To call workspace-level endpoints when using Ory Tunnel, you need to understand that Ory Tunnel is primarily designed for local development and doesn't directly support workspace-level endpoints. However, you can still access these endpoints by following these steps: 1. Use the Ory CLI or API directly for workspace-level operations: Instead of trying to route workspace-level requests through Ory Tunnel, you should use the Ory CLI or make direct API calls for these operations. 2. Authenticate using a Workspace API Key: For workspace-level endpoints, you need to use a Workspace API Key for authentication. This is different from the Project API Key used for project-level operations. 3. Make direct API calls: To call endpoints like

/projects/{project_id}/organizations

, you should make direct API calls to the Ory API, not through the tunnel. Here's an example of how you might list organizations for a project using curl:

bash curl -X GET "<https://api.console.ory.sh/projects/$PROJECT_ID/organizations>" \      -H "Authorization: Bearer $WORKSPACE_API_KEY"

Remember to replace

$PROJECT_ID

with your actual project ID and

$WORKSPACE_API_KEY

with your Workspace API Key. It's important to note that Ory Tunnel is primarily used for local development to mirror Ory APIs on your local machine, particularly for features that require the same top-level domain (like cookies and CORS). For workspace-level operations, you should interact directly with the Ory API or use the Ory CLI. Sources: [Ory API Reference](https://www.ory.sh/docs/reference/api) [Authorizing Ory Network Workspace Admin APIs](https://www.ory.sh/docs/concepts/personal-access-token#authorizing-ory-network-workspace-admin-apis) [Ory Proxy and Ory Tunnel](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel)

To provide an example of linking an SSO account to an identity in Next.js using Ory, I'll refer to the available knowledge sources. However, it's important to note that the provided documents don't contain a specific example for linking SSO accounts in Next.js. Instead, I can offer some general guidance based on the available information about Ory's account linking feature and Next.js integration. Ory supports automatic account linking, which can be used to link SSO accounts to existing identities. Here's a general approach you could take in a Next.js application: 1. First, ensure you have set up Ory in your Next.js application as described in the [Integrate authentication into Next.js](https://www.ory.sh/docs/getting-started/integrate-auth/nextjs) guide. 2. Implement the automatic account linking flow. According to the [Automatic account linking](https://www.ory.sh/docs/kratos/social-signin/link-multiple-provider-account#automatic-account-linking) documentation, the process works like this:

1. The user creates an account with the identifier `<mailto:user@example.com|user@example.com>` and a password.
   2. When signing in later, the user signs in with a social sign-in provider. That social sign-in account contains the same identifier `<mailto:user@example.com|user@example.com>`.
   3. Since the identifier already exists, the user can't be logged in directly. Instead, the user will be prompted to enter the password chosen in step 1.
   4. After entering the correct password, the social sign-in is linked to the user's account.

3. In your Next.js application, you would need to handle this flow. Here's a conceptual example of how you might implement this in a component: ```jsx import { useEffect, useState } from "react" import { useRouter } from "next/router" import { Configuration, FrontendApi } from "@ory/client" import { edgeConfig } from "@ory/integrations/next" const ory = new FrontendApi(new Configuration(edgeConfig)) export default function LinkAccount() { const router = useRouter() const [error, setError] = useState(null)

To provide an example of linking an SSO account to an identity in Next.js using Ory, I'll refer to the available knowledge sources. However, it's important to note that the provided documents don't contain a specific example for linking SSO accounts in Next.js. Instead, I can offer some general guidance based on the available information about Ory's account linking feature and Next.js integration. Ory supports automatic account linking, which can be used to link SSO accounts to existing identities. Here's a general approach you could take in a Next.js application: 1. First, ensure you have set up Ory in your Next.js application as described in the [Integrate authentication into Next.js](https://www.ory.sh/docs/getting-started/integrate-auth/nextjs) guide. 2. Implement the automatic account linking flow. According to the [Automatic account linking](https://www.ory.sh/docs/kratos/social-signin/link-multiple-provider-account#automatic-account-linking) documentation, the process works like this:

1. The user creates an account with the identifier `<mailto:user@example.com|user@example.com>` and a password.    2. When signing in later, the user signs in with a social sign-in provider. That social sign-in account contains the same identifier `<mailto:user@example.com|user@example.com>`.    3. Since the identifier already exists, the user can't be logged in directly. Instead, the user will be prompted to enter the password chosen in step 1.    4. After entering the correct password, the social sign-in is linked to the user's account.

3. In your Next.js application, you would need to handle this flow. Here's a conceptual example of how you might implement this in a component:

jsx    import { useEffect, useState } from "react"    import { useRouter } from "next/router"    import { Configuration, FrontendApi } from "@ory/client"    import { edgeConfig } from "@ory/integrations/next"     const ory = new FrontendApi(new Configuration(edgeConfig))     export default function LinkAccount() {      const router = useRouter()      const [error, setError] = useState(null)       useEffect(() => {        ory.toSession()          .then(({ data: session }) => {            // Check if there's a pending account link            if (session.identity.credentials.oidc) {              // Prompt user to enter password to link accounts              // This is a simplified example. You'd need to implement              // a form to collect the password securely.              const password = prompt("Enter your password to link accounts:")              if (password) {                ory.updateLoginFlow({                  flow: session.identity.id,                  updateLoginFlowBody: {                    method: "password",                    password: password                  }                })                .then(() => {                  // Account linked successfully                  router.push("/dashboard")                })                .catch((err) => setError(err.message))              }            }          })          .catch((err) => setError(err.message))      }, [router])       if (error) return <div>Error: {error}</div>      return <div>Linking account...</div>    }

Please note that this is a simplified example and doesn't include all necessary error handling or security measures. In a real-world application, you would need to implement a secure form for password entry and handle various edge cases. Also, remember to enable [login hints](https://www.ory.sh/docs/kratos/social-signin/link-multiple-provider-account#hide-irrelevant-authentication-methods) in your Ory configuration to inform users about the authentication methods available for their existing account. For the most up-to-date and accurate implementation details, I recommend checking the latest Ory documentation or reaching out to Ory support for specific guidance on implementing SSO account linking in Next.js.