Yes, it is possible to have the login redirect URL conditionally change in the Ory Account Experience UI. The Ory Network provides configuration options for setting different redirect URLs based on specific conditions. According to the [Ory documentation on redirect flows](https://www.ory.sh/docs/concepts/redirects#redirect-flows), you can configure different redirect URLs for various scenarios in the login flow. Specifically, you can set: 1. A default redirect URL 2. A post-password redirect URL 3. A post-OIDC redirect URL Here's an example configuration:

yaml selfservice:   flows:     login:       after:         default_browser_return_url: <https://this-is-overridden-by-password/>         password:           default_browser_return_url: <https://end-up-here-after-login-with-password/>         oidc:           default_browser_return_url: <https://end-up-here-after-login-with-oidc/>

This configuration allows you to set different redirect URLs based on the authentication method used (password or OIDC). The default URL will be used if no specific condition is met. Additionally, you can use relative paths instead of full URLs. In this case, the paths will be relative to the base URL of your application. It's worth noting that while this configuration provides some flexibility, it doesn't allow for highly dynamic conditions beyond the authentication method. For more complex conditional logic, you might need to implement custom handling in your application code. [Ory Network Issue #218](https://github.com/ory/network/issues/218) also mentions that work is underway to allow configurations per domain for multi-domain projects, which could provide additional flexibility in the future.

Based on the knowledge sources provided, it is indeed possible to conditionally change the login redirect URL using a query parameter in the Ory Account Experience UI. This can be achieved using the

return_to

query parameter. According to the [Ory documentation on advanced redirects](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration), you can pass a

?return_to=<url>

query parameter to the endpoint that initializes a flow. This allows you to specify a custom redirect URL after the flow is completed, including after a successful login. Here's how it works: 1. Initialize the flow with a

return_to

URL. 2. Use the flow data to render the UI. 3. Submit the flow with user data. 4. If the flow is successful, the user is redirected to the URL defined in the

return_to

parameter. For example, you could use a URL like this to initialize a login flow with a custom redirect:

<https://account.example.com/api/.ory/self-service/login/browser?return_to=https://app.example.com>

This approach allows you to dynamically set the redirect URL based on query parameters in your application logic, giving you more flexibility than the static configuration options. It's important to note that for security reasons, you need to whitelist the domains you want to allow for redirects in your Ory Identities configuration. This prevents open redirect attacks. You can do this by adding the allowed domains to the configuration:

yaml selfservice:   allowed_return_urls:     - <https://www.myapp.com/>

This method provides a more dynamic way to control redirects compared to the static configuration options mentioned in the previous answer. [Ory documentation on advanced redirects](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-advanced-integration) [Ory documentation on browser redirect flow completion](https://www.ory.sh/docs/kratos/concepts/browser-redirect-flow-completion#redirection)

Hmm, I don't know enough to give you a confident answer yet. The knowledge sources provided do not specifically mention configuring the

return_to

query parameter or redirect URLs exclusively within the context of Ory Tunnel. For more detailed information, you might want to explore the [Ory documentation](https://www.ory.sh/docs/) or reach out to the Ory community for guidance on using Ory Tunnel with conditional redirects.

@chilly-king-10285 can I configure

selfservice:
  allowed_return_urls:
    - <https://www.myapp.com/>

in ory tunnel

The knowledge sources provided do not specifically mention configuring

allowed_return_urls

within the context of Ory Tunnel. The configuration for

allowed_return_urls

is typically part of the Ory Identities configuration, which is used to whitelist domains for redirect purposes to prevent open redirect attacks. However, Ory Tunnel is primarily used for local development and testing by mirroring Ory APIs on your local machine. It allows you to work with Ory services as if they were running on your local environment, but it does not inherently change how configurations like

allowed_return_urls

are set. For setting

allowed_return_urls

, you would typically configure this in your Ory Identities project configuration, not specifically within the Ory Tunnel setup. If you need to test this configuration locally, you would still set it in your project's configuration and use Ory Tunnel to simulate the environment. For more detailed guidance, you might want to refer to the [Ory documentation](https://www.ory.sh/docs/) or consult the Ory community for specific use cases involving Ory Tunnel.