For the situation described I would consider enabling the User Migration option of the Wordpress plugin. It enables two additional endpoints exposed by the plugin that could then be called from a custom database connection simply through HTTP request.
The above does require a bit more configuration side on the Auth0 side of things, but would save you the hassle of the low-level password hash comparison. The process should be the following:
- ensure the client application associated with the Auth0 plugin is created in Auth0.
- configure a custom database connection with requires username, migration enabled and associate it the client application above.
- enable the migration option in the plugin (it will warn you that it cannot configure thing automatically so you’ll have to do it manually).
- configure the custom database scripts using the template available here.
You’ll have to replace some placeholders on the templates above, in particular, {THE_WS_URL}
and {THE_WS_TOKEN}
. For the token related one you can get the value from the plugin interface after you enabled the migration option. The URL related ones will be specific to each script and based on the source code of the plugin it should be [wordpress_home_url]/index.php?a0_action=migration-ws-login
for the login one and [wordpress_home_url]/index.php?a0_action=migration-ws-get-user
for the get user. There may be an easier route to do this by going through the initial wizard, but I don’t have a WordPress instance at this moment so describing the manual steps from reviewing the code.