Hi I have problems adding an oauth2 webhook to extend the id Ory Community #ory-network

Hi, I have problems adding an oauth2 webhook to ex...

miniature-waitress-95147

05/03/2024, 4:59 PM

Hi, I have problems adding an oauth2 webhook to extend the identity claims as mentioned in https://www.ory.sh/docs/hydra/guides/claims-at-refresh#configuration Is there a known problem in the current (0.3.4) cli for windows?

Copy code

ory patch oauth2-config xxxaa3cb-xxxx-yyyy-a6df-xxxyyyfeef89 --add '/oauth2/token_hook="<https://YOUR-WEBHOOK-ENDPOINT>"'
Error: value for /services/oauth2/config'/oauth2/token_hook/url must be valid JSON but got: <https://YOUR-WEBHOOK-ENDPOINT>'

update: solved for me by using double quotes

Copy code

ory patch oauth2-config xxxaa3cb-xxxx-yyyy-a6df-xxxyyyfeef89 --add "/oauth2/token_hook=\"<https://YOUR-WEBHOOK-ENDPOINT>\""

✅ 1

refined-kangaroo-48640

05/03/2024, 6:09 PM

Can you try with an auth header as described in that document?

miniature-waitress-95147

05/06/2024, 7:56 AM

@refined-kangaroo-48640 I tried, but with exactly the same result. So currently I am stuck. Don't know if it's important, but currently I am working with a dev account.

miniature-waitress-95147

05/06/2024, 9:17 AM

I don't know why single quotes are the problem here, but it "works" in this form:

Copy code

ory patch oauth2-config xxxaa3cb-xxxx-yyyy-a6df-xxxyyyfeef89 --add "/oauth2/token_hook=\"<https://YOUR-WEBHOOK-ENDPOINT>\""

The requested action was forbidden

So to change these properties or to setup an oauth2 webhook is not allowed within a developer account? Pricing page says "Actions and Webhooks" = (/) for dev accounts.

refined-kangaroo-48640

05/06/2024, 11:16 AM

No this is not a paywall. The token hook works for free projects

refined-kangaroo-48640

05/06/2024, 11:17 AM

Make sure the project id is correct

miniature-waitress-95147

05/06/2024, 12:00 PM

Thanks @refined-kangaroo-48640! Actually I don't know which project-id I used for my tests, but it wasn't the right one 😉 In addition I needed to remove the /url suffix as correctly stated in the docs (updated in chat).

refined-kangaroo-48640

05/06/2024, 6:16 PM

So it works now?

miniature-waitress-95147

06/03/2024, 10:26 AM

Yes, it is working BUT there is a follow-up problem now, when using no authentication. Validation seems to fail for every other patch of the config. One Workaround is to remove, patch other settings and add the hook again. Perhaps this is solved when adding the token hook with authentication, but the "no authentication" example from the documentation will have this problem.

Copy code

$ ory patch oauth2-config xxxd4307-yyyy-zzzz-a4f0-xxxyyy5b729e --replace "/oidc/dynamic_client_registration/enabled=true"
I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf] oneOf failed
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/0/type] expected string, but got object
  I[#/oauth2/token_hook] S[#/properties/oauth2/properties/token_hook/oneOf/1/$ref] doesn't validate with "#/definitions/webhook_config"
    I[#/oauth2/token_hook/auth] S[#/definitions/webhook_config/properties/auth] validation failed
      I[#/oauth2/token_hook/auth/type] S[#/definitions/webhook_config/properties/auth/properties/type/const] value must be "api_key"
      I[#/oauth2/token_hook/auth/config/in] S[#/definitions/webhook_config/properties/auth/properties/config/properties/in/enum] value must be one of "header", "cookie"

12 Views

Open in Slack

Previous Next