I am migrating users from one tenant to another. Following this approach :
**1. New Tenant: create a Custom Database with Import mode enabled **
**2. Legacy Tenant: create a new Machine to Machine Application, which will be the new Tenant/Application/Custom Database. **
**3. New Tenant: Since you’re provided a password in the Login script, you could make a Resource Owner Password Grant call to the Machine To Machine Client (created in previous step) from here * This would ensure the user is providing the correct password from your legacy tenant. **
*** This call will return you an Access Token that you could use to copy all the user’s information from the legacy tenant to your new tenant. If you are saving app_metadata you’ll want to pay close attention to the instructions here regarding that: https://auth0.com/docs/metadata#metadata-and-customdatabases **
4. New Tenant: Also write a getUser script which will be quite similar to the Login script without the need for a password. You would need to implement the Client Credentials Grant in this case to get an Access Token. You would use that to fetch the users prole from the legacy tenant.
But in the new tenant we are using authorization extension to create groups and roles. For new users we are creating group and roles from hook by calling authorization apis and during login saving to app_metadata.
But when using custom database after user migration to another tenant, not able to create group and roles. Should I call authorization apis from rule?