Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi everyone :wave:

I am using the <https://www.ory.sh/docs/guides/integrate-with-ory-cloud-through-webhooks#webhook-response-handling|webhook response handling> capability in Kratos as I want to determine a user's Github organizations before letting them register. I was hoping that in the webhook I could make an API call to Github (using their OIDC Token), and respond with a 403 if the expected organization wasn't present. However (of course) the user isn't created in the Kratos database, so the identity of the user at that point is technically `00000000-0000-0000-0000-000000000000` and I can't contact Kratos in the webhook to get the OIDC token.

Is there some way that I can either:
• Give the webhook the ability to make Github API calls on behalf of the user (given they have completed the OIDC flow with Github as part of Kratos registration)
• Get the user's Github organizations some other way (I am not getting the organizations in the `claims`)