https://www.ory.sh/ logo
Join Slack
Powered by
Hey all, I’m nearly done implementing Kratos for o...
# talk-kratos
a
Hey all, I’m nearly done implementing Kratos for our web app, but I’m stuck on one final detail. When users are registering with Kratos, I need to be able to migrate their user account to Kratos which I’m doing so with the 
after
registration hooks. However, I can’t seem to get it to work. I’ll attach the config in the thread
Copy code
registration:
          enabled: true
          ui_url: <https://xxxxxxx/auth/register>
          after:
            hooks:
              - hook: web_hook
                config:
                  url: <http://go-gifts.default.svc.cluster.local:81/gifts/v2/auth/verify>
                  method: POST
                  body: <base64://ZnVuY3Rpb24oY3R4KSB7IHVzZXJfaWQ6IGN0eC5pZGVudGl0eS50cmFpdHMudXN>lcm5hbWUgfQo=
                  can_interrupt: true
                  response:
                    parse: true
                    ignore: false
              - hook: web_hook
                config:
                  url: <http://go-gifts.default.svc.cluster.local:81/gifts/v2/auth/upgrade>
                  method: POST
                  body: <base64://ZnVuY3Rpb24oY3R4KSB7IAogIHVzZXJfaWQ6IGN0eC5pZGVudGl0eS50cmFpdHM>udXNlcm5hbWUsCiAgaWRlbnRpdHlfaWQ6IGN0eC5pZGVudGl0eS5pZAp9Cg==
                  can_interrupt: true
                  response:
                    parse: false
                    ignore: false
The server never receives the hooks, but the Kratos logs say the hooks are run:
Copy code
{
  "audience": "application",
  "flow_method": "webauthn",
  "http_request": {
    "headers": {
      "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
      "accept-encoding": "gzip, deflate, br",
      "accept-language": "en-US,en;q=0.9",
      "cache-control": "no-cache",
      "content-length": "841",
      "content-type": "application/x-www-form-urlencoded",
      "cookie": [
        "csrf_token_28ce0582d3de9939dfe02106f11fad29f27023ce7106f8deb787dad119970f90=N0gR0+DnUjtB9qBbM7nVyzv+l7pqtfpVoSPOU8f2Av4=; ory_kratos_continuity=MTcwMTQzOTU3NXxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fKUMM9qx75JvnxWuhmL5I1ny0f2eF6E1Iuz-O_ExmZgB; csrf_token_8d490b1637aa0c7dd55ce579cfab434f0cf739a1d302d83fbaae6f66c3744f98=fw0X7A0QM5p/mEHntcY0x9x6pQ6KNo2CttmTr1uNx/g="
      ],
      "origin": "xxxxxxxxxxxxxxxx",
      "pragma": "no-cache",
      "referer": "<https://giift.dev.sillfamily.net/>",
      "sec-fetch-dest": "document",
      "sec-fetch-mode": "navigate",
      "sec-fetch-site": "same-site",
      "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15",
      "x-forwarded-for": "10.5.18.3",
      "x-forwarded-proto": "http",
      "x-original-forwarded-for": "10.5.10.14"
    },
    "host": "xxxxxxxxxxxxxxxxx",
    "method": "POST",
    "path": "/self-service/registration",
    "query": "flow=078ff456-9fe6-4904-8740-9b91cad3edb8",
    "remote": "10.244.1.1:34930",
    "scheme": "http"
  },
  "identity_id": "0dec7263-2a13-40af-96bb-dff0bf0c1602",
  "level": "debug",
  "msg": "Post registration execution hooks completed successfully.",
  "service_name": "Ory Kratos",
  "service_version": "v1.0.0",
  "time": "2023-12-01T15:25:59.493703089Z"
}
I get two logs saying one pre and one post hook runs: entry looks like this 
ExecutePostRegistrationPostPersistHook
however, no requests come to the server. If I move them under webauthn, they come to the webhook server, but they don’t contain the identity id
The jsonnet contains the following which I’ve verified as working when nesting under webauthn (just no identity id
Copy code
function(ctx) { 
  user_id: ctx.identity.traits.username,
  identity_id: ctx.identity.id
}
c
👋 Can you try setting 
config.response.parse
to 
false
? You should get the 
identityId
filled in in this case.
a
Okay so I put everything back in the 
webauthn
hook section and I will give it a go. I think now my API is supposed to respond with some validation messages… I’ll be back with results
Alright! I figured it out. It turns out you have to use the auth method as the webhook entry point. So I did use the section 
after.webauthn.hooks
I also had to add an additional input hidden field to my registration form with the name 
transient_payload
and serialize it’s value as a JSON string. Then in my jsonnet body parser I could access my legacy identifier using 
ctx.flow.transient_payload
.
Thanks @careful-rain-13694 for helping
2 Views
Open in Slack
PreviousNext
Powered by