To use a different UI URL (such as

accounts.localhost

) when developing locally, you should use the Ory Tunnel. Ory Tunnel allows you to mirror Ory APIs on your local machine, so that cookies and redirects work correctly with your local domain (e.g.,

accounts.localhost

) instead of your production or development remote domain (e.g.,

<http://development.myproject.com|development.myproject.com>

). Here’s how you can set this up: 1. Start Ory Tunnel with your local domain: If your local UI runs at

<http://accounts.localhost:3000>

, start the tunnel like this:

ory tunnel --project <project-id-or-slug> <http://accounts.localhost:3000>

This will expose Ory APIs at

<http://localhost:4000>

by default, and all redirects and cookie handling will use

accounts.localhost

as the domain. Make sure your local

/etc/hosts

file maps

accounts.localhost

to

127.0.0.1

if needed. 2. Update your Ory SDK configuration: When developing locally, point your Ory SDK or API calls to the tunnel endpoint (`http://localhost:4000`), not the remote Ory Network URL. For example:

js    import { Configuration, FrontendApi } from "@ory/client"     const frontend = new FrontendApi(      new Configuration({        basePath: "<http://localhost:4000>",        baseOptions: {          withCredentials: true,        },      }),    )

3. Social Sign-In Redirects: Social sign-in providers (like Google or Facebook) use the redirect URI you configure in Ory. When developing locally, you need to set the base redirect URI to your local domain (e.g., `http://accounts.localhost:3000`). You can do this in the Ory Console under Authentication → Social Sign-In by updating the Base Redirect URI to your local domain. After changing this, update the redirect URI in your social provider’s developer console to match your local domain (e.g., `http://accounts.localhost:3000/self-service/methods/oidc/callback/<provider>`). > Make sure the redirect URI matches the hostname you configured in the Ory Network configuration. For example, when your custom hostname is

<https://ory.example.org>

, the Redirect URI needs to be

<https://ory.example.org>

, not

<https://www.ory.example.org>

or

<https://ory.example.org/>

 [Set custom domain as redirect URL](https://www.ory.sh/docs/identities/sign-in/social-sign-in/redirect-url). 4. Why this happens: If you don’t use Ory Tunnel and your Ory project is configured with remote UI URLs (like

<http://development.myproject.com|development.myproject.com>

), Ory will always redirect to those URLs—even when you’re developing locally. Ory Tunnel solves this by making Ory “think” it’s running on your local domain, so all redirects and cookies work as expected [Local development](https://www.ory.sh/docs/getting-started/local-development#local-development), [Ory Tunnel](https://www.ory.sh/docs/cli/ory-tunnel#ory-tunnel). Summary: - Use Ory Tunnel to mirror Ory APIs to your local domain. - Update your SDK/API calls to use the tunnel endpoint. - Set the social sign-in base redirect URI to your local domain in both Ory and your provider’s settings. This setup ensures that all redirects—including those from social sign-in providers—land on your local UI (

accounts.localhost

) during development.

No, you cannot configure multiple base redirect URIs for social login in a single Ory project. The setting for the base redirect URI applies globally to all social sign-in providers and all environments (local and remote) within that project. Changing the

base_redirect_uri

will affect all social sign-in flows, and you cannot set different values for local and remote environments at the same time. This is explicitly mentioned in the documentation: > This setting applies to all social sign-in providers (new and existing) and cannot be changed on a per-provider basis. So, changing the

base_redirect_uri

will break previously existing and functional social sign-in connections, because Ory Identities will initiate the OIDC flow with the new redirect URL [Set custom domain as redirect URL](https://www.ory.sh/docs/identities/sign-in/social-sign-in/redirect-url). If you need to support both local and remote environments, you must update the

base_redirect_uri

and the corresponding redirect URIs in your social provider's configuration each time you switch environments. There is currently no built-in support for multiple base redirect URIs in a single project. This limitation is a known challenge, and workarounds typically involve manual switching or using separate Ory projects for local and remote environments.