Problem with return_to and default_browser_return_url

[lukaszxion]

In this reference React/NextJS implementation the configured overrides default_browser_return_url are not used.

    registration:
      lifespan: 10m
      ui_url: http://127.0.0.1:3000/registration
      after:
        default_browser_return_url: http://127.0.0.1:3000/registration/activation

In a registration flow the redirect at the end of the flow happens only if the return_to query param is set.

The NodeJs reference implementation gets redirected (by HTTP 303 with Location header) just fine.
However, here the JSON property return_to in response for GET http://127.0.0.1:3000/api/.ory/self-service/registration/browser is not set from default_browser_return_url.

Is this a bug?
If this is the correct behaviour then where is it documented?
Should the frontend always set the return_to query param in all flows?

[jchen42703]

I don't have this issue with registration, but it's an issue with verification on my end.

Self-hosting and here's my contrib/kratos/cloud/kratos.yml:

version: v0.8.0-alpha.3

dsn: memory

serve:
  public:
    base_url: http://localhost:4455/
    cors:
      enabled: true
  admin:
    base_url: http://kratos:4434/

selfservice:
  default_browser_return_url: http://localhost:4455/
  allowed_return_urls:
    - http://localhost:4455

  methods:
    password:
      enabled: true

  flows:
    error:
      ui_url: http://localhost:4455/error

    settings:
      ui_url: http://localhost:4455/settings
      privileged_session_max_age: 15m

    recovery:
      enabled: true
      ui_url: http://localhost:4455/recovery

    verification:
      enabled: true
      ui_url: http://localhost:4455/verification
      after:
        default_browser_return_url: http://localhost:4455

    logout:
      after:
        default_browser_return_url: http://localhost:4455/login

    login:
      ui_url: http://localhost:4455/login

    registration:
      ui_url: http://localhost:4455/registration
      after:
        password:
          hooks:
            -
              hook: session

log:
  level: info
  format: text

secrets:
  cookie:
    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

identity:
  default_schema_id: preset://email
  schemas:
    - id: preset://email
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

I changed the quickstart.yml to not use Caddy/the self-service ui node:

version: '3.7'

services:
  kratos:
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
        read_only: false
      - type: bind
        source: ./contrib/quickstart/kratos/cloud
        target: /etc/config/kratos
  kratos-migrate:
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
        read_only: false
      - type: bind
        source: ./contrib/quickstart/kratos/cloud
        target: /etc/config/kratos

So, when I run the Next.js UI on port 4455, all redirects work except after entering the verification code.

The link in the mail server is also wrong:

http://localhost:4455/self-service/verification?code=224134&flow=8e3eba95-1287-4fa7-945f-51d93c03a02c just leads to 404.

Fix:

I had the wrong source filepaths in my quickstart.yml (I had a separate folder for my configs contrib/kratos/custom-ui. Redirects now are properly updated! But, the mail server link still doesn't work :(

• If I set the mail server link to port 4433 (to point to the kratos API), then it works.

[github-actions]

Hello contributors!

I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue

• open a PR referencing and resolving the issue;
• leave a comment on it and discuss ideas on how you could contribute towards resolving it;
• leave a comment and describe in detail why this issue is critical for your use case;
• open a new issue with updated details and a plan for resolving the issue.

Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.

Unfortunately, burnout has become a topic of concern amongst open-source projects.

It can lead to severe personal and health issues as well as opening catastrophic attack vectors.

The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.

If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.

Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!

Thank you 🙏✌️