https://www.ory.sh/ logo
Join Slack
Powered by
When using the browser flows, is it not possible t...
# ory-network
f
When using the browser flows, is it not possible to use 
return_to
for OIDC providers? I set the param when creating the flow, I see it being set in the response, however after signing in, with Google in this case, it redirects to the wrong host:port. This is for dev, my dev env runs on port 3000 and ory tunnel on 4000. I don't want to use the built in UI but it seems like the tunnel always uses it for redirects (ignores the domain/port)
l
It should work.
f
My browser is saying otherwise 😅
😅 1
Worth mentioning is that this is for the verification view (when you connect a sso account with an existing identity using username/password)
l
I know it works for the login flow
f
The login flow wouldn't redirect you to the verification screen though, it's likely this case that is breaking
f
@bland-eye-99092 perhaps? Is it better if we create an issue somewhere?
We’ve added an issue here: https://github.com/ory/cli/issues/332
b
Thank you. The case you described should definitely work. Do you have a flow ID of where this happened? Feel free to generate a new one, if not.
f
10432632-f82c-4302-9d99-531ce7d134b5
which gets changed to 
1a46ec5f-d467-48ab-a6b2-f6efbc0bb6bc
for the verification step
b
There is a validation error: 
An account with the same identifier (email, phone, username, ...) exists already.
I assume you expect that?
f
Yes that is expected
And that's the part we want to show an UI for
b
Okay, I see. so the issue is the tunnel redirecting weirdly here?
f
Exactly, it sends me back to the Ory experience
b
Okay, this looks like a bug. We’ll take a look.
❤️ 1
👍 1
f
Let us know if there is anything we can assist with when it comes to debugging 🙂
Hey @bland-eye-99092 do you think this is something that we will be able to resolve this week? We are a bit blocked with our rollout of SSO due to this issue.
b
I don’t think so, we’re pretty busy with other stuff right now.. Out of curiosity: are you planning on using the Ory Tunnel in production?
f
Ok, thanks for the quick reply. No we are not, this is for local development. I guess we can roll it out and make sure that it works there, just a bit more work.
f
As long as 
return_to
actually works as expected for verification flow we can make it work
Ok, so I've just tried this in production and 
return_to
is NOT respected for OIDC flows
And again, I see that 
return_to
is correctly defined in the response I get when I initiate the flow, so no problem there
But for the verification screen when connecting SSO to an existing account I'm always redirected to the Ory hosted UI flow
@bland-eye-99092 Just for visibility, but this would be a major blocker. I almost feel like we're doing something wrong here, but I can't see any other parameter to set or configure
d0143384-d1a1-429c-bbbb-02ec0ad99286
is one flow for reference (not a development flow)
b
Did you configure the UI urls in your project? And default redirects? see https://www.ory.sh/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui
f
So 
return_to
is not actually supposed to be working without changing the urls?
Changing it didn't help
b
what exactly did you change?
f
Custom UI Base URL
login UI path
b
Okay, so the flow is: 1. login via google 2. go through OIDC dance with google 3. be redirected /ui/welcome instead of your 
return_to
?
f
3 is being redirected to 
ui/login?flow=...
"An account with the same identifier (email, phone, username, ...) exists already."
b
what do you want that to be instead? Your own UI?
f
Yepp, everything else is our own UI so this breaks the experience 🙂
b
yeah that should be the login UI path. Could you maybe try and setting that again?
f
Now it works! Third time pressing save is the charm apparently 😂
b
yeah, we had that issue before.. tricky to chase down because it’s quite flaky. Sorry about that. But glad it works now 🙂
f
No worries, thanks for the help 🙂
b
Btw. I registered on your staging environment with my @ory.sh account, trying to recreate the situation. You can delete that identity.
👍 1
f
Thanks a lot for the help Jonas!
5 Views
Open in Slack
PreviousNext
Powered by