In Ory's software suite, hooks are a powerful feature that allow you to configure custom actions that run before and after certain events, such as user registration, login, profile updates, and more. These hooks can be used to implement custom business logic, automate system behavior, and integrate with third-party services. In Ory Kratos, hooks can be configured to run before and after a Registration Flow, Login Flow, or a profile update. This can be useful for implementing restrictions or other custom logic. For example, you might want to restrict registrations or logins to IPs coming from your internal network. You can read more about configuring hooks in Kratos in the [Hook Documentation](https://www.ory.sh/docs/kratos/hooks/configure-hooks). In Ory Hydra, hooks are referred to as "Actions in Ory OAuth2 & OpenID Connect". You can learn more about these actions in the [OAuth2 webhooks guide](https://www.ory.sh/docs/hydra/guides/claims-at-refresh). Ory Actions, which are a type of hook, provide a flexible way to extend the capabilities of the Ory Network. They can be used to define custom business logic, automate system behavior in response to events, and integrate with third-party services such as CRM platforms, payment gateways, business analytics tools, and integration platforms. Actions can be written in any programming language and triggered through events such as user registration or users resetting their passwords. As for self-hosting, yes, hooks are available in self-hosted instances of Ory's services. When adding social sign-in providers manually in a self-hosted Kratos configuration, for example, you need to add the

session

hook to

after/oidc/hooks

to prevent users from having to log in again after signing up.

yaml selfservice:     flows:       registration:         after:           oidc:             hooks:               - hook: session

If you encounter any issues with self-hosting Ory's services, Ory offers [support plans](https://www.ory.sh/support/) specifically tailored for self-hosting organizations.

Yes, the

session

hook is provided by Ory. It is used to sign in the user immediately after they create an account. This hook is particularly useful in the registration flow, where it can be used to automatically issue a session after successful registration, thus improving the user experience by eliminating the need for the user to log in again after signing up. You can read more about the

session

hook in the [Ory documentation](https://www.ory.sh/docs/actions/session). In addition to the built-in hooks like

session

, Ory also allows you to define custom hooks, which are referred to as "actions". These actions can be used to extend self-service user flows and trigger any custom, external logic. For example, the

web_hook

action allows you to trigger external and custom logic and can be used with all flows and methods except error and logout. You can read more about the

web_hook

action in the [Ory documentation](https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks). Here's an example of how you might configure a custom hook in a self-hosted Kratos configuration:

yaml selfservice:     flows:       login:         after:           hooks:             - hook: my_custom_hook

In this example,

my_custom_hook

would be a custom hook that you've defined. Note that you would need to implement the logic for this custom hook yourself.

Yes, it is possible to make your application accessible only to a specific group of individuals and not make registration publicly available. You can achieve this by sending invitations to selected users. Here are the steps to invite users to an Ory-powered application: 1. Create a basic user account for the user you want to invite using their email address as the account identifier. 2. Trigger account recovery for the user account you created. 3. Get the recovery link from the API response and send it to the user's email address. 4. The user performs account recovery which forces them to define new credentials. 5. The user gets a fully functional account with the credentials they defined. Automating this process requires writing custom code that relies on the specifics of your implementation. You can read more about this process in the [Ory documentation](https://www.ory.sh/docs/kratos/manage-identities/invite-users). Additionally, you can use Ory Actions to enforce invite-only registration in your application. For example, you can trigger an action that checks if certain criteria are met before the registration flow starts. This can be useful for controlling the number of users that have access to your application and ensuring that only authorized users can register. You can read more about using Ory Actions in the [Ory documentation](https://www.ory.sh/docs/kratos/hooks/configure-hooks#actions-triggered-before-events).