This post originally started out as a plea for help, but I ended up figuring the solution out as I was drafting it, so I thought I’d share it anyway.
I wanted to set Auth0 to connect to a custom credentials database on my server.
I was using:
bcrypt.compare(password, user.passwordHash, function (err, isValid)
This failed because PHP’s Bcrypt function prepends a different prefix to the hash to Node (PHP appends $2y, whereas Node checks for $2a).
Fixing this just required a quick search and replace on the hash before comparing it to the entered password:
var convertedPassHash = user.passwordHash.replace('$2y$', '$2a$');
bcrypt.compare(password, convertedPassHash, function (err, isValid)
Perhaps this will be helpful to someone. 
I confirm this issue/fix it should be written somewhere in the auth0 interface
I wanted to reach out and let you know @antoine.thierry, I sent you a direct message. When you get a minute please give it a look. Thank you in advance!
Hey James,
In the spirit of community-based support, why not share the love? I’m sure there are others that will benefit from/be curious about the same information.
Definitely @mahatma-andy! The goal is to improve documentation and make it easier for others not to get caught up in the same hurdles. When you get a minute please feel to let us know where and how we can improve the documentation to support this. Your feedback really helps make it better for everyone across the board!
Hi all
just gived a second warning that PHP encoded bcrypt passwords hashes are NOT the same that blablaJS (nodeJS) ones
i just lost 1 or 2 hours (kind of) with this password encryption related issue
keywords :
- PHP
- NodeJS
- Bcrypt
- Auth0
- SQL (mysql - mariadb)
- custom database
- whatelse