Hello I’m running into a problem with the Ory network and showing a user the email verification screen after they register. I’ve configured our ory project using the instructions here to add the

show_verification_ui

hook to run after registration. The relevant part of our identity config then looks like

login:
      after:
        hooks: []
        oidc:
          hooks: []
        password:
          hooks:
          - hook: require_verified_address
        webauthn:
          hooks: []
      before:
        hooks: []
      lifespan: 30m0s
      ui_url: /ui/login    

    registration:
      after:
        default_browser_return_url: <https://editor.bbeng.dev>
        hooks: []
        oidc:
          hooks:
          - hook: show_verification_ui
          - hook: session
        password:
          hooks:
          - hook: show_verification_ui
        webauthn:
          hooks:
          - hook: show_verification_ui
          - hook: session

Notably I can’t seem to remove the “session” hook from the “oidc” and “webauthn” parts of the registration config. We are using Oauth2 to manage a user’s login state - with them starting the process by sending them to the Oauth2 authorization endpoint when they are not logged in. A user starts the signup by clicking the

Don't have an account? Sign up

link on the login ui. What happens When a user registers with this method they are redirected to our oauth redirect URL with a valid code which can be exchanged for an access_token for our APIs, without being prompted to validate their email address. This only is the behaviour on initial registration, if the user logs in again they are taken to the verification flow as I would expect. What I would expect to happen Before being redirect back to our application I would expect them to be prompted to validate their email address. I can work around this by detecting that the user has an unverified email address and sending them to login again, but this isn’t a particularly good user experience. Is there something I’ve misconfigured here or is this a bug on your end?

https://ory-community.slack.com/archives/C02MR4DEEGH/p1682988272512469 It wasn’t working for me either. Not sure if it is fixed yet.

^ @fast-lunch-54279 @bland-eye-99092 bump on this (or at least is there a better place to report it)?

@proud-plumber-24205 might have an answer?

@bland-eye-99092 probably knows. This comes up every now and then right?

I don’t remember this coming up before, I’d guess this has something to do with the interaction between the OIDC registration flow and after hooks and looks like a bug to me. Should be fairly straightforward to reproduce as well.

Thanks @bland-eye-99092 do you need any more from me to repro it on your end?

An issue in ory/kratos with the content of your original message would be great. Thank you!

If you have an ory network project to reproduce the issue easily that would be very helpful

Both are easily done - I’ll link the project when I create the issue.

@bland-eye-99092 was the fix you referred to here deployed? https://ory-community.slack.com/archives/C02MR4DEEGH/p1683034549439959?thread_ts=1682988272.512469&cid=C02MR4DEEGH

Yes, that is live. Before the fix you couldn’t set the hook, as it would’ve been blocked by our validation logic.

Here is the issue, I’ve liked given the ory project id in the issue description. LMK if I need to add anyone on your side to it. https://github.com/ory/kratos/issues/3320 I’ve also added a tiny repo with a client that shows the problematic behaviour https://github.com/blackbird-simon/ory-registration-verification-reproduction

Awesome that helps immensely, we’ll take a closer look soon.