To set up after login redirects in production, you need to configure the

selfservice.flows.login.after

section in your Ory Kratos configuration file (

kratos.yml

). Here is an example of how to set up the redirects:

yaml selfservice:     flows:       login:         after:           default_browser_return_url: <https://this-is-overridden-by-password/>           password:             default_browser_return_url: <https://end-up-here-after-login-with-password/>

In this example,

<https://this-is-overridden-by-password/>

is the default URL where users will be redirected after login. However, if the login method was password, then users will be redirected to

<https://end-up-here-after-login-with-password/>

instead. You can replace these URLs with the ones that point to your own frontend. Also, when you are ready to go to production, you need to set up a custom domain and configure your application to use it. For example, in a Next.js app, you would replace the Ory integrations package with your own configuration:

javascript const basePath = process.env.NEXT_PUBLIC_ORY_SDK_URL;      const ory = new FrontendApi(     new Configuration({       basePath: basePath,       baseOptions: {         withCredentials: true,       },     })   );      return router.push(basePath + "/ui/login");

In this example,

basePath

is the URL of your custom domain. For more information, please refer to the following documentation: - [Post-login redirection](https://www.ory.sh/docs/kratos/concepts/browser-redirect-flow-completion#post-login-redirection) - [Configure User Interface](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#configure-user-interface) - [Go to production](https://www.ory.sh/docs/getting-started/integrate-auth/nextjs#go-to-production)

The URL for the login screen depends on how you have configured your Ory Kratos setup. In a typical setup, the login screen can be found at the

/auth/login

endpoint of the server where you have deployed Ory Kratos. For example, if you are running Ory Kratos on

<http://127.0.0.1:4455>

, the login screen would be at

<http://127.0.0.1:4455/auth/login>

. Here is an example configuration from the Ory Kratos documentation:

yaml selfservice:     flows:       login:         ui_url: <http://127.0.0.1:4455/auth/login>

In this example,

<http://127.0.0.1:4455/auth/login>

is the URL for the login screen. If you are using the Ory Cloud, the login screen can be found at the

/login

endpoint of your Ory Cloud project URL. For example, if your project URL is

<https://myproject.ory.sh>

, the login screen would be at

<https://myproject.ory.sh/login>

. For more information, please refer to the following documentation: - [Initialize login flow](https://www.ory.sh/docs/kratos/self-service/flows/user-login#initialize-login-flow) - [Login for server-side browser clients](https://www.ory.sh/docs/kratos/self-service/flows/user-login#login-for-server-side-browser-clients-part-2)

Yes, you're correct. If you're using the Ory Kratos' default self-service UI, the login endpoint is typically at

/self-service/login/browser

for browser-based flows. However, the actual path can vary based on your configuration. For example, in a Next.js application, you might redirect to the login page like this:

javascript // Redirect to login page   return router.push(edgeConfig.basePath + "/ui/login")

In this case, the login page would be at the

/ui/login

endpoint of your application. Please note that these paths are just examples and the actual paths depend on your specific configuration and setup. For more information, please refer to the following documentation: - [Initialize login flow](https://www.ory.sh/docs/kratos/self-service/flows/user-login#initialize-login-flow) - [Integrate authentication into Next.js](https://www.ory.sh/docs/getting-started/integrate-auth/nextjs#require-login-to-access-the-home-page)

The error message you're seeing is related to Cross-Origin Resource Sharing (CORS). CORS is a security feature that restricts how resources on a web page can be requested from another domain outside the domain from which the first resource was served. In your case, it seems like your frontend application at

<https://frontend-men.fly.dev>

is trying to access resources from

<https://admiring-wu-1mbxij2ve2.projects.oryapis.com>

, but the server at

<https://admiring-wu-1mbxij2ve2.projects.oryapis.com>

is not sending the necessary

Access-Control-Allow-Origin

header in its responses. To solve this issue, you need to configure your Ory Kratos server to include the

Access-Control-Allow-Origin

header in its responses. This can be done by setting up CORS in your Ory Kratos configuration. Here is an example of how to do this:

yaml serve:     public:       cors:         enabled: true         allowed_origins:           - <https://frontend-men.fly.dev>         allowed_methods:           - POST           - GET           - PUT           - PATCH           - DELETE         allowed_headers:           - Authorization           - Cookie           - Content-Type         exposed_headers:           - Content-Type           - Set-Cookie

In this example,

<https://frontend-men.fly.dev>

is the origin that is allowed to make CORS requests. You can replace this with the origin of your frontend application. For more information, please refer to the following documentation: - [Cross-origin resource sharing errors](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#cross-origin-resource-sharing-errors) - [Cross-origin resource sharing (CORS) settings](https://www.ory.sh/docs/kratos/guides/setting-up-cors) - [Setting up cross-origin resource sharing (CORS)](https://www.ory.sh/docs/hydra/guides/cors)

The error you're seeing is indeed related to the browser's security measures, specifically Cross-Origin Resource Sharing (CORS). CORS is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. To fix this issue, you need to configure CORS on your server (in this case, the Ory server) to allow requests from your website's domain. This is done by setting the

Access-Control-Allow-Origin

header in the server's responses. Here's an example of how to set up CORS in Ory Kratos:

yaml serve:     public:       cors:         enabled: true         allowed_origins:           - <https://your-website-domain.com>         allowed_methods:           - POST           - GET           - PUT           - PATCH           - DELETE         allowed_headers:           - Authorization           - Cookie           - Content-Type         exposed_headers:           - Content-Type           - Set-Cookie

In this configuration, replace

<https://your-website-domain.com>

with the actual domain of your website. This tells the Ory server to include the

Access-Control-Allow-Origin

header with your website's domain in its responses, which in turn tells the browser that it's okay to allow your website to make requests to the Ory server. For more information on setting up CORS in Ory, refer to the [Ory Kratos CORS documentation](https://www.ory.sh/docs/kratos/guides/setting-up-cors). If you're developing locally, you might also find the [Ory Tunnel for local development](https://www.ory.sh/docs/getting-started/local-development) useful. It allows you to tunnel the Ory APIs on a port on your local machine, which allows cookies to be set on the same domain as the application is running. This can help bypass CORS issues during development.

The error message indicates that the

return_to

URL

<https://frontend-men.fly.dev>

is not allowed. This is because it's not included in the list of allowed domains in your Ory configuration. To fix this issue, you need to add

<https://frontend-men.fly.dev>

to the list of allowed

return_to

URLs in your Ory configuration. This can be done by adding it to the

urls.self.public

and

urls.self.admin

sections in your Ory Kratos configuration file (

kratos.yml

). Here is an example of how to do this:

yaml urls:     self:       public: <https://frontend-men.fly.dev>       admin: <https://frontend-men.fly.dev>

In this example,

<https://frontend-men.fly.dev>

is the URL that is allowed to make requests to the Ory server. After making these changes, restart your Ory server for the changes to take effect. For more information, please refer to the following documentation: - [Ory Kratos Configuration Reference](https://www.ory.sh/docs/kratos/reference/configuration) - [Ory Kratos Self-Service Flows](https://www.ory.sh/docs/kratos/self-service/flows/user-login#initialize-login-flow)