search

ory / kratos-selfservice-ui-react-nextjs

A full reference implementation for designing your own login, registration, recovery, verification, ... pages using Ory Kratos' APIs.
https://www.ory.sh/
Apache License 2.0
135 stars 57 forks source link

Problem with return_to and default_browser_return_url #48

Open lukaszxion opened 1 year ago

lukaszxion commented 1 year ago

In this reference React/NextJS implementation the configured overrides default_browser_return_url are not used.

    registration:
      lifespan: 10m
      ui_url: http://127.0.0.1:3000/registration
      after:
        default_browser_return_url: http://127.0.0.1:3000/registration/activation

In a registration flow the redirect at the end of the flow happens only if the return_to query param is set.

The NodeJs reference implementation gets redirected (by HTTP 303 with Location header) just fine. However, here the JSON property return_to in response for GET http://127.0.0.1:3000/api/.ory/self-service/registration/browser is not set from default_browser_return_url.

Is this a bug? If this is the correct behaviour then where is it documented? Should the frontend always set the return_to query param in all flows?

jchen42703 commented 1 year ago

I don't have this issue with registration, but it's an issue with verification on my end.

Self-hosting and here's my contrib/kratos/cloud/kratos.yml:

version: v0.8.0-alpha.3

dsn: memory

serve:
  public:
    base_url: http://localhost:4455/
    cors:
      enabled: true
  admin:
    base_url: http://kratos:4434/

selfservice:
  default_browser_return_url: http://localhost:4455/
  allowed_return_urls:
    - http://localhost:4455

  methods:
    password:
      enabled: true

  flows:
    error:
      ui_url: http://localhost:4455/error

    settings:
      ui_url: http://localhost:4455/settings
      privileged_session_max_age: 15m

    recovery:
      enabled: true
      ui_url: http://localhost:4455/recovery

    verification:
      enabled: true
      ui_url: http://localhost:4455/verification
      after:
        default_browser_return_url: http://localhost:4455

    logout:
      after:
        default_browser_return_url: http://localhost:4455/login

    login:
      ui_url: http://localhost:4455/login

    registration:
      ui_url: http://localhost:4455/registration
      after:
        password:
          hooks:
            -
              hook: session

log:
  level: info
  format: text

secrets:
  cookie:
    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

identity:
  default_schema_id: preset://email
  schemas:
    - id: preset://email
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

I changed the quickstart.yml to not use Caddy/the self-service ui node:

version: '3.7'

services:
  kratos:
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
        read_only: false
      - type: bind
        source: ./contrib/quickstart/kratos/cloud
        target: /etc/config/kratos
  kratos-migrate:
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
        read_only: false
      - type: bind
        source: ./contrib/quickstart/kratos/cloud
        target: /etc/config/kratos

So, when I run the Next.js UI on port 4455, all redirects work except after entering the verification code.

The link in the mail server is also wrong:

http://localhost:4455/self-service/verification?code=224134&flow=8e3eba95-1287-4fa7-945f-51d93c03a02c just leads to 404.

Fix:

I had the wrong source filepaths in my quickstart.yml (I had a separate folder for my configs contrib/kratos/custom-ui. Redirects now are properly updated! But, the mail server link still doesn't work :(