Here are some thoughts on the use case. I don’t think there’s a “right” choice, but it’s good to know the alternatives, pros and cons.
OnTicketReceived event happens on every login (not just on signups), so if you plan to save the user there you will need to take into account that the user might have already been registered before. You can certainly access the
access_token when handling this event, take a look at Storing tokens for guidance.
The Pre-User registration hook seems suitable because it’s executed synchronously in the pipeline: the registration process will not finish until the hook ends execution. The Post-User registration, on the other hand, executes asynchronously so there’s no guarantee that the user record will be in the database by the time the user logs in.
As for the situation where the user can’t access the system because the registration process didn’t execute (regardless of where it is implemented), if this is a major concern I would recommend to architecture the system so that it is resilient to those events. As in “Does the user exist in the database? No? No worries, keep going!”.
If you decide to go with hooks and need authenticated access to the WebAPI, you should look into the client credentials grant model, which is suitable when a backend service (the hook) calls another backend service (the WebAPI). By following this model, you will provide the hook with a client id and client secret that the hook will be able to exchange for an access token to call your WebAPI.