This post originally started out as a plea for help, but I ended up figuring the solution out as I was drafting it, so I thought I’d share it anyway.
I wanted to set Auth0 to connect to a custom credentials database on my server.
I was using:
bcrypt.compare(password, user.passwordHash, function (err, isValid)
This failed because PHP’s Bcrypt function prepends a different prefix to the hash to Node (PHP appends $2y, whereas Node checks for $2a).
Fixing this just required a quick search and replace on the hash before comparing it to the entered password:
var convertedPassHash = user.passwordHash.replace('$2y$', '$2a$');
bcrypt.compare(password, convertedPassHash, function (err, isValid)
Perhaps this will be helpful to someone. 
5 Likes
I confirm this issue/fix it should be written somewhere in the auth0 interface
I wanted to reach out and let you know @antoine.thierry, I sent you a direct message. When you get a minute please give it a look. Thank you in advance!
Hey James,
In the spirit of community-based support, why not share the love? I’m sure there are others that will benefit from/be curious about the same information.
Definitely @mahatma-andy! The goal is to improve documentation and make it easier for others not to get caught up in the same hurdles. When you get a minute please feel to let us know where and how we can improve the documentation to support this. Your feedback really helps make it better for everyone across the board!
1 Like
Hi all
just gived a second warning that PHP encoded bcrypt passwords hashes are NOT the same that blablaJS (nodeJS) ones
i just lost 1 or 2 hours (kind of) with this password encryption related issue
keywords :
- PHP
- NodeJS
- Bcrypt
- Auth0
- SQL (mysql - mariadb)
- custom database
- whatelse
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.