Hi :wave: I'm trying to configure a token_hook fo...
# ory-network
e
Hi 👋 I'm trying to configure a token_hook for an Ory network project as described in the documentation and getting the following error. Is there something I'm missing?
Copy code
$ ory patch oauth2-config $PROJECT \
  --add '/oauth2/token_hook/url="<https://my-example.app/token-hook>"' \
  --format yaml

I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf] oneOf failed
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/0/type] expected string, but got object
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/1/$ref] doesn't validate with "#/definitions/webhook_config"
    I[#/oauth2/token_hook/auth] S[#/definitions/webhook_config/properties/auth] validation failed
      I[#/oauth2/token_hook/auth/config/in] S[#/definitions/webhook_config/properties/auth/properties/config/properties/in/enum] value must be one of "header", "cookie"
      I[#/oauth2/token_hook/auth/type] S[#/definitions/webhook_config/properties/auth/properties/type/const] value must be "api_key"
p
Hi @early-oil-83208 It seems the documentation is incorrect and is missing the
config
path.
Copy code
ory patch oauth2-config $PROJECT \
  --add '/oauth2/config/token_hook/url="<https://my-example.app/token-hook>"' \
  --format yaml
💡 1
I'll quickly fix the documentation
gratitude thank you 1
e
Ah, thank you for the quick reply! A follow-up question if you don't mind? I tried this change, and the command succeeds, but I can't see the change in configuration, either by doing
ory get oauth2-config...
or via the UI Is there a way to see this configuration change?
p
Actually my assumptions are incorrect. I've also been testing it now and it seems that it's trying to validate with the webhook config which doesn't seem correct to me.
There seems to be a bug that the auth header is always required in the webhook.
Copy code
ory patch oauth2-config $PROJECT \
  --add '/oauth2/token_hook={"url":"<https://example.com>", "auth": {"type":"api_key", "config":{"api_key_name":"","api_key_value":"", "in":"header"}}}' 
  --format yaml
and setting the URL directing with the
/oauth2/token_hook/url
path is not supported at the moment due to the bug. I'll create a bug report for this, sorry for the inconvenience 🙏
You can keep track of the issue here https://github.com/ory/network/issues/357
gratitude thank you 1
e
Thanks again for the quick responses. At the moment I'm just testing some things out, so it's not a big inconvenience. Out of curiosity, is it possible to set this through the rest api, or would it have the same issue? https://www.ory.sh/docs/reference/api#tag/project/operation/patchProject
p
You would have the same issue, since the CLI is using the API under the hood
👍 1
e
Hi, sorry one more question for now, if you don't mind? I set the url (with the other config properties) and as you showed above, and can see if when I get the
oauth2-config
via the cli. The URL doesn't actually seem to be called though. Any way to verify it, or something I should look out for to troubleshoot?
p
hmm, it should work when the client does the code exchange - a POST to the
/oauth2/token
endpoint. I would need to check, maybe the config workaround is causing some other issues.
I'll take a look tomorrow morning if I can see anything
gratitude thank you 1
Hey @early-oil-83208 Sorry for the late reply, I had to talk about this with some of my colleagues. We would need to fix the feature, it is not in a working state due to the configuration mapping issues. We'll keep this issue up to date as we investigate and fix the feature https://github.com/ory/network/issues/357
e
Hi @proud-plumber-24205 thanks for the update, I had tried everything I could think of and was out of ideas. I'll track the issue now, thanks.
n
Hi, if you just want to set the URL, I think `
Copy code
ory patch oauth2-config $PROJECT \
  --add '/oauth2/token_hook="<https://my-example.app/token-hook>"' \
  --format yaml
should do it. Let me know if that works.
e
Hi @narrow-van-43826, it doesn't seem to unfortunately. If I remove it with
ory patch oauth2-config $PROJECT --remove '/oauth2/token_hook'  --format yaml
and set again with your command, then the command is successfully, but the url isn't actually set. I get the same failure as at the start of the thread.
n
ok thanks, that helps. I'll investigate more today.
gratitude thank you 1
Thanks again for the patience. I submitted a patch against Ory Network to fix this. I'll inform you when it is live. With that patch
Copy code
ory patch oauth2-config 9b69f5f5-8cc9-4fec-ae6d-0f77fed207ea --add '/oauth2/token_hook="<https://my-example.app/token-hook>"'
will work without passing any credentials. If you need to pass credentials, you still can with this format: https://www.ory.sh/docs/hydra/guides/claims-at-refresh#webhook-authentication
gratitude thank you 1
Should be done now, please try again.
e
It works now, both setting the value and calling the webhook. 🎉 Thanks for the quick fix!
🎉 1