Hi, @magnificent-energy-493 suggested that I should use Ory actions/hooks and not the admin api. So i went into this and tried but it just does not work for me. I need to create a pre or post registration hook to create a user in my own database and use the userId as a trait in the kratos identity. Creating this user before proceeding with the registration should be the better approach but i do not get any error messages when doing that, so i am trying it with the after hook. My kratos yaml flow for registration looks like: registration: lifespan: 10m ui_url: http://127.0.0.1:4455/registration after: password: hooks: - hook: web_hook config: url: http://host.docker.internal:8080/v1/auth/signup method: POST body: file:///etc/config/kratos/hooks/pre-registration.jsonnet can_interrupt: true And the jsonnet file is just function(ctx) { traits:{ email: ctx.identity.traits.email, firstname: …, }, } So i get the error like error while parsing webhook response: got no validation errors. The endpoint actually should return an userId, which it does if i use postman. Is there anything i need to include in the response?

Probably a docker issue. Try out your webhook with https://webhook.site/ first. The Jsonnet looks good

Webhook.site - Test, process and transform emails and HTTP requests Instantly generate a free, unique URL and email address to test, inspect, and automate (with a visual workflow editor and scripts) incoming HTTP requests and emails

You should use something different than traits for authorization. The traits can always be read and modified by the user. Best use Ory Keto aka Ory Permissions. But you could also use metadata, that is not best practice but it works for basic usecases.

Before I checked Ory Krato I had my own jwt solution where i used the claims to store the userId, companyId and role of the user for authorization and for database queries since every client request needs to deliver those. I had a middleware to take care of that. Now moving to krato and keto, will I be able to do something similar in a secure manner where these informations cannot be changed by the user and also not accessed - at least the userid and companyid? Of course i do not need to use a jwt approach- something similar easy to implement would be enough.