BrandonNoad

No rush @aeneasr, it is not an urgent request. But I had noticed the limitation and wanted to jot it down.

> When both password (or oidc or webauthn) and generic hook sections are present in the config, the generic section is silently ignored. Just to clarify, if both "password" and...

> The updated identity data is passed The updated identity data is passed even though the identity hasn't actually been updated yet since it runs "pre-persist"?

> introduce the after_failure webhook and integrate your throttle/block webhook on both events, after_failure and after_login I think this is the best approach. Although we use Ory Network and its...

Also, the LoginFlow contains the messages for both the refresh and the aal2 scenarios 

Yes, we are currently ignoring `flow.refresh` when `flow.requested_aal === 'aal2'`. But I wasn't sure if we might be ignoring a valid case that could lead to bugs in the future.

Correct. Or maybe a toggle for each page so you fallback to the Account Experience for pages you haven't customized yet.

Is there a way to configure/implement this so you can have a single OIDC provider that works for multiple WorkOS organizations?

> Are you saying that this would be preferred? We use Ory and WorkOS. But we have ~200 WorkOS Organizations/Connections. Having 200 different OIDC login buttons isn't practical (for us)....