Import user with custom password hash using pbkdf2 algorithm

I’ve imported a user with a custom password hash. There are no errors, but when I attempt to log in to Auth0 with the user’s password, the login fails and this message appears in the Auth0 logs:

The user meta data from auth0:

{
  "date": "2023-07-12T06:19:47.129Z",
  "type": "fp",
  "description": "Password change required.",
  "connection": "Username-Password-Authentication",
  "connection_id": "con_eftNKfUtcY8hYqZO",
  "client_id": "eI3amkzGToiyThi43OB9phEihd2wGSa0",
  "client_name": "lite-new-app",
  "ip": "49.248.208.11",
  "user_agent": "Other 0.0.0 / Other 0.0.0",
  "details": {
    "error": {
      "message": "Password change required.",
      "reason": "Verification failed for the provided custom_password_hash: {'algorithm':'pbkdf2','hash':{'value':'$pbkdf2-sha256$i=150000,l=...','encoding':'utf8'},'salt':{'value':''}}"
    }
  },
  "user_id": "auth0|64ae45db8e50aa25d3aaf4c8",
  "user_name": "test@gmail.com",
  "strategy": "auth0",
  "strategy_type": "database",
  "log_id": "90020230712061949913572000000000000001223372038724171943",
  "_id": "90020230712061949913572000000000000001223372038724171943",
  "isMobile": false,
  "id": "90020230712061949913572000000000000001223372038724171943"
}

The JSON file containing this user looks like this:

[{
    "email": "test@gmail.com",
    "email_verified": true,
    "custom_password_hash": {
        "algorithm": "pbkdf2",
        "hash": {
            "value":"$pbkdf2-sha256$i=150000,l=32$ic3YGeo8$c2db2edf40492d044fc9274d990d9cd91942c487e76c5f5ad795159ebb380836",
            "encoding":"utf8"
            }      
    }
}]

The Python code that generated the hash and salt is as follows:

from werkzeug.security import generate_password_hash
hashed_password= generate_password_hash(password, method='pbkdf2:sha256')

Can anyone tell me if there’s something I can change in the way I import a user to make this salt and hash scheme to work?

Hi @chanchal.kumawat,

Have you tried using the default iterations value from the library you are using? Looks like it should be 600000 if you are using the current version.

Hi @dan.woda Tried with 600000 iterations as well, getitng same invalid password issue during login