Importing users from another database with oauth connections

theogravity · August 6, 2019, 7:23am

I’m trying to migrate from an existing system that implements passportjs that connects to multiple providers, and stores users by their connection + oauth id in a relational database.

I noticed that the Auth0 database type seems to only support username/password type logins, which our system does not have since a user would auth through a 3rd party like Github and the system would use the Github id as the basis for their user entry in its database.

Likewise with the User Import/Export extension. It’s interesting that I can export by oauth connection, but I’m unable to import to an oauth connection (it seems only Auth0 password databases are supported).

Is there a way to import users by connection type, and maintain that association? For example, I import the github users that were in the system into Auth0, and users that perform OAuth using Auth0 via the github connector would already be linked to their existing data.

I guess one solution could be (we use passportjs):

When a user logs in via Auth0 through Github
In the passportjs strategy verify callback where you are given the user information from Auth0, check our internal database for the oauthid
If the oauth id exists and the user has not been migrated (Maybe set some kind of user metadata flag?), then migrate info from the database using the user management API
Update the Auth0 user metadata to note that they have been migrated

The problem with this approach is that it requires a user to interact, as opposed to being able to run a one-time script that can import each user in the system’s database without user interaction.

Wondering how people have handled this.

dan.woda · August 7, 2019, 7:57pm

Hi @theogravity,

I can confirm that you cannot import users with a social connection, and cannot create users that exist in a social IdP like google.

Customers in the past have used account linking to solve this problem.

You would import to your social users to a custom DB
When a user logs in with a social connection, a rule links accounts based on email
The accounts will then be linked, and the user will be able to log in via social or db connection

This strategy could be customized to fit your specific needs, as rules are quite flexible.

Let me know if any of this needs clarifying, or if it is not solving your problem.

Thanks,
Dan

theogravity · August 7, 2019, 8:09pm

Thanks for the idea. It’s a good idea, but not the right one for us. We’re ok with separate social profiles. In our internal database, we have some metadata that’s attached to each oauth id that we’d like to merge in with the user metadata for that connection.

dan.woda · August 7, 2019, 8:13pm

If you were to merge the accounts then you should have to problem viewing that metadata, as it would also be merged.

theogravity · August 7, 2019, 8:18pm

Thanks, I’ll take a deeper look and see if it’s something that might work for us.

dan.woda · August 8, 2019, 2:26pm

If you run into anything don’t hesitate to open a new topic.

Good Luck!

dan.woda · August 22, 2019, 6:26pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.