I’ve imported a user with a custom password hash. There are no errors, but when I attempt to log in to Auth0 with the user’s password, the login fails and this message appears in the Auth0 logs:
{
"date": "2023-03-27T15:50:56.200Z",
"type": "fp",
"description": "Password change required.",
"connection": "Username-Password-Authentication",
"connection_id": "con_AFgPRyO4FnWb3N5Y",
"client_id": "UKPTkTvlq8B6tQRbtwRSTZrOCenqxwmE",
"client_name": "All Applications",
"ip": "2600:1702:3870:7140:6860:d079:da:6b",
"user_agent": "Chrome 111.0.0 / Windows 10.0.0",
"details": {
"error": {
"message": "Password change required.",
"reason": "Verification failed for the provided custom_password_hash: {'algorithm':'sha1','hash':{'value':'c32c737848...','encoding':'hex'},'salt':{'value':'87c11281...','encoding':'hex','position':'suffix'}}"
}
},
"user_id": "auth0|foo",
"user_name": "foo@bar.com",
"strategy": "auth0",
"strategy_type": "database",
"log_id": "90020230327155100400915000000000000001223372036991371193",
"_id": "90020230327155100400915000000000000001223372036991371193",
"isMobile": false,
"id": "90020230327155100400915000000000000001223372036991371193"
}
The JSON file containing this user looks like this:
[
{
"email":"foo@bar.com",
"email_verified":true,
"user_id":"foo",
"given_name": "foo given name",
"family_name": "bar family name",
"name": "foo j. bar",
"nickname": "nick foo",
"blocked": false,
"custom_password_hash": {
"algorithm": "sha1",
"hash": {
"value": "c32c7378....c47536f3a4",
"encoding": "hex"
},
"salt": {
"value": "87c112810....9b62611627813",
"encoding": "hex",
"position": "suffix"
}
}
}
]
the Python code that generated the hash and salt is as follows:
pass_salt = uuid.uuid4().hex
pass_hashed = hashlib.sha1((new_pass + pass_salt).encode(‘utf-8’)).hexdigest()
Can anyone tell me if there’s something I can change in the way I import a user to make this salt and hash scheme to work?
Thanks, Chris