Bulk user import using bcrypt does not allow to login to Auth0 universal login

Help
,
1

I’m using this endpoint /api/v2/jobs/users-imports (Create import users job) for importing users and below is Json file.

After API call, users are created successfully but for some reason, I cannot log in to Auth0 universal login.

Original password is ‘migration1’.

2 to 3 weeks ago it worked using the salt for bcrypt and could log in to Auth0 but now I checked that bcrypt doesn’t allow salt property via manual. Allowing salt property for bcrypt has changed recently ? and if so then what should I do to provide salt for bcrypt. Currently just calling below API without salt does not allow to log in.

@@@@ user created but login fails : Username or Password incorrect error

[
  {
    "user_id": "381",
    "app_metadata": {
      "type": "object",
      "description": "Migrated data from ABC"
    },
    "username": "mike.migration",
    "user_metadata": {
      "username": "mike.migration",
      "email": "mike+migration@abc.com.au",
      "given_name": "Michael Jackson",
      "family_name": "Jackson",
      "description": "User Michael Jackson is migrated from ABC"
    },
    "email": "mike+migration@abc.com.au",
    "given_name": "Michae Jackson",
    "custom_password_hash": {
      "algorithm": "bcrypt",
      "hash": {
        "value": "$2a$10$bWMkmi.x9wjzkKSGmWC/FeBpmPFkCJlsJuwfuOLSD4g2jioNi.zu."
      },
    }
  },
  {
    "user_id": "382",
    "app_metadata": {
      "type": "object",
      "description": "Migrated data from ABC"
    },
    "username": "chris.migration",
    "user_metadata": {
      "username": "chris.migration",
      "email": "chris+migration@abc.com.au",
      "given_name": "Chris Migration",
      "family_name": "Migration",
      "description": "User Chris Migration is migrated from ABC"
    },
    "email": "chris+migration@abc.com.au",
    "given_name": "Chris Migration",
    "custom_password_hash": {
      "algorithm": "bcrypt",
      "hash": {
        "value": "$2a$10$Vawe/n0.iRr95GK2zSL3Be3Mt0ukNtn985lp3Fih4eRUd9CYee6gO"
      },
    }
  }
]

@@@@ “message”:“Additional properties not allowed: salt”
But it worked 3 weeks ago as far as I remember.
Json format is not the problem. moving one level up salt throws the same error.

[
  {
    "user_id": "381",
    "app_metadata": {
      "type": "object",
      "description": "Migrated data from ABC"
    },
    "username": "mike.migration",
    "user_metadata": {
      "username": "mike.migration",
      "email": "mike+migration@abc.com.au",
      "given_name": "Michael Jackson",
      "family_name": "Jackson",
      "description": "User Michael Jackson is migrated from ABC"
    },
    "email": "simone+migration@farmbot.com.au",
    "given_name": "Simone Barakat",
    "custom_password_hash": {
      "algorithm": "bcrypt",
      "hash": {
        "value": "$2a$10$bWMkmi.x9wjzkKSGmWC/FeBpmPFkCJlsJuwfuOLSD4g2jioNi.zu.",
        "salt": "TYGHRHFhy+9mLXlPoeyxAOo+P4k="
      }
    }
  },
  {
    "user_id": "382",
    "app_metadata": {
      "type": "object",
      "description": "Migrated data from ABC"
    },
    "username": "chris.migration",
    "user_metadata": {
      "username": "chris.migration",
      "email": "chris+migration@abc.com.au",
      "given_name": "Chris Migration",
      "family_name": "Migration",
      "description": "User Chris Migration is migrated from ABC"
    },
    "email": "chris+migration@abc.com.au",
    "given_name": "Chris Migration",
    "custom_password_hash": {
      "algorithm": "bcrypt",
      "hash": {
        "value": "$2a$10$Vawe/n0.iRr95GK2zSL3Be3Mt0ukNtn985lp3Fih4eRUd9CYee6gO",
        "salt": "jxIvZQUXSGNOvH0TXUjYxHGlOx4="
      }
    }
  }
]
3

Hi @ryan9,

Welcome to the Community!

According to our docs, importing a bcrypt hash does not allow for a hash.salt parameter.

I can’t find any reference to it being allowed in the past.

As a side note, you should pass hash.salt.value with the value of the salt if you are importing a salt with your hash.

"hash": {
  "value": "$2a...",
  "salt": {
    "value": "abcd..."
  }
}
4

Thanks for the response but your solution still does not work.

It seems like bcrypt does not allow additional property “salt” according to the error message.

It throws an error. Please refer to the below error message and Json.

And bcrypt without salt, we cannot login to Auth0 universal login. By adding salt, we can log in to Auth0 Universal login. Password : Ryan1234

Using password_hash and custom_password_hash without salt can create users but cannot login to Auth0 universal login. it throws username or password not correct error.

@@@@ Error message

[
   {
      "user":{
         "user_id":"397",
         "app_metadata":{
            "type":"object",
            "description":"Migrated data from LRS"
         },
         "username":"RyanKim3",
         "user_metadata":{
            "username":"RyanKim3",
            "email":"ryan+3@farmbot.com.au",
            "given_name":"Ryan Kim",
            "family_name":"Kim",
            "description":"User Ryan Kim is migrated from LRS"
         },
         "email":"ryan+3@farmbot.com.au",
         "given_name":"Ryan Kim",
         "custom_password_hash":{
            "algorithm":"bcrypt",
            "hash":{
               "value":"*****",
               "salt":{
                  "value":"LZVGiqhOKbLtR/dehzg/pyhIJWY="
               }
            }
         }
      },
      "errors":[
         {
            "code":"OBJECT_ADDITIONAL_PROPERTIES",
            "message":"Additional properties not allowed: salt",
            "path":"custom_password_hash.hash"
         }
      ]
   }
]

@@@@ Json

[
  {
    "user_id": "397",
    "app_metadata": {
      "type": "object",
      "description": "Migrated data from LRS"
    },
    "username": "RyanKim3",
    "user_metadata": {
      "username": "RyanKim3",
      "email": "ryan+3@farmbot.com.au",
      "given_name": "Ryan Kim",
      "family_name": "Kim",
      "description": "User Ryan Kim is migrated from LRS"
    },
    "email": "ryan+3@farmbot.com.au",
    "given_name": "Ryan Kim",
    "custom_password_hash": {
      "algorithm": "bcrypt",
      "hash": {
        "value": "$2a$10$wJq9nVrKdTt1wYGjcgKLieoQk9.w1AEhTYhkmAH4SaDaLaZwRuUw6",
        "salt": {
          "value": "LZVGiqhOKbLtR/dehzg/pyhIJWY="
        }
      }
    }
  }
]
5

Sorted out. The problem was password in payload was not valid. After passing valid one, it worked out perfectly without salt at all.

Password hashed with Bcrypt has all the information in itself so it does not need to have salt at all. That is why Auth0 bulk user import does not allow to pass additional property “salt”.

1 Like
6

Perfect, thanks for the update.

1 Like
7

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.