How to export user password hashes?

noland.germain · June 29, 2020, 6:55pm

Using the Management API or the User Import / Export Extension, I can’t seem to export users’ password hashes. I request the password and password_hash fields but nothing comes back:

curl \
-X POST  \
-H "Content-Type: application/json" \
-H "Authorization: Bearer XXXX" \
-d \
'
{
  "connection_id": "XXXX",
  "format": "json",
  "limit": 5,
  "fields": [
    
      {
        "name": "user_id"
      },
      {
        "name": "password"
      },
      {
        "name": "password_hash"
      }
  ]
}
' \
https://XXXX.auth0.com/api/v2/jobs/users-exports

This post: How can I import users via email addresses and password hashes (without users needing to reset their passwords)? has a solution and states it’s now possible but it doesn’t seem to be working.

It seems impossible to migrate users to/from Auth0 without forcing password resets. Is this still the case? I thought it was not based on the “solution” to the above post.

Thanks!

dan.woda · June 30, 2020, 8:26pm

Hi @noland.germain,

Password hashes are are the only thing not available via the management API. From our export doc:

The only information which is not available through the API (for security reasons) are the password hashes of your Auth0-hosted database users and private keys. You can request the password hashes by opening a support ticket. Please note that this operation is not available for our Free subscription tier, and we are unable to accept or guarantee requests for exports at a specific time and date.

Migrating users to Auth0 is another story. You can import password hashes from most popular algos.

Check this out if you are looking to import:

https://auth0.com/docs/users/references/bulk-import-database-schema-examples

Learner · July 5, 2020, 3:59am

Angry about this. Choosing auth0 has been a time sink, not a time saver.

What does create:passwords_checking_job do then? It is referenced by not explained here Bulk User Exports?

dan.woda · July 6, 2020, 3:50pm

@Learner

It looks like that scope allows the application to check the status of a user import job.

I would love to help, as well as hear your feedback so we can make improvements. Can you please open a new topic(s) with your specific quesitons. Please tag me with @dan.woda so I am notified.

Thanks,
Dan

ulise.lopezsoto · July 14, 2020, 5:59pm

yo tengo el mismo problema, y tengo una suscripcion de developer pro. como puedo solucionar este tema?

dan.woda · July 14, 2020, 6:01pm

@ulise.lopezsoto

You can request a password hash export by filing a support ticket here:

system · July 29, 2020, 6:01pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.