We have a web and a hybrid app, Which are running in production. For user authentication we are using Stormpath. As stormpath is merging with okta, so we want to migrate our app to AuthO without affecting our user’s experience. We are following the migration guide specified Here(Easily Migrate Your Existing Stormpath Users to Auth0) but we don’t want our user to re-login into our app. We have some specific questions and any kind of answer will help to solve our problem.
Q 1. How to import existing data from stormpath?
Q 2. What are changes needed to be done on backend? we have a java backend where we are using stormpath sdk. I am attaching my pom.xml as [pom.txt][1] for reference.
Please guide us through for the seamless migration.
As mentioned in the linked blog post the migration can be done in a seamless way from the perspective that end-users won’t have to change their passwords, however, this still requires that end-users have to perform a new login operation. In addition, the seamless migration illustrated in the post also directly depends on calls to the service that is going to be shutdown pretty soon so if you anticipate that not all users would be able to re-login until that time you would either have to bulk import the users to Auth0 and force a password change or assuming Stormpath allows it, export the user data including password hashes into your own temporary store and customize the custom database scripts to work against your temporary store instead of directly with Stormpath.
In relation to the changes needed in the backend it depends on the exact scenario; if this is a backend tightly coupled with a web client application and upon the user authentication leverages cookie-based session to maintain the notion of an authenticated user then it’s one thing, but if it’s a backend API that services multiples client application and wants to leverage authorization through OAuth2 access token then that’s another.
For some examples on both approaches you can check the quickstarts:
-
Java Web Application - inline with a backend that is tied to an associated web client application.
-
API with Java Spring Security - inline with a backend/API that services multiple client applications and does authorization based on OAuth2 access tokens.