Is there a way to get the identity ID in an after ...
# ory-networkw
wide-dawn-74672
04/14/2023, 11:30 AMIs there a way to get the identity ID in an after registration webhook with can_interrupt? ID shows as 00000000-0000-0000-0000-000000000000
r
refined-kangaroo-48640
04/14/2023, 2:43 PMIf the webhook is interrupting, it is dispatched before the identity is persisted. Hence, it does not have an ID yet.
w
wide-dawn-74672
04/14/2023, 2:49 PMAny recommendation on how to achieve a bidirectional mapping?
We want the Ory identity to point to an internal ID and have the internal record point to the Ory ID.
Wee use interrupting webhooks so that during registration we can persist the internal ID in the Ory identity, but since the Ory ID is empty we can't persist that in the internal record. Lets say we don't use interrupting webhooks then the Ory ID is set and we can persist it in the internal record, but then we need to separately patch the the identity to store the internal ID. The issue with this is that it is not 'atomically', potentially causing not fully mapped records.
wide-dawn-74672
04/14/2023, 2:50 PMWould be nice if the Ory ID is determined before the persist and also available in PrePersistRegistration hooks
r
refined-kangaroo-48640
04/14/2023, 2:52 PMYou could use two hooks: one interrupting which adds your internal ID to Ory, and one non-interrupting which you use store Ory’s ID in your system.
w
wide-dawn-74672
04/14/2023, 2:53 PMone non-interrupting which you use store Ory's ID in your system.wide-dawn-74672
04/14/2023, 2:54 PMWe want to avoid that over-time for whatever reason we get an inconsistent state due to transient errors like this
r
refined-kangaroo-48640
04/14/2023, 2:54 PMYou have a similar problem already. Persisting the identity on Ory’s side could fail after the interrupting webhook returns and you have modified your internal records.
w
wide-dawn-74672
04/14/2023, 2:55 PMFair point haha 😄
wide-dawn-74672
04/14/2023, 2:56 PMThe first design I created we weren't doing this bidirectional mapping for this reason but only storing the internal ID in Ory.
wide-dawn-74672
04/14/2023, 2:56 PMDo you have any opinion about in which direction way we can best map in the generic case?
wide-dawn-74672
04/14/2023, 2:57 PMThere is some advantage in having a single mapping direction / single source of truth
r
refined-kangaroo-48640
04/14/2023, 3:09 PMThere is no general answer, it depends on your use case.
If you find that a two-way mapping is the best solution for your system design, go for it.
Since Ory does not support two-phase commits (and never will 😅 ), it is impossible to entirely eliminate such temporary inconsistencies. If you are concerned about inconsistencies, you could have a job which syncs the metadata periodically and re-establishes the mapping asynchronously.
refined-kangaroo-48640
04/14/2023, 3:11 PMWould be nice if the Ory ID is determined before the persist and also available in PrePersistRegistration hooksThat might be possible in principle, but would require some non-trivial work.
w
wide-dawn-74672
04/14/2023, 3:13 PMWould be a nice feature though to have ID available in interrupting registration hook.
wide-dawn-74672
04/14/2023, 3:13 PMThank you for your views, really appreciate it!
r
refined-kangaroo-48640
04/14/2023, 3:14 PMYou’re quite welcome. Enjoy the weekend.
🙌 1
w
wide-dawn-74672
04/14/2023, 3:14 PMThanks you too!
l
loud-restaurant-89371
04/22/2023, 1:33 PMI just ran into the exact same problem, and data integrity is extremely important in my project, where I need the identity information immediately in my database.
My solution was the following: Since we require email address verification for login, I moved the sync hook into both the recovery and verification flow (both can be used to verify an email address). Thus it is guaranteed that when a user is able to access our system, we can be certain that we have their user record in our database as well.
👍 1
8 Views