Hi all,
I am working on importing users from a custom db into an auth0 db. Our previous datastore utilized flask_bcrypt which by default uses 12 salt rounds so our passwords are prepended with $2b$12$ (12 rounds) vs $2b$10$ (10 rounds).
According to the documentation, the standard password_hash import requires bcrypt with 10 rounds.
Does Auth0 support custom password hashes with salt rounds other than 10? If not what are options for importing users without requiring a password change?
If your hashes don’t use 10 rounds you won’t be able to import them through the password_hash property because that one makes an assumption on both the algorithm and number of rounds.
However, bcrypt is a supported algorithm to be imported as the custom_password_hash property which should then allow you to import the 12 round hashes you currently use although I confess I haven’t tested this recently. In order to use custom_password_hash you’ll have to adjust the import schema as it’s not just providing the string hash directly (custom_password_hash is actually an object), but the documented you linked covers that format as well (see Bulk User Import Database Schema and Examples).
Thanks for the reply. Looks like as long as we use custom_password_hash auth0 can infer the number of password rounds from the value itself. The following payload worked for me. Thanks for your help on this!