Using registration after hooks to create user within our service

[adamstrawson]

For the Registration after hooks (Docs) the documented usecase below doesn't appear to be possible:

Registration actions allow you to automate behavior in response to users registering in your application. For example, you can use Ory Actions to automatically create a user account in your database or add the user to your mailing list.

The identity response in the hook doesn't contain key information, instead it just contains placeholder data, such as no identity ID etc, and so there isn't a way to be able to properly associate the Kratos Identity with our account service.

Is this intentional, or should I raise as a bug?

This is the response from a successful registration after hook.
As you can see, a handful of fields contain placeholder data (eg identity.id = 00000000-0000-0000-0000-000000000000)

{
   "identity": {
      "created_at": "0001-01-01T00:00:00Z",
      "id": "00000000-0000-0000-0000-000000000000",
      "metadata_public": null,
      "recovery_addresses": [
         {
            "created_at": "0001-01-01T00:00:00Z",
            "id": "00000000-0000-0000-0000-000000000000",
            "updated_at": "0001-01-01T00:00:00Z",
            "value": "<snip>",
            "via": "email"
         }
      ],
      "schema_id": "default",
      "schema_url": "",
      "state": "active",
      "state_changed_at": "2023-09-04T16:37:50.561876646Z",
      "traits": {
         "email": "<snip>"
      },
      "updated_at": "0001-01-01T00:00:00Z",
      "verifiable_addresses": [
         {
            "created_at": "0001-01-01T00:00:00Z",
            "id": "00000000-0000-0000-0000-000000000000",
            "status": "pending",
            "updated_at": "0001-01-01T00:00:00Z",
            "value": "<snip>",
            "verified": false,
            "via": "email"
         }
      ]
   }
}

What's the recommended way of using these hooks for being able to associate an new identity with our internal account service?

[adamstrawson]

Looking through the Kratos code, there appears to be two internal hooks

PostRegistrationPrePersistHooks & PostRegistrationPostPersistHooks. the PostPersist hook appears to contain the correct data, implying that selfservice.flows.registration.after.hooks runs as a PrePersist. How can I run this as a PostPersist?

[adamstrawson]

Solved by Krzysztof` on Slack. Sharing the response here incase anyone comes across this discussion.

I believe this is controlled by the

  response:
    parse: false

configuration option. Disallowing webhook response from modifying the identity should let it run after persist phase.

[aptgetgit]

Hey @adamstrawson thanks for the solution, just had a quick question on how are you managing fail case (error returned from your service on user creation)?
I have a similar situation, calling a web hook to create user within our service but was wondering, what if api call fails and retry also fails, what happens then ? How do you recover from that and what the user will see ?

[girish-io]

Hey @adamstrawson thanks for the solution, just had a quick question on how are you managing fail case (error returned from your service on user creation)?
I have a similar situation, calling a web hook to create user within our service but was wondering, what if api call fails and retry also fails, what happens then ? How do you recover from that and what the user will see ?

Any update on this? I'm interested in the recovery as well in case my service goes down. Is it possible to have kratos retry the API call to the webhook and can I specify how many retries?

[winterec]

A heads up to anyone else who is integrating this. The "global" level hooks are only run if there are no flow specific hooks of any type (not just webhooks). In my case because the code/password, etc flows had the -session hook, I also needed to duplicate the webhook definition to each of those.