New message text here

If you have correctly set the redirect URLs to your local application and it's still redirecting to the hosted Ory Network, it might be due to the Ory Proxy settings. When using Ory Proxy for local development, you should point it to the URL where your application runs. For example, if your application is available at

<http://localhost:3001>

, run this command:

bash ory proxy <http://localhost:3001>

By default, Ory Proxy creates an entry point at

<http://localhost:4000>

. To get access to Ory endpoints, you must access the app through the proxy using this URL instead of the actual address on which your application is running[^8^]. If you want to adjust the entry point URL, pass the desired address along with the application URL, for example:

bash ory proxy <http://localhost:3001> <http://localhost:3002>

This will create an entry point at `http://localhost:3002`[^8^]. Also, ensure that you're using the

--dev

flag when developing locally with Ory Proxy[^9^]. [^8^]: (source: https://www.ory.sh/docs/guides/cli/proxy-and-tunnel#use-ory-proxy-for-local-development) [^9^]: (source: https://www.ory.sh/docs/cli/ory-proxy#developing-locally)

If you're using Ory Tunnel for local development, you should ensure that the

application-url

argument points to your local application. This location will be used as the default redirect URL for the tunnel, for example after a successful login[^3^]. Here's an example of how to run Ory Tunnel with your local application:

bash $ ory tunnel --project <your-project-slug> <http://localhost:3001>

In this case,

<http://localhost:3001>

is the URL of your local application[^3^]. Also, when developing locally, it's recommended to use the

--dev

flag, which uses a lax security setting[^3^]:

bash $ ory tunnel --dev --project <your-project-slug> <http://localhost:3001>

Remember, Ory Tunnel should be used for development only. Do not use Ory Tunnel in a production environment[^2^]. [^2^]: (source: https://www.ory.sh/docs/security-model#what-about-local-development) [^3^]: (source: https://www.ory.sh/docs/cli/ory-tunnel#ory-tunnel)

The command you're using to start the Ory Tunnel seems to be missing the

--project

flag which is necessary to specify your project slug. The correct command should look like this:

bash ory tunnel --project <your-project-slug> <http://localhost:3001>

Replace

<your-project-slug>

with the slug of your project[^3^]. If you're developing locally, you should also include the

--dev

flag[^3^]:

bash ory tunnel --dev --project <your-project-slug> <http://localhost:3001>

[^3^]: (source: https://www.ory.sh/docs/cli/ory-tunnel#ory-tunnel)

The

ORY_SDK_URL

environment variable is used to set the URL of the Ory APIs. This should be set to the URL of your Ory Network project when running your application[^1^][^2^][^3^][^4^][^5^][^6^][^7^][^8^][^9^][^10^]. However, when using Ory Tunnel for local development, you should also specify the URL of your local application when starting the tunnel[^3^]. This is separate from the

ORY_SDK_URL

environment variable. Here's an example of how to start Ory Tunnel with your local application:

bash ory tunnel --project <your-project-slug> <http://localhost:3001>

In this case,

<http://localhost:3001>

is the URL of your local application[^3^]. If you're developing locally, you should also include the

--dev

flag[^3^]:

bash ory tunnel --dev --project <your-project-slug> <http://localhost:3001>

Remember, the

ORY_SDK_URL

environment variable and the URL you provide when starting Ory Tunnel serve different purposes. The

ORY_SDK_URL

is used by your application to connect to the Ory APIs, while the URL you provide when starting Ory Tunnel is used as the default redirect URL for the tunnel, for example after a successful login[^3^]. [^1^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/vue#run-your-vuejs-app) [^2^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/react#run-your-react-app) [^3^]: (source: https://www.ory.sh/docs/cli/ory-tunnel#ory-tunnel) [^4^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/expressjs#run-your-expressjs-app) [^5^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/nextjs#run-your-nextjs-app) [^6^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/php#run-your-app) [^7^]: (source: https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-ory-elements#run-the-sample-application) [^8^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/react#run-your-react-app) [^9^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/flutter-web-redirect#test-you-application) [^10^]: (source: https://www.ory.sh/docs/getting-started/integrate-auth/nextjs#run-your-nextjs-app)

To get Ory user information server-side by including the cookie in the request, you can use the

