https://www.ory.sh/ logo
Join Slack
Powered by
Hey Ory. It's just me again. I'm now debugging act...
# ory-network
c
Hey Ory. It's just me again. I'm now debugging actions (webhooks). I see no incoming requests from ory webhooks although I should, so, is there a way I can debug this? Like read the logs or find the errors on the ory side, for example?
I have this eerie feeling that maybe I messed up the jsonnet, although it should theoretically be correct!
h
Hey, I’m sorry to say not really yet 😞 We are working on ideas for better observability in the webhooks as we did with the email sending. If you feel that you can’t make any more progress and you tried everything, let us know and we can investigate in our logging system.
c
Well, that's just it, I'm kinda stuck right now. I've called the webhook destination manually, with the same token configured in Ory, and it works - however it seems ory does not call it. It may be due to the very simple jsonnet, it looks like this:
Copy code
function(ctx) ctx.identity.id
as the only thing I want it to pass is a string containing the identity id. If that's not the culprit, I'm at my wits end as to why the webhook is not being called
If you or anyone has the time to check it out, I can send you my project stub or whatever?
h
Can you show the full config you use?
And I think you’re missing some brackets, it should be:
Copy code
function(ctx) { user_id: ctx.identity.id }
c
Ah, so it's impossible to output just a string?
In that case, I'll rewrite it!
h
hm, you can play around with jsonnet here: https://jsonnet.org
c
The config is:
Copy code
login:
      after:
        default_browser_return_url: <https://app.igniteprocurement.com/>
        hooks:
        - config:
            auth:
              config:
                in: header
                name: Authorization
                value: REDACTED
              type: api_key
            body: <https://storage.googleapis.com/bac-gcs-production/0cbe81fa22f2811a75abae5b26fa473cecfdbf74b76d1cd9ba5b171eb18ccfdd40182e0574df3ee5bd8cc9fbd00f83a25b3ca0ccfb30bc61f9ff3fd0f2c805fc.jsonnet>
            can_interrupt: false
            method: POST
            response:
              ignore: false
              parse: false
            url: <https://authsidecar.igniteprocurement.com/api/v1/verify/login>
          hook: web_hook
Anyways, I'm gonna try with a struct rather than a string, and your jsonnet copied to a tee!
h
Hope it helps!
c
It's a no-go I'm afraid 😞
Shame
No incoming connections at all actually
h
hm, that’s quite strange. The login flow just passes?
What login flow do you use? Social or password?
c
I'm fairly certain it's password
And I'm also fairly certain the url is correct, in the config
m
Hello @curved-fountain-46946 would be happy to debug this with you, I have been playing around with webhooks a lot recently. This is a webhook that is working for me on registration:
Copy code
"config": {
                  "auth": {
                    "config": {
                      "in": "header",
                      "name": "apikey",
                      "value": "REDACTED"
                    },
                    "type": "api_key"
                  },
                  "body": "<https://storage.googleapis.com/bac-gcs-production/5ed8712539f6e5367f5a409d4f91b1c32eda1a7df52dcc1e339afe2f863bdb1b1b7c6d7afc9081def3a822d7259113f9047d6cf12b3bb9fe17577b46f7002c0c.jsonnet>",
                  "can_interrupt": false,
                  "method": "POST",
                  "response": {
                    "ignore": false,
                    "parse": false
                  },
                  "url": "<https://something.supabase.co/rest/v1/profiles>"
                },
                "hook": "web_hook"
              },
I have not tried using a single string instead of the struct, but that was not it right?
I just tried it out with login and webhook.site and worked fine, both with OIDC and pw login. Are you positive that nothing arrives at your URL?
r
@curved-fountain-46946 can you check this thread? Maybe that’s your problem. https://ory-community.slack.com/archives/C02MR4DEEGH/p1677145436617839
i
@curved-fountain-46946 we tested webhook locally using Ngrok. Give it a try...it was easy. You can talk to @calm-agent-17042 if u need any help.
c
Changing to a struct apparently made no difference, no
I do have a running webserver, and when I curl it, it does as it should, but it appears the webhook just doesn't trigger at all on login. No other hooks than the "after" one, and the access log of the webserver receives nothing 🤷🏻‍♂️
Well, it does when I curl, of course
It would be sweet to have some kind of introspection though, but I guess that's on the roadmap 😎
1
c
Hey @curved-fountain-46946, This was part of some of the config I used to get a basic webhook responding. Maybe this will help you in some way.
Copy code
selfservice:
  default_browser_return_url: /ui/welcome
  flows:
    registration: # or login, recovery, verification, settings
      after:
        hooks: [] # These acions are executed only if no more specific hooks in the `password` or `oidc` sections are defined
        password:
          # Actions in this section will be executed after registration (or login, settings) with a password
          hooks:
            - hook: web_hook
              config:
                url: <ngrok url that forwards to local running instance>
                method: POST
                body: base64:<add encrypted here>
                response:
                  ignore: false
                  parse: false
        oidc:
          hooks: []
c
The default_browser_return_url has no impact on the hook whatsoever, right? I mean, it shouldn't?
c
It shouldn't.
c
I hate to nag you guys too much about this, but do you reckon someone might be able to help me with some log reading here? It seems the post verify hook is called, but the post login one is not, and I have no idea why
They are virtually identical in the config
h
Sorry for the silence, I can look into this now
can you quickly send me your project slug or id?
found it
authsidecar.igniteprocurement.com @curved-fountain-46946?
c
Yeah!
h
hm that doesn’t seem to exist
c
Copy code
ping <http://authsidecar.igniteprocurement.com|authsidecar.igniteprocurement.com>

Pinging <http://authsidecar.igniteprocurement.com|authsidecar.igniteprocurement.com> [104.22.25.66] with 32 bytes of data:
Reply from 104.22.25.66: bytes=32 time=9ms TTL=59
Reply from 104.22.25.66: bytes=32 time=9ms TTL=59
Reply from 104.22.25.66: bytes=32 time=10ms TTL=59
Reply from 104.22.25.66: bytes=32 time=10ms TTL=59
The prod one
It responds to ping, it should totally exist
h
yeah but the hostname is not linked to ory 🙂
ok and which webhook in particular is not working? and which ones are?
c
I'm not sure about the settings one, but the login.after is definitely not doing anything
The post verification one actually seems to work
Which is weird, they are configured in just the same manner
h
ok, so the problem is that specific hooks (password, oidc, …) take precedence over the one defined at the upper level
since login.after.password.hooks is set to “require_verified_address” it overrides the “global” login hook, which is why the web hook is not triggered
if you put the webhook on the same level as “require_verified_address” or if you delete require_verified_address it should work
c
Ooh, so it's the require-verified-address one that takes precedence?
God damn
That was not entirely intuitive, but I guess I was told so earlier
h
at least that’s what i think is happening
c
Yeah, I'll try the other ones! I'll keep you posted
2 Views
Open in Slack
PreviousNext
Powered by