OIDC flows doesn't respect return_to

[tozz]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

https://auth-app-stage.gilion.com/

Describe the bug

We are implementing our own UI and it works well for logging in, signing up, etc. However, we have scenarios where a user has previously signed up with email/password and then tries to connect using Google (as an example). Ory detects this and wants the user to verify the connection, however, it's not possible to direct that experience off of the Ory account experience and the user gets redirected to that login view instead of ours.

Reproducing the bug

We run a simple Next app and start up the Ory CLI using ory tunnel http://localhost:3000 --dev (the correct ENV is set pointing to the project) we then create a new browser flow with fetch (because the Ory JS client wasn't working for us, with a lot of weirdness going on), that flow is created using return_to=http://localhost:3000 (which is whitelisted in the project settings).
The network requests are then as follows;
POST to http://localhost:4000/self-service/login?flow=... with provider set. It redirects to Google to handle their process.
Google then sends the user to https://optimistic-snyder-xxx.projects.oryapis.com/self-service/methods/oidc/callback/google which in turns send the user to http://localhost:4000/self-service/methods/oidc/callback/google which in turn sends them to http://localhost:4000/ui/login, hence our issue.

Relevant log output

No response

Relevant configuration

No response

Version

0.3.1

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

None

Additional Context

No response