This error occurs because the

return_to

URL you're trying to use is not allowed in your Ory Network configuration. To resolve this issue, you need to whitelist the domain in your Ory Identities configuration. Here's how you can solve it: 1. Add your domain to the allowed return URLs list in your Ory Identities configuration. In this case, you need to add

<http://localhost:3000>

to the whitelist. 2. You can do this by updating your configuration using the Ory CLI. Run the following command:

ory patch identity-config --project <project-id> --workspace <workspace-id> \       --add '/selfservice/allowed_return_urls/="<http://localhost:3000/>"'

Replace

<project-id>

and

<workspace-id>

with your actual project and workspace IDs. 3. Alternatively, you can update this configuration in the [Ory Console](https://console.ory.sh/) under the "Branding" → "Browser redirects" section. After making this change, the

return_to

URL

<http://localhost:3000/register>

should be accepted, and the error should be resolved. Remember that for security reasons, Ory Identities prevents Open Redirect Attacks, which is why you need to explicitly whitelist domains for the

return_to

parameter [Ory Docs: HTTP redirection configuration](https://www.ory.sh/docs/kratos/concepts/browser-redirect-flow-completion#redirection). If you're using Ory Proxy or Ory Tunnel for local development, make sure you're accessing your app through the proxy URL (typically `http://localhost:4000`) instead of directly [Ory Docs: Use Ory Proxy for local development](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel#use-ory-proxy-for-local-development). If you continue to face issues, double-check your Ory Network configuration and ensure that all your redirect URLs are properly set up for your OAuth2 client [Ory Docs: Refresh Token flow fails](https://www.ory.sh/docs/hydra/debug#refresh-token-flow-fails).