I’m working for a customer that wants to use Auth0 as an IdP. A previous developer had set up everything via Wordpress, which uses the PHPass library to generate password hashes, which is not supported by Auth0.
Here are the constraints of the project:
-
Existing users need to be pre-imported into Auth0’s default password database.
-
It has to use Auth0 developer/basic tier. Anything locked behind pro or enterprise is off the table. There are only 200 users anyway.
-
We can’t ask the customers to reset their passwords right off the bat. That’s horrible UX, and no one’s going to pay attention to a notice like that. (And they shouldn’t follow instructions like that anyway – it sounds like a phishing scam)
-
Similar to 3, we can’t ask customers to re-register.
-
The Wordpress site is a mess and already uses a non-standard login mechanism, so using the WP Auth0 Plugin is not possible.
I’ve spent about 2 weeks looking for a solution in forum posts, google results, medium stories (ugh), etc. All I’ve found are situations that don’t apply, APIs that are deprecated, and general sales-speak about how great Auth0 is.
Is what I’m tasked with even possible, or is the only way paying for enterprise features?
Thanks in advance,