Wrong redirect when using self-hosted Kratos #565
Description
Hello!
I'm not sure if I am doing something wrong, but it seems there is an assumption here that may not be correct in cases of self-hosted Kratos:
https://github.com/ory/elements/blob/fdabadf8cb2e0ec4fd9286a5277516f8fd69aa0c/packages/nextjs/src/utils/rewrite.ts#L32C1-L32C62
In my Kratos config, I have:
kratos:
kratos:
config:
serve:
public:
base_url: https://auth.example.com
cors:
allowed_origins:
- http://localhost:3042
- https://auth.example.com
selfservice:
default_browser_return_url: https://example.com
allowed_return_urls:
- http://localhost:3042/*
- https://example.com/*
methods:
webauthn:
config:
rp:
id: example.com
origin: https://example.com:443/auth/login
flows:
error:
ui_url: https://example.com/error
settings:
ui_url: https://example.com/settings
recovery:
ui_url: https://example.com/auth/recovery
verification:
ui_url: https://example.com/auth/verification
after:
default_browser_return_url: https://example.com
logout:
after:
default_browser_return_url: https://example.com
login:
ui_url: https://example.com/auth/login
registration:
ui_url: https://example.com/auth/registrationEvery time I start a flow, I get redirected to the UI URLs specified in the config, as-is.
In the linked code above, we can see it tries to match the base URL (let's say https://auth.example.com with the redirect https://example.com/auth/login). Of course, this do not match, it gives up and returns the URL as-is from the backend. It seems a bit weird to me that Ory HAS to be hosted on the same domain as the actual app handling the flows. I suppose this is something specific to the hosted version of Kratos/Ory services, and I also suppose the headers passed are supposed to mitigate this issue, but they do not have any effects in the self-hosted version, it seems.
I'm absolutely open to making a PR if required; I just want to make sure there was no oversight on my side first!
Thanks a lot.