It seems that I am unable to create new users in the Auth0 managed db while migrating from a custom db. Clients linked to both connections only check credentials on the custom db, not on the Auth0 one. What am I missing here? Shouldn’t Auth0 check the managed db first and only after not finding credentials there, go to the custom db and try to grab from there?
I may be missing something, but when migrating users to Auth0 from an external store there should only be one database connection and from your question I get the notion there’s two distinct database connections.
When you enable the import mode for a custom database there’s indeed two users’ store being used, the Auth0 managed one and the external one, however, this is implemented through a single database connection that for users that haven’t yet been migrated will call into the external store, authenticate them and migrate them.
For a depiction of this migration process see the reference documentation, but in summary, the migration process is transparent for any client application as the client itself does not care if the user has already been migrated or not, it just tries to perform authentication against that single database connection.
If you have different database connections then technically each connection represents a different source of users that is independent of each other, comparable to having multiple social connections where the client application would need to be specific about which connection it wants to authenticate the users against. For social connections this is automatically handled in Lock by having different buttons for Google, Facebook, etc. For database connections you would have to have your own UI to allow the choice process.
Thanks, @jmangelo. That clarified some key aspects of the migration for me. How can I tell that all the users in the custom db have been migrated? Currently, I am not seeing “Create”, “Update” and “Delete” action scripts options for my custom DB. It’s an Auth0 configuration or it’s smart enough to interpret read-only aspects of my custom DB?
Why do I need to maintaing Create, Verify, Delete for a database that I want to disconnect? It seems that once I have “migrated” all the users to the Auth0 managed db, I cannot disable the “use my own database”, which enforces actions scripts for the mentioned operations. How can I create a new user in that situation, without having to create it in the old custom db and then have the Login script extract the profile and then have the Auth0 execute the “migration”?
Yes, the UX after having completed a migration could be improved; this is something that is already being tracked. I would need to check, but in theory, you can update the login script to just error out without making any external calls because if every users got migrated a call to this script indicates the user in question is not in Auth0 so it must not exist; hence just error out. For the get user script I think the noop would be to always return that the user does not exist because that script should also only be called after trying to find him among the migrated ones.