This post originally started out as a plea for help, but I ended up figuring the solution out as I was drafting it, so I thought I’d share it anyway.
I wanted to set Auth0 to connect to a custom credentials database on my server.
I was using:
bcrypt.compare(password, user.passwordHash, function (err, isValid)
This failed because PHP’s Bcrypt function prepends a different prefix to the hash to Node (PHP appends $2y, whereas Node checks for $2a).
Fixing this just required a quick search and replace on the hash before comparing it to the entered password:
var convertedPassHash = user.passwordHash.replace('$2y$', '$2a$'); bcrypt.compare(password, convertedPassHash, function (err, isValid)
Perhaps this will be helpful to someone.