The error message you're seeing indicates that the

return_to

URL you're trying to use is not allowed. This is likely because it's not included in the allow list for redirects. To allow redirects to

localhost

for your local development setup, you need to set dynamic redirects using the

?return_to=

query parameter on self-service flows. This is done to prevent Open Redirect Attacks by just allowing certain domains, or paths on a domain. Here's an example of how you can start a self-service login flow with a

return_to

URL set:

bash curl -X GET 'http://<your-project>.<http://projects.oryapis.com/self-service/login/browser?return_to=|projects.oryapis.com/self-service/login/browser?return_to=>...'

In this case, you would replace

...

with

<http://localhost:4100>

or whatever your local development URL is. Remember, the

allow list

prevents Open Redirect Attacks by just allowing certain domains, or paths on a domain. So,

<http://localhost:4100>

needs to match the domain and path. Other redirects using different domains will fail. For more information, you can refer to the [Ory documentation on Browser redirects and flow completion](https://www.ory.sh/docs/concepts/redirects).

No, you don't have to omit the ports. If you're running your application on

<http://localhost:4100>

, then you should include the port in your configuration. The issue might be elsewhere. Ensure that the URL is correctly added to the

allowed_return_urls

in your Ory Kratos configuration. Here's an example of how it should look:

yaml selfservice:   default_browser_return_url: <http://localhost:4100>   allowed_return_urls:     - <http://localhost:4100>

This configuration allows Ory Kratos to redirect back to

<http://localhost:4100>

after the self-service flow is completed. If you've already done this and are still experiencing issues, it might be worth checking for any typos or misconfigurations in your setup. If the problem persists, you might want to refer to the [Ory documentation](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#configure-user-interface) or seek help from the Ory community.

A

204 No Content

response is expected behavior in some cases when using Ory's APIs. This status code is used to indicate that the server has successfully fulfilled the request and there is no additional content to send in the response payload body. For example, in the Ory Hydra API, when you revoke OAuth2 login sessions or delete trusted OAuth2 JWT grant issuers, the server responds with a

204 No Content

status code when the operation is successful. Similarly, in the Ory Keto API, when you patch relationships, a

204 No Content

response indicates that the operation was successful. However, if you're expecting a redirect and it's not happening, it could be due to how you're handling the response in your client application. If you're using an API client like AJAX, you need to manually handle the redirect in your application. Here's an example of how you can do this:

javascript .then((res) => {     router.push('/<your-route>')   })

In this case, you would replace

/<your-route>

with the path you want to redirect to. For more information, you can refer to the [Ory documentation on API clients](https://www.ory.sh/docs/concepts/redirects#api-clients).

The

return_to

value in the

FrontendApiUpdateLogoutFlowRequest

is used to specify where the user should be redirected after the logout process is completed. However, this redirect only happens when the request is made from a browser, not from an API client. When the

Accept

HTTP header is set to

application/json

(which is typical for API clients), a

204 No Content

response will be sent on successful logout instead of a redirect. This is mentioned in the [Ory API documentation](https://www.ory.sh/docs/reference/api). If you're using an API client and want to redirect the user after logout, you'll need to handle the redirect in your client application code. The

return_to

value can still be useful in this case as it can tell your client application where the user intended to go after logout.

Yes, the behavior of the

return_to

parameter is consistent across all self-service flows in Ory. The

return_to

parameter is used to specify a URL to redirect the user to after the flow is completed. However, the actual redirection only happens when the request is made from a browser with the

Accept

HTTP header set to

text/html

. If the request is made from an API client with the

Accept

header set to

application/json

, Ory will not perform a redirect. Instead, it will return a

204 No Content

response or a JSON response, depending on the specific API endpoint. In the case of an API client, you would need to handle the redirection in your client application code. The

return_to

value can still be useful in this case as it can tell your client application where the user intended to go after the flow is completed. For more information, you can refer to the [Ory documentation on HTTP redirection configuration](https://www.ory.sh/docs/kratos/concepts/browser-redirect-flow-completion#redirection) and the [Ory API documentation](https://www.ory.sh/docs/reference/api).

When implementing a Single Page Application (SPA) with a custom UI in Ory, you have several options. The best approach depends on your specific needs and the technologies you're comfortable with. Here are some options: 1. Use AJAX or fetch: SPAs can initialize the flow by calling the endpoint using AJAX or fetch instead of redirecting the browser. The response sets the necessary cookies and contains all UI nodes required to render the form. You must set

withCredentials: true

in axios or

credentials: "include"

in fetch for AJAX and fetch requests to set cookies ([source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#single-page-application)). 2. Use Ory Elements: Ory Elements is a component library designed to make building login, registration, and account pages for Ory straightforward. It's modular and customizable, which means that you can use only the views you need and style them to match your implementation's design ([source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-ory-elements)). 3. Use reference implementations: Ory provides several reference implementations and guides for building your own user interface and forms on top of Ory's APIs. These include examples for Next.js & React SPAs, Node.js / Express.js UI, and React Native UI ([source](https://www.ory.sh/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui#reference-implementations-and-examples)). Remember, the best way to start building a custom UI is to use the provided Ory examples and tooling, as this will shorten the time to market and allow you to focus on your application's business logic ([source](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-overview#when-to-build-a-custom-user-interface)).