Webhook problem in version v0.9.0-alpha

[hainguyenkt98]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Cloud project.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

Webhook not working in "password" method in register flow, oicd flow still works. It happens when I put "session" key on the head of "hooks" array, but when I move "web_hook" go to the head of the array, so it's working. This is only a temporary resolution.

Reproducing the bug

1. Set hooks in for "password" in the registration flow
2. Using both web_hook and session key
3. Put the "session" key on the top of the "hooks" array
4. Go to the registration form and manual register 1 account.
5. Tracking your web hook endpoint, it will not be received any request from kratos server.

Relevant log output

No response

Relevant configuration

registration:
  ui_url:
  after:
    oidc:
      hooks:
        - hook: web_hook
          config:
            url: <your-endpoint>
            method: POST
            body: file:///etc/config/body.jsonnet
            auth: 
              type: basic_auth
              config:
                user: 'user'
                password: 'password'
            response:
              ignore: false
        - hook: session
    password:
      hooks:
        - hook: session
        - hook: web_hook
          config:
            url: <your-endpoint>
            method: POST
            body: file:///etc/config/body.jsonnet
            auth: 
              type: basic_auth
              config:
                user: 'user'
                password: 'password'
            response:
              ignore: false

Version

v0.9.0-alpha from 1 to 3

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response

[aeneasr]

Thank you for the report! I believe the problem is that some hooks exit early, canceling any follow up hooks.

[carlbordum]

I am also affected by this :/

How does your body.jsonnet look?

[aeneasr]

@carlbordum the problem here is the order of the hooks, not the body JsonNet!

[carlbordum]

For me, this is also an issue regardless of order of the hooks

[aeneasr]

Then you’re facing a configuration issue most likely, please open a separate discussion or inquire on Slack, thanks!

https://github.com/ory/kratos/discussions

[Sytten]

This also affects global hooks. Currently I think they are put after the flow specific hooks so it's not possible to do something like:

        password:
          hooks:
            - hook: session
        oidc:
          hooks:
            - hook: session
        hooks:
          - hook: web_hook
            config:
              url: http://host.docker.internal:6000/webhook/kratos/registration
              method: POST
              body: file:///etc/config/kratos/webhooks/registration.jsonnet

And since it's not possible to put session in global hooks, it renders them pretty much useless.

[aeneasr]

Specific hooks will always override global hooks. They are not merged! If you do distinguish between the two, please define the webhook in both as well :)