; Secure; SameSite=None```
should i ignore it (remove it)

Maybe you could create a github issue with your troubles. That cookie is from cloudflare :)

In the issue please include as many details as possible and potentially HAR files to reproduce the issue! 

issue fixed by removing that cookie :disappointed:

it was
```return redirect(url.toString(), {
  headers: {
    "set-cookie": res.headers["set-cookie"],
  },
});```
i’ve added filter to remove that cookie