Importing hmac passwords using sha512 seems to not function

Help
,
1

I am trying to import our current users to auth0.
We currently have an hmac, sha512 combination.

I also verified the has is indeed correct for our current password in a snippet of NodeJS code:

const hmac = crypto.createHmac('sha512', '8b9d4e3acd2bd11aff93caf9d9070be392b69509d68c805809df379ccc7d52f7abce3cb8b5b97bc5df2d89307aac2ef09eb0c83b621af9e1170c0372c5597ab7');
hmac.update('testBE');
console.log(hmac.digest("hex"));

Yet when I import a user with these settings:

[
  {
    "email": "me@test.local",
    "email_verified": false,	
    "custom_password_hash": {
      "algorithm": "hmac",
      "hash": {
        "value": "25b0caee6cb139e7b066fc7dab7aa4926d59ef950510f88a4b5b8f74157c071b0006072b3b6d9b2de4fb7c0ccf4df9eb68c72320b1cae9e5fb36f5bae5cbac9a",
        "encoding": "hex",
        "digest": "sha512",
        "key": {
	      "value": "8b9d4e3acd2bd11aff93caf9d9070be392b69509d68c805809df379ccc7d52f7abce3cb8b5b97bc5df2d89307aac2ef09eb0c83b621af9e1170c0372c5597ab7",
	      "encoding": "hex"
        }
      }	
    }
  }
]

I am not able to login on auth0 and in the logs it shows me the correct data I uploaded:

{
  "error": {
    "message": "Password change required.",
    "reason": "Verification failed for the provided custom_password_hash: {'algorithm':'hmac','hash':{'value':'25b0caee6cb139e7b066fc7dab7aa492...','encoding':'hex','digest':'sha512','key':{'value':'8b9d4e3acd2bd11aff93caf9d9070be3...','encoding':'hex'}},'salt':{'value':''}}"
  }
}

Any suggestions on what I might be missing or doing incorrectly?

2

So I retried this today to confirm I didnt mess up and everything works fine after changing the key encoding to utf8.
Resultin in the following JSON:

[
  {
    "email": "me@test.local",
    "email_verified": false,	
    "custom_password_hash": {
      "algorithm": "hmac",
      "hash": {
        "value": "25b0caee6cb139e7b066fc7dab7aa4926d59ef950510f88a4b5b8f74157c071b0006072b3b6d9b2de4fb7c0ccf4df9eb68c72320b1cae9e5fb36f5bae5cbac9a",
        "encoding": "hex",
        "digest": "sha512",
        "key": {
	      "value": "8b9d4e3acd2bd11aff93caf9d9070be392b69509d68c805809df379ccc7d52f7abce3cb8b5b97bc5df2d89307aac2ef09eb0c83b621af9e1170c0372c5597ab7",
	      "encoding": "utf8"
        }
      }	
    }
  }
]

Although the key is in hex format it apparantly needed utf8 to funciton correctly.

1 Like
3

Glad you have sorted it out and thanks for sharing with the rest of community!