Can't set password for create user via API

Hello all,

I am running into an issue trying to batch create users. Almost everything works just like it should, but for some reason, it seems that the ‘password’ field isn’t being updated. The user gets created, and after a manual password reset, it can be logged into, however previous to that, the specified password (during user creation) will throw a incorrect password error if utilized.

I should mention that I’m not actually using the API endpoint, this is part of a larger process, my organization wishes to automatically create a list of users inside Auth0, and so we’re utilizing the extension named “User Import / Export”. As I’ve said, everything works perfectly except setting the password. Here’s an (edited) example of the JSON I am feeding it:

[{
“email”: email1@domain.tld",
“email_verified”: true,
“updated_at”: “2019-09-24T16:57:06.010Z”,
“connection”: “connection_name”,
“password”: “password”,
“name”: “First Last”,
“blocked_for”: ,
“guardian_authenticators”:
},
{
“email”: email2@domain.tld",
“email_verified”: true,
“updated_at”: “2019-09-24T16:57:06.010Z”,
“connection”: “connection_name”,
“password”: “password”,
“name”: “First Last”,
“blocked_for”: ,
“guardian_authenticators”:
}]

… obviously I’ve changed the details, but using the above, the user emails email1@domain.tld and email2@domain.tld are generated, however using the password “password” (don’t worry, I’m not actually using that) will fail to login to the account. I’ve also seen other sections of the Auth0 docs that state the passwords need to be encrypted using 10 round bcrypt encryption, however going that route ended in the same result.

If anyone knows what I might be missing here, I’d appreciate being clued in. Thank you for taking the time to read this.

Avery

Hi @alewis,

Welcome to the Auth0 Community Forum!

According to this doc,

Unless your passwords are compatibly hashed using bcrypt, each affected user will need to reset their password when they log in the first time after the bulk import.

If you are importing hashes they will need to keyed with password_hash and hashed using bcrypt 2a or 2b and have 10 saltRounds.

Alternatively, since you are creating users, you may want to utilize the create users endpoint of the management api. It should be able to conform to the profile you have created. https://auth0.com/docs/api/management/v2#!/Users/post_users

Hope this helps!

Thanks,
Dan

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.