Import Auth0 bcrypt password hashes to Okta tenant

Problem statement

We want to import Auth0 bcrypt password hashes into their Okta tenant.


The base64 encoding used in bcrypt is different from the standard base64 encoding defined in RFC4648.


To be specific, the bcrypt base64 uses the character table [./A-Za-z0-9], while the standard base64 uses the character table[A-Za-z0-9+/] (Base64 - Wikipedia).

Here is an example of a bcrypt hash exported from Auth0. As you can see, it complies with the format defined in #1

password: 42
bcrypt hash: $2b$10$yobOT8CyiI3Ls6BM/.MNWu.O6UcaOinlpRnEkPJttZn2dQZ5uZC42

This Okta document mentions that the hash value and salt should be radix64 encoded.


The radix64 is a variant of the standard base64 (Base64 - Wikipedia), which seems to suggest that the Auth0 exported password hash need to be converted prior to being imported to an Okta tenant.
However, without encoding conversion, after importing a user with the following payload to the Okta tenant(version 2023.02.1.E), we can log in with password “42” successfully.

    "profile": {
        "firstName": "Isaac",
        "lastName": "Brock",
        "email": "",
        "login": ""
    "credentials": {
        "password": {
            "hash": {
                "algorithm": "BCRYPT",
                "workFactor": 10,
                "salt": "yobOT8CyiI3Ls6BM/.MNWu",
                "value": ".O6UcaOinlpRnEkPJttZn2dQZ5uZC42"