Importing users with custom password hash

Hello!
I am trying to test Bulk User Imports but I can’t find the best way to send a basic encryption method.
For testing purposes lets say I’m using sha256 to encrypt password+salt with 100 iterations:

A password in the DB would look like this
123435e7f5fc530c66ee830fd7d53f8d489b467a3edd81fbd2412947897d6bef12c0
The first 4 digits would be the salt we used for creating the encryption, and the rest is the actual result after 100 iterations (password+salt)

Example code would be

const getHash = (string) => crypto
  .createHash('sha256')
  .update(string)
  .digest('hex');

    const passwordPlain = 'hello'
    const salt = '1234'
    let passwordToHash = salt + passwordPlain

    for (let i = 0; i < 100; i++) {
      passwordToHash = getHash(passwordToHash);
    }
    console.log(passwordToHash)
// 35e7f5fc530c66ee830fd7d53f8d489b467a3edd81fbd2412947897d6bef12c0

Would it be possible to use bulk import with custom_password_hash with an approach like this?
We are trying to avoid configuring reset password email.
Even though this is not exactly how the final solution will be, it will give us an idea for the real implementation.
Thanks!

Hi @mauricioromero,

Welcome to the Auth0Community and thank you for posting your question.

The Bulk User Import is an available option for your use case as well, given that Auth0 supports this type of migration for custom hashed passwords with supported algorithms, such as the SHA256. For this reason users will also not have to go through the reset password flow.

You can also rely on the secure hashing process provided by Auth0, in which case you would not need to implement any server-side implementation from your end, since from what I can see above this is just a sample code.

More documentation on this matter can be found here.

I hope this helped.
Best regards,
Remus

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.