https://www.ory.sh/ logo
Join Slack
Powered by
Hey <@U04UQ68083H> I want to find some session inf...
# ory-copilot
h
Hey @chilly-king-10285 I want to find some session info for example authenticated_at. How can i get this via webhook?
b
A message from kapa.ai
To retrieve session information such as 
authenticated_at
via a webhook, you need to ensure that your webhook receives the session object from Ory. The session object contains fields like 
authenticated_at
, 
expires_at
, and more. However, the knowledge sources do not explicitly describe a built-in Ory webhook that directly sends session data (such as 
authenticated_at
) to your endpoint on every session event. Instead, Ory provides APIs to fetch session information, and you can use these APIs in your webhook handler or backend logic. For example, you can use the 
/sessions/whoami
endpoint to get the current session, which includes the 
authenticated_at
field:
Copy code
bash curl 'https://$<http://PROJECT_SLUG.projects.oryapis.com/sessions/whoami|PROJECT_SLUG.projects.oryapis.com/sessions/whoami>' \   -H 'Accept: application/json' \   -H 'Cookie: ory_kratos_session=<session-cookie>'
The response will include:
Copy code
json {   "id": "...",   "active": true,   "authenticated_at": "2023-02-03T15:41:22.963917Z",   ... }
[Session Checks Example](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#session-checks) If you want to trigger a webhook when a session is created or updated, you would need to configure Ory Actions or use your own backend to listen for such events and then call the session API to fetch the details. The knowledge sources do not provide a direct example of a webhook receiving session data automatically. Summary: - Ory exposes session info (including 
authenticated_at
) via its API. - To get this info in a webhook, you typically need to call the session API from your webhook handler. - There is no direct mention in the knowledge sources of Ory sending session data to a webhook automatically. If you need more details on how to set up Ory Actions or webhooks for session events, please let me know!
h
@chilly-king-10285 Please explain the following flow configuration and tell me that when the login hooks are called? Are they called after creating session? If yes then how can i send the session via hook:
Copy code
flows:
    login:
      lifespan: 2h
      after:
        hooks:
          - hook: web_hook
            config:
              # url: <http://localhost:10805/foo?flow=login> # sets via SELFSERVICE_FLOWS_LOGIN_AFTER_HOOKS_0_CONFIG_URL
              method: "POST"
              body: file:///app/hook.segment_identify.jsonnet
              response:
                ignore: true
          - hook: web_hook
            config:
              # url: <http://localhost:10805/foo?flow=login> # sets via SELFSERVICE_FLOWS_LOGIN_AFTER_HOOKS_1_CONFIG_URL
              method: "POST"
              body: file:///app/hook.segment_identify.jsonnet
              response:
                ignore: true
        password:
          hooks:
            - hook: web_hook
              config:
                # url: <http://localhost:10805/foo?flow=login> # sets via SELFSERVICE_FLOWS_LOGIN_AFTER_PASSWORD_HOOKS_0_CONFIG_URL
                method: "POST"
                body: file:///app/hook.segment_identify.jsonnet
                response:
                  ignore: true
            - hook: web_hook
              config:
                # url: <http://localhost:10805/foo?flow=login> # sets via SELFSERVICE_FLOWS_LOGIN_AFTER_PASSWORD_HOOKS_1_CONFIG_URL
                method: "POST"
                body: file:///app/hook.segment_identify.jsonnet
                response:
                  ignore: true
            - hook: require_verified_address
b
A message from kapa.ai
Let's break down your configuration and answer your questions based on the knowledge sources: ### 1. Flow Configuration Explanation Your configuration sets up after login hooks for the login flow, both globally (for all methods) and specifically for the 
password
method:
Copy code
yaml flows:   login:     lifespan: 2h     after:       hooks:         - hook: web_hook           config:             method: "POST"             body: file:///app/hook.segment_identify.jsonnet             response:               ignore: true         - hook: web_hook           config:             method: "POST"             body: file:///app/hook.segment_identify.jsonnet             response:               ignore: true       password:         hooks:           - hook: web_hook             config:               method: "POST"               body: file:///app/hook.segment_identify.jsonnet               response:                 ignore: true           - hook: web_hook             config:               method: "POST"               body: file:///app/hook.segment_identify.jsonnet               response:                 ignore: true           - hook: require_verified_address
