return_to not honoured when registering (Login flow)

[aeneasr]

Discussed in https://github.com/ory/cloud/discussions/114

^{Originally posted by **thecodeassassin** July 5, 2022} Hi, We start the login flow like so: http://d3.local.maxroll.gg/.ory/self-service/login/browser?return_to=http://d3.local.maxroll.gg/?logged_in=1&after_verification_return_to=http://d3.local.maxroll.gg/?logged_in=1 After the user registers they are actually redirected to the root domain (https://maxroll.gg). I cannot really figure out why this is happening since we've not set that domain up anywhere. (no default post registration url etc).

[aeneasr]

The problem is that the registration / login links

https://github.com/ory/kratos-selfservice-ui-node/blob/261c65f0c0094057db55058761249a2844e68ffa/src/routes/login.ts#L29-L35

are respecting return_to, but only if it is in the URL available:

https://github.com/ory/kratos-selfservice-ui-node/blob/261c65f0c0094057db55058761249a2844e68ffa/src/routes/login.ts#L16

Instead, we should check the return_to value from the flow itself and use that. The value is available in the flow:

https://github.com/ory/kratos/blob/c8805b640323118f94c81fb0fc152e8f95d628f5/selfservice/flow/login/flow.go#L78

So basically we just need to generate the link here

https://github.com/ory/kratos-selfservice-ui-node/blob/261c65f0c0094057db55058761249a2844e68ffa/src/routes/login.ts#L59-L67

with the correct return_to value :)

[thecodeassassin]

There is another issue here. For OIDC registrations flows, the return_to is not respected.

When using the same OIDC flow for logins, everything works fine.

[Benehiko]

This should be fixed now https://github.com/ory/kratos-selfservice-ui-node/pull/243