We are migrating users from Magento into Auth0, and we are bulk importing users using following endpoint /api/v2/jobs/users-imports
We want to migrate users into Auth0 without users having to change their password.
I have migrated few customers into our Auth0 test environment and I noticed when a user tries to login, they are being asked to change their password.
Password hash in the external db is stored like below - md5 algorithm
Hyee6a46f901259d56e3813d2c4d5eaf6e:450y86JkmHru6KtZo4O07CSHuwy
Below are the technical details.
AUTH0 LOGS :
{
âdateâ: â2021-02-10T20:23:44.987Zâ,
âtypeâ: âfpâ,
âdescriptionâ: âPassword change required.â,
âconnectionâ: âMigrationDryRunâ,
âconnection_idâ: âcon_5RFvdwjNSUjvLOQGâ,
âclient_idâ: âl7OCjTSTzRhogBPoyOQD3luoNHXl3TqOâ,
âclient_nameâ: âAll Applicationsâ,
âipâ: â31.124.202.113â,
âuser_agentâ: âChrome 88.0.4324 / Mac OS X 10.15.7â,
âdetailsâ: {
âerrorâ: {
âmessageâ: âPassword change required.â,
âreasonâ: âVerification failed for the provided custom_password_hash: {âalgorithmâ:âmd5â,âhashâ:{âvalueâ:â6196a46f901259d5âŠâ,âencodingâ:âhexâ},âsaltâ:{âvalueâ:âMzU3SGxRMHkâŠâ,âencodingâ:âbase64â,âpositionâ:âprefixâ}}â
}
},
âuser_idâ: âauth0|943d6810114f4d10a55086f8â,
âuser_nameâ: âxxxx.yyyyy@gmail.comâ,
âstrategyâ: âauth0â,
âstrategy_typeâ: âdatabaseâ,
âlog_idâ: â90020210210202345525000825933440351445052253934865874978â,
â_idâ: â90020210210202345525000825933440351445052253934865874978â,
âisMobileâ: false
}
PAYLOAD:
[
{
âuser_idâ: â943d6810114f4d10a55086f8â,
âemailâ: âxxxx.yyyy@gmail.comâ,
âgiven_nameâ: âxxxxâ,
âfamily_nameâ: âyyyyâ,
ânameâ: âxyxyxyâ,
âcustom_password_hashâ: {
âalgorithmâ: âmd5â,
âhashâ: {
âvalueâ: â8iisddd6f901259d56e3813d2c4d2cfaf398ee71740e68252003d2f733eeeâ,
âencodingâ: âhexâ
},
âsaltâ: {
âvalueâ: âMMMMEEE3SGxRMHk4NkprbUhydTZLdFpvNE8wN0NTUGFrUVQ=â,
âencodingâ: âbase64â,
âpositionâ: âprefixâ
}
},
âapp_metadataâ: {
âmagento_importedâ: true,
âexternal_pwdâ: â74747a46f901259d56e3813d2c4d2cfaf398ee71740e68252003d2f07445eaf6eâ,
âmagento_idâ: â35079â
},
âemail_verifiedâ: true
}
]
The hash and salt is constructed using the logic:
if â:â in r[âpassword_hashâ]:
r[âcustom_password_hashâ] = {
âalgorithmâ: âmd5â,
âhashâ: {
âvalueâ: r[âpassword_hashâ].split(â:â)[0],
âencodingâ: âhexâ
},
âsaltâ: {
âvalueâ: base64.b64encode(bytes(r[âpassword_hashâ].split(â:â)[1], âutf-8â)).decode(âutf-8â),
âencodingâ: âbase64â,
âpositionâ: âprefixâ
}
}
r[âapp_metadataâ] = {
âmagento_importedâ: True,
âexternal_pwdâ: r[âpassword_hashâ].split(â:â)[0],
âmagento_idâ: str(r[âentity_idâ])
}
del r[âpassword_hashâ]
elif â$2y$â in r[âpassword_hashâ]:
pass_hash = r[âpassword_hashâ]
r[âpassword_hashâ] = pass_hash.replace(â$2y$â, â$2a$â)
r[âapp_metadataâ] = {
âmagento_importedâ: True,
âexternal_pwdâ: pass_hash,
âmagento_idâ: str(r[âentity_idâ])
}
I think there is something wrong in salt value which I tried to explore but could not find any root-cause.
Your inputs will be much appreciated to find the root-cause.