- The 
after.hooks
section applies to all login methods unless overridden. - The 
after.password.hooks
section applies only to the password login method and overrides the global 
after.hooks
for password logins. - Each hook is a webhook that will POST to your configured endpoint with the specified body. ### 2. When Are Login Hooks Called? Login hooks are called after the user is successfully authenticated, but before the session is issued. This is explicitly stated in the documentation: > The hook runs when the user is successfully authenticated, before the system issues an Ory Session. [Action triggers](https://www.ory.sh/docs/kratos/hooks/configure-hooks#action-triggers) ### 3. Can You Send the Session via the Hook? No, you cannot send the session via the hook, because the session does not exist yet when the after-login hooks are executed. Since the hooks run before the session is created, the session object (including fields like 
authenticated_at
) is not available to be sent in the webhook payload. This is a key design point in Ory Identities: > The hook runs when the user is successfully authenticated, before the system issues an Ory Session. [Action triggers](https://www.ory.sh/docs/kratos/hooks/configure-hooks#action-triggers) ### Summary - Login after hooks are called after authentication, but before the session is created. - You cannot send session data (like 
authenticated_at
) in these hooks because the session does not exist yet at this point in the flow. If you need to act on session data, you would need to trigger your logic after the session is created, which is not possible with the standard after-login hooks as per the current Ory design and documentation.
h
Hi @chilly-king-10285 how do i know the session is created or update from kratos? Is there any hook which would trigger after creation or udate of session?
b
A message from kapa.ai
Based on the knowledge sources, Ory Kratos does not provide a hook that is triggered specifically after the creation or update of a session. The available hooks for the login flow (the point at which a session would be created) are executed before the session is issued, not after. This means you cannot use a Kratos hook to directly react to the creation or update of a session or to access the session object in a webhook payload at that point [Action triggers](https://www.ory.sh/docs/kratos/hooks/configure-hooks#action-triggers). However, Ory Network does emit live events such as 
SessionIssued
(when a new session is initiated) and 
SessionChanged
(when a session is updated). These events can be consumed via the Ory Actions live event stream, which allows you to track when sessions are created or updated [Event names](https://www.ory.sh/docs/actions/live-events#event-names). Summary: - There is no Kratos hook that triggers after session creation or update. - You can detect session creation or update by subscribing to the Ory Network live event stream for 
SessionIssued
and 
SessionChanged
events. If you need to perform actions after a session is created or updated, consider using the Ory Actions live event stream rather than relying on Kratos hooks.
h
Hi @chilly-king-10285 what type data that i can get from 
SessionIssued
and 
SessionChanged
via eventAttributes?
b
A message from kapa.ai
The knowledge sources state that Ory emits events such as 
SessionIssued
and 
SessionChanged
via its live event streams, and these events include an 
eventAttributes
field. However, the exact content and schema of the 
eventAttributes
field for these session events is not documented and is not considered stable. The documentation explicitly notes: > The exact content in the 
eventAttributes
field is not documented and not considered stable. That means that no backwards compatibility guarantees are made for them. If you need a detailed schema or stability guarantees about the 
eventAttributes
field, you are advised to [open a support ticket](https://console.ory.sh/support/) [Live event streams](https://www.ory.sh/docs/actions/live-events). Summary: - The specific data you can get from 
SessionIssued
and 
SessionChanged
events via 
eventAttributes
is not documented in the knowledge sources. - The structure and keys in 
eventAttributes
may change and should not be relied upon for long-term integrations. If you require more details or a stable schema, you should contact Ory support as recommended in the documentation.
Open in Slack
PreviousNext
Powered by