Hey 🙂 I have a question about registration after hook. Based on docs (here and here - section Expand to see an example of all properties of the

ctx

object for a registration flow) - identity should exist at that point in kratos, but from my tests user is not created and I get identity id =

00000000-0000-0000-0000-000000000000

. Is this a known bug? And if so how I can bind kratos user with my internal user entity after registration?

Hello Hubert, https://ory-community.slack.com/archives/C02MR4DEEGH/p1702390573843239?thread_ts=1702388542.763639&cid=C02MR4DEEGH should help 🙂

Also note that trigger precendence doc says that after action is when " user submits or completes the flow". So when user submits a flow is something different than completes the flow and I'm little bit confused.

The issue here is that because having the

response.parse

set to true, it calls the webhook AFTER registration BEFORE creating it in the database, as the webhook response modifies the identity first. (feedback from Ory)

Another option would be creating two different hooks as post-registration.

Or putting differently I need both user entities (in kratos and my system) to exist before I allow to login into my app

On my side, I used a

parse: false

for a post-registration action and used a post-login hook to ensure the account <> identityId mapping within our internal db

I see, this looks like a solution, although a bit wired I have to say 😄

Yes indeed but I don't think there should be a more appropriate / standard way regarding the documentation (as far as I know - which is not that far actually 🙂)

@careful-rain-13694, I'm gonna test a few setups here, but I'm really grateful for your help and pointing me in the right direction. Thank you so much 🙏

hey @silly-belgium-72317 we had the exact same issue, and we solved it with 2 webhooks

@dazzling-napkin-4938 how did you solve the issue with user<>identity mapping? Let me show you a flow and what I mean by that: 1. User submits the registration flow 2. Pre registration hook (parse: true, pre identity creation) is sent 3. User is created in my db but the identity id is null, I have email tho 4. 200 is returned 5. Identity is created (in kratos) and there's an id given (identity id) Now there are multiple options but basically, all comes to "linking" user with identity - it can be based on email which is present in both user and identity but I feel this is something that should be avoid because email is "kinda" not contacts. So I thought ok, I need an unique id generated by my backend and store that in identity.private metadata and once user first login into my app and I see that user.identity_id is set to null I get the unique id from private metadata and I match based on this id. This seems to me like a correct flow, but at the same time, it's so tempting to match based on email...

our kratos config looks like this:

registration:
      after:
        hooks:
          - hook: web_hook
            config:
              url: <http://example.com/create-member>
              method: POST
              body: <base64://YOUR> BASE 64 STRING
              response:
                ignore: false
                parse: true 
          - hook: web_hook
            config:
              url: <http://example.com/update-kratos-id>
              method: POST
              body: YOUR BASE 64 BODY 
              response:
                ignore: false
                parse: false

It look like a flow that is so common that it should be supported out of the box. Another good approach would be if a backend can return an identity.id and kratos uses it, but this requires change on the main kratos schema from uuid to string (identity.id) and with that change I have a single user id in both my and kratos db

amazing I had exactly the same problem yesterday. and have the same solution... 🙂

This is blocking us as well, where we would expect to get the

identity.id

in a post-registration hook and do the provider-mapping inside our own application.