https://www.ory.sh/ logo
Join Slack
Powered by
Hello, I am wondering if there's a way to forward ...
# general
b
Hello, I am wondering if there's a way to forward HTTP headers when using Kratos after login/registration hooks from the hook response to the client. Is this supported?
m
Hey @brash-librarian-74886 I am not sure about this, but maybe this helps: Ory Kratos does support the use of HTTP headers in the context of the 
session
after hook. When this hook is enabled, a 
Set-Cookie
HTTP Header is set alongside the HTTP 303 redirect after successful registration or login. This header contains the Ory Session Cookie, which is used for session management. Here is an example of the HTTP headers set by the 
session
after hook:
Copy code
HTTP/1.1 303 See Other  
Cache-Control: 0  
Location: <http://127.0.0.1:4455/>  
Set-Cookie: csrf_token=b8OebRPTPr5ow23mA5gIZmFNLeuMbv8pZz1jT1Ex7ys=; Path=/; Domain=127.0.0.1; Max-Age=31536000; HttpOnly  
Set-Cookie: ory_kratos_session=MTU5OTE2ODc2N3xEdi1CQkFFQ180SUFBUkFCRUFBQVJfLUNBQUVHYzNSeWFXNW5EQThBRFhObGMzTnBiMjVmZEc5clpXNEdjM1J5YVc1bkRDSUFJR055VlROMGRteHhSakJrUzBkbmRUUjBlVFY1V0RCRWFVTnJXVmR6V25oaHx2DICsB6IMbaHSQwnYITUZqr7Qx7CxUlnaneJWH495wQ==; Path=/; Expires=Fri, 04 Sep 2020 21:32:47 GMT; Max-Age=86400; HttpOnly; SameSite=Lax  
Vary: Cookie  
Date: Thu, 03 Sep 2020 21:32:47 GMT  
Content-Length: 0
Are those the headers you are looking for?
b
thanks for the reply @magnificent-energy-493 🙌 I was already aware of those headers but I have a situation (due to Sign with Apple transfer) where basically Apple will send a new 
sub
for a user so Kratos will create a new identity. Luckily I have some info that helps me identify it and what I'm doing is deleting the new account and patching the old one with the new 
sub
. The problem is that 
session
hook doesn't know about this and the session is not valid (expected). I'm just trying to improve a little bit the UX in my client, which I could improve if I could get a heather forwarded from the web_hook where I do this
m
I have a situation (due to Sign with Apple transfer) where basically Apple will send a new 
sub
for a user
So this happens on every login? Is this specific to your use case or something that Apple generally does here?
b
this is something particular to our situation. Basically we are transferring one app from one team to another and this is how apple handles this. It give us one extra field on the claims that allow us to correlate the new and old identities in Kratos side and this is one of our potential approaches. Will happen in every apple login
🤔 1
but only for new accounts that correlate with old accounts
just to give you the whole context. This is our plan B. We have a plan A in mind where we can potentially patch the old identities with the new 
sub
if we are able to know it before hand. But we still want to improve the plan B as much as possible in case we need it
m
Thanks for the context! This sounds reasonable, and happy to follow the process. I don't know a better way to do it now, would also have to do some testing.
17 Views
Open in Slack
PreviousNext
Powered by