Overview
This article explains a limitation of the Auth0 Bulk User Import feature when migrating users with a custom password hashing algorithm. The import process does not support hashes constructed with a salt value that is concatenated to both the beginning and end of the password.
Applies To
- Bulk User Import
- Custom Password Hashing
Cause
The Auth0 Bulk User Import tool’s salt.position property only accepts prefix or suffix as values. The system is not designed to process a hash where the salt is used in both positions. An algorithm that computes a hash where the salt is both prepended and appended to the password, such as in the following example, is not supported.
sha256(salt + password + salt)
Solution
The current implementation of the Auth0 Bulk User Import feature does not support custom hash algorithms where the salt is both prefixed and suffixed. This configuration is a known product limitation. A feature named ‘Universal Password Hash Support for User Import’ is in development to address this and other advanced hashing scenarios.