Auth0 Home Blog Docs

Can't match Bcrypt hash generated in PHP using Node Bcrypt function when configuring custom DB



This post originally started out as a plea for help, but I ended up figuring the solution out as I was drafting it, so I thought I’d share it anyway.

I wanted to set Auth0 to connect to a custom credentials database on my server.

I was using:, user.passwordHash, function (err, isValid)

This failed because PHP’s Bcrypt function prepends a different prefix to the hash to Node (PHP appends $2y, whereas Node checks for $2a).

Fixing this just required a quick search and replace on the hash before comparing it to the entered password:

    var convertedPassHash = user.passwordHash.replace('$2y$', '$2a$');, convertedPassHash, function (err, isValid) 

Perhaps this will be helpful to someone. :slight_smile: