Hello everybody,
i’m working on the lazy migration process and I would like to clirify some points with your help. I’m opening this thread, since I found no documentation regarding the available crypto alghoritm usable inside the process. Our expected flow will work like this:
- The user enters his username and password
- Auth0 does not find the user locally and triggers the login script
- The script encrypts the password using an asymmetric algorithm and sends it to the Old platform API
- The Old platform decrypts the password using the shared key and verifies it against the database
- The Old platform validates the password and returns the user attributes to Auth0
- Auth0 receives the user’s attributes with a 200 OK response
- Auth0 encrypts the password using the bcrypt algorithm, storing it inside his own database
- The user is authenticated and migrated
The open point for me is the alghoritm that I want use, AES256-GCM. Could you please give me some feedback about it?
I would be glad to see any docs about it, I found a lot of infos about alghorims usable inside bulk-import, but nothing about script for lazy migration.
Thank you!
Michele