I’m currently attempting to import some users from a legacy system into Auth0. I am having some difficulties generating the necessary JSON files. Here is an example of the file generated for a test user.
[{"email":"bob.training@proliensearch.com","email_verified":true,"given_name":"Bob","family_name":"Training","name":"Bob Training","custom_password_hash":{"algorithm":"sha1","hash":{"value":"***","encoding":"base64"},"salt":{"value":"5evy5hKqoeGPTIh76uFLRg","encoding":"base64","position":"prefix"},"password":{"encoding":"utf8"}}}]
The user is added, however we get the error Verification failed for the provided custom_password_hash
I’m encoding the hash and salt as base64url.
Hey @cameran.dodge! Welcome to the community!
It looks like you may be missing a few things that are important for custom hashed passwords, such as hash digest
and key
. Could you please add these and try again? I don’t know for sure if these params are required, but since it’s verification failure, I’d try to supply them and see what happens.
1 Like
Hello, thank you for the response @art.rosnovsky.
Unfortunately from what I understand SHA1 does not use a digest key, and those parameters are only used if the hash method is HMAC. I don’t believe we have any information that could actually be used to fill out those parameters. Any other suggestions? Thanks in advance.
Ok, we finally solved the problem and the solution was two-fold. First, we were actually using this library, and so we determined that we were using PBKDF2-SHA1. We thought we formatted everything properly, and our hash/salt property looked something like this:
$pbkdf2-sha1$i=1000,l=32$5evy5hKqoeGPTIh76uFLRg$***"
However, as it turns out, the PHC string format does not play nice with base64url. It seems that it only wants you to remove the padding and whitespace from the base64 (usually just .Replace(‘=’, ‘’)).
In their words:
The B64 encoding is the standard Base64 encoding (RFC 4648, section 4) except that the padding =
signs are omitted, and extra characters (whitespace) are not allowed
1 Like