Bulk importing Magento users to Auth0, how to handle password_hash?

I am trying to bulk import all of our Magento users into auth0, but I’m not sure how to format the password_hash for auth0 from the argon2id13 format of magento.

Here’s an example of the format that auth0 would want

"custom_password_hash": {
            "algorithm": "argon2",
            "hash": {
                "value": "$argon2id$v=19$m=65536,t=2,p=1$J6Q/82PCyaNpYKRELJyTZg$m04qUAB8rexWDR4+/0f+SFB+4XMFxt7YAvAq2UycYos"
            }
        }

And our magento password_hashes are something like

13a1e806c56a702e21e6568f65f21458ba32d7c1a884d5fc0a54dcfe75783989:AWHUeMyZzlNuuOvb:2

I tried formatting it like the following but that did not properly convert the password:

$argon2id$v=13$m=1024,t=2,p=1$AWHUeMyZzlNuuOvb$13a1e806c56a702e21e6568f65f21458ba32d7c1a884d5fc0a54dcfe75783989

I’m not sure what values to be putting for m, t, p, and I’m assuming what comes after the first semi colon in the Magento hash is the salt. Does anyone know how I should format that full hash?

Hi @ashwin1

Welcome to the Auth0 Community!

Are you using magento 2? This thread goes through a similar issue:

It looks like you can find the missing variables using the strategy outlined in this GitHub issue:

Hope this helps!

Thanks Dan, yes I am using magento 2. I don’t see auth0 mentioned in that thread or how to structure the hash in the format auth0 wants. Am I missing something there?

It looks like the SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE and SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE variables mentioned in the github issue may correlate with the iterations (t) and memory size (m), respectively.

I don’t have the tools set up to test this, but it may be helpful if you try and extract those variables to create your hash.