Auth0 Home Blog Docs

Can't match Bcrypt hash generated in PHP using Node Bcrypt function when configuring custom DB

This post originally started out as a plea for help, but I ended up figuring the solution out as I was drafting it, so I thought I’d share it anyway.

I wanted to set Auth0 to connect to a custom credentials database on my server.

I was using:
bcrypt.compare(password, user.passwordHash, function (err, isValid)

This failed because PHP’s Bcrypt function prepends a different prefix to the hash to Node (PHP appends $2y, whereas Node checks for $2a).

Fixing this just required a quick search and replace on the hash before comparing it to the entered password:

    var convertedPassHash = user.passwordHash.replace('$2y$', '$2a$');
    bcrypt.compare(password, convertedPassHash, function (err, isValid) 

Perhaps this will be helpful to someone. :slight_smile:

4 Likes

I confirm this issue/fix :slight_smile: it should be written somewhere in the auth0 interface :slight_smile:

I wanted to reach out and let you know @antoine.thierry, I sent you a direct message. When you get a minute please give it a look. Thank you in advance!

Hey James,

In the spirit of community-based support, why not share the love? I’m sure there are others that will benefit from/be curious about the same information. :slight_smile:

Definitely @mahatma-andy! The goal is to improve documentation and make it easier for others not to get caught up in the same hurdles. When you get a minute please feel to let us know where and how we can improve the documentation to support this. Your feedback really helps make it better for everyone across the board!

1 Like

Hi all

just gived a second warning that PHP encoded bcrypt passwords hashes are NOT the same that blablaJS (nodeJS) ones :slight_smile:

i just lost 1 or 2 hours (kind of) with this password encryption related issue :slight_smile:

keywords :

  • PHP
  • NodeJS
  • Bcrypt
  • Auth0
  • SQL (mysql - mariadb)
  • custom database
  • whatelse

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.