Hi 👋 I'm trying to configure a token_hook for an Ory network project as described in the documentation and getting the following error. Is there something I'm missing?

$ ory patch oauth2-config $PROJECT \
  --add '/oauth2/token_hook/url="<https://my-example.app/token-hook>"' \
  --format yaml

I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf] oneOf failed
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/0/type] expected string, but got object
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/1/$ref] doesn't validate with "#/definitions/webhook_config"
    I[#/oauth2/token_hook/auth] S[#/definitions/webhook_config/properties/auth] validation failed
      I[#/oauth2/token_hook/auth/config/in] S[#/definitions/webhook_config/properties/auth/properties/config/properties/in/enum] value must be one of "header", "cookie"
      I[#/oauth2/token_hook/auth/type] S[#/definitions/webhook_config/properties/auth/properties/type/const] value must be "api_key"

Hi @early-oil-83208 It seems the documentation is incorrect and is missing the

config

path.

ory patch oauth2-config $PROJECT \
  --add '/oauth2/config/token_hook/url="<https://my-example.app/token-hook>"' \
  --format yaml

Ah, thank you for the quick reply! A follow-up question if you don't mind? I tried this change, and the command succeeds, but I can't see the change in configuration, either by doing

ory get oauth2-config...

or via the UI Is there a way to see this configuration change?

Actually my assumptions are incorrect. I've also been testing it now and it seems that it's trying to validate with the webhook config which doesn't seem correct to me.

Thanks again for the quick responses. At the moment I'm just testing some things out, so it's not a big inconvenience. Out of curiosity, is it possible to set this through the rest api, or would it have the same issue? https://www.ory.sh/docs/reference/api#tag/project/operation/patchProject

You would have the same issue, since the CLI is using the API under the hood

Hi, sorry one more question for now, if you don't mind? I set the url (with the other config properties) and as you showed above, and can see if when I get the

oauth2-config

via the cli. The URL doesn't actually seem to be called though. Any way to verify it, or something I should look out for to troubleshoot?

hmm, it should work when the client does the code exchange - a POST to the

/oauth2/token

endpoint. I would need to check, maybe the config workaround is causing some other issues.

Hi @proud-plumber-24205 thanks for the update, I had tried everything I could think of and was out of ideas. I'll track the issue now, thanks.

Hi, if you just want to set the URL, I think `

ory patch oauth2-config $PROJECT \
  --add '/oauth2/token_hook="<https://my-example.app/token-hook>"' \
  --format yaml

should do it. Let me know if that works.

Hi @narrow-van-43826, it doesn't seem to unfortunately. If I remove it with

ory patch oauth2-config $PROJECT --remove '/oauth2/token_hook'  --format yaml

and set again with your command, then the command is successfully, but the url isn't actually set. I get the same failure as at the start of the thread.

ok thanks, that helps. I'll investigate more today.

It works now, both setting the value and calling the webhook. 🎉 Thanks for the quick fix!