/sessions/whoami

endpoint. This endpoint returns the session information when a request is made with the session cookie[^1^][^2^][^3^][^4^][^5^]. Here's an example of how to do this in an Express.js middleware using the Ory SDK:

javascript import { Configuration, FrontendApi } from "@ory/client"   import { NextFunction, Request, Response } from "express"      const frontend = new FrontendApi(    new Configuration({    basePath: process.env.ORY_SDK_URL,    }),   )      // a middleware function that checks if the user is logged in   // the user is loading a page served by express so we can extract the cookie from the   // request header and pass it on to Ory   // the cookie is only available under the same domain as the server e.g. *.<http://myapp.com|myapp.com>   function middleware(req: Request, res: Response, next: NextFunction) {    // frontend is an instance of the Ory SDK    frontend    .toSession({ cookie: req.header("cookie") })    .then(({ status, data: flow }) => {    if (status !== 200) {    next("/login")    }    next()    })    // ...   }

[^1^]: (source: https://www.ory.sh/docs/kratos/session-management/overview#using-ory-session-cookie) [^2^]: (source: https://www.ory.sh/docs/kratos/self-service/flows/user-login#server-side-browser-clients) [^3^]: (source: https://www.ory.sh/docs/kratos/self-service/flows/user-registration#with-auto-login-on-registration) [^4^]: (source: https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#session-checks) [^5^]: (source: https://www.ory.sh/docs/kratos/self-service/flows/user-registration#server-side-browser-clients)

A 401 Unauthorized error typically means that the request lacks valid authentication credentials for the target resource[^1^][^2^][^3^][^4^][^5^][^6^][^7^][^8^][^9^][^10^]. This could be due to an incorrect or missing session cookie. Here's an example of how to get the session information in a Next.js API route using the Ory SDK:

javascript import { Configuration, FrontendApi } from "@ory/client"  const frontend = new FrontendApi(   new Configuration({     basePath: process.env.ORY_SDK_URL,   }), )  export default async function handler(req, res) {   try {     const { data: session } = await frontend.toSession({ cookie: req.headers.cookie })     res.status(200).json(session)   } catch (error) {     res.status(401).json({ message: 'Unauthorized' })   } }

In this example,

handler

is a Next.js API route that attempts to get the session information from Ory. If the session cookie is valid, it returns the session information. If not, it returns a 401 Unauthorized response. Remember to replace

process.env.ORY_SDK_URL

with the URL of your Ory APIs. [^1^]: (source: https://www.ory.sh/docs/reference/api) [^2^]: (source: https://www.ory.sh/docs/reference/api) [^3^]: (source: https://www.ory.sh/docs/reference/api) [^4^]: (source: https://www.ory.sh/docs/reference/api) [^5^]: (source: https://www.ory.sh/docs/reference/api) [^6^]: (source: https://www.ory.sh/docs/reference/api) [^7^]: (source: https://www.ory.sh/docs/reference/api) [^8^]: (source: https://www.ory.sh/docs/reference/api) [^9^]: (source: https://www.ory.sh/docs/reference/api) [^10^]: (source: https://www.ory.sh/docs/reference/api)

If you have confirmed that the Ory session cookie is present but you're still receiving a 401 Unauthorized error when calling

frontend.toSession()

, it could be due to one of the following reasons: 1. The session cookie is invalid or expired. Ory session cookies have an expiration time, after which they are no longer valid[^1^][^2^][^3^][^4^][^5^][^6^][^7^][^8^][^9^][^10^]. 2. The session cookie does not match the session stored on the server. This could happen if the server session was invalidated or deleted[^1^][^2^][^3^][^4^][^5^][^6^][^7^][^8^][^9^][^10^]. 3. The request to

frontend.toSession()

is not including the session cookie correctly. Ensure that you're passing the entire

cookie

header from the request to `frontend.toSession()`[^1^][^2^][^3^][^4^][^5^][^6^][^7^][^8^][^9^][^10^]. Here's an example of how to pass the

cookie

header to `frontend.toSession()`:

javascript const { data: session } = await frontend.toSession({ cookie: req.headers.cookie })

If you're still having issues, you might want to enable debug logging in your Ory configuration to get more information about what's happening when

frontend.toSession()

is called. [^1^]: (source: https://www.ory.sh/docs/reference/api) [^2^]: (source: https://www.ory.sh/docs/reference/api) [^3^]: (source: https://www.ory.sh/docs/reference/api) [^4^]: (source: https://www.ory.sh/docs/reference/api) [^5^]: (source: https://www.ory.sh/docs/reference/api) [^6^]: (source: https://www.ory.sh/docs/reference/api) [^7^]: (source: https://www.ory.sh/docs/reference/api) [^8^]: (source: https://www.ory.sh/docs/reference/api) [^9^]: (source: https://www.ory.sh/docs/reference/api) [^10^]: (source: https://www.ory.sh/docs/reference/api)