Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

was getting chrome  phising error page ~1h ago. initiated microsoft login with our custom domain, but when it got back from microsoft it went to your <http://slug.oryapis.com|slug.oryapis.com> or something, not back to our custom domain

Hi <@U04MTKWP0Q4>

This behavior seems odd, did you specify your custom domain as the callback URL at microsoft login? Also did you use https when adding the callback URL to microsoft login?

I do not control the callback URL, its your UI page doing that and getting the oidc callback

the final callback was ot my app URL, never got there

Yes the callback is handled by Ory, but the URL still needs to be given to Microsoft. You can swap out the &lt;https://&lt;project-slug&gt;.<http://projects.oryapis.com/self-service/methods/oidc/callback/microsoft|projects.oryapis.com/self-service/methods/oidc/callback/microsoft>&gt; URL with your custom domain <https://auth.custom-domain.com/self-service/methods/oidc/callback/microsoft> when providing the URL to Microsoft.