I have been trying to make a login script for a wordpress website where I am trying to migrate the users that are already registered in WordPress into Auth0.
Problem is, I cannot make bcrypt work to compare the password from WordPress correctly to validate the user. As a result, I took code from wordpress-hash-node to try and successfully validate the password but I have not been successful as it is creating a different hash than the one stored in Wordpress and cannot find a way to make it work.
Has someone been able to make a script that works? Or anyone has encountered the same problem as me?
Can you confirm that the situation is that you used Auth0 and now are moving out of the service and as such requested the password hashes which you are now trying to incorporate into Wordpress? In theory, bcrypt should just work, however, I think due to a bug in a PHP implementation there may be different prefixes being used as means to identify if the has was generated with or without the bug; maybe that’s the issue. However, you should clarify your exact situation.
I have updated my answer to be more specific.
My question is the other way around. I am using WordPress (which uses PHPass.php) and would like to migrate into Auth0. I am trying to create a “login” script to validate the Wordpress User to let Auth0 create the customer in the custom Database.
It is really bizarre that no script has been created to migrate Wordpress Users into Auth0.
For the situation described I would consider enabling the User Migration option of the Wordpress plugin. It enables two additional endpoints exposed by the plugin that could then be called from a custom database connection simply through HTTP request.
The above does require a bit more configuration side on the Auth0 side of things, but would save you the hassle of the low-level password hash comparison. The process should be the following:
- ensure the client application associated with the Auth0 plugin is created in Auth0.
- configure a custom database connection with requires username, migration enabled and associate it the client application above.
- enable the migration option in the plugin (it will warn you that it cannot configure thing automatically so you’ll have to do it manually).
- configure the custom database scripts using the template available here.
You’ll have to replace some placeholders on the templates above, in particular, {THE_WS_URL}
and {THE_WS_TOKEN}
. For the token related one you can get the value from the plugin interface after you enabled the migration option. The URL related ones will be specific to each script and based on the source code of the plugin it should be [wordpress_home_url]/index.php?a0_action=migration-ws-login
for the login one and [wordpress_home_url]/index.php?a0_action=migration-ws-get-user
for the get user. There may be an easier route to do this by going through the initial wizard, but I don’t have a WordPress instance at this moment so describing the manual steps from reviewing the code.
1 Like
I had not found the information on this. My automatic setup process never worked. However, by following your steps it worked perfectly.
Thank you so much.