Migrating off Auth0

Hi,

I hope you are doing great.

I need help to basically migrate our users away from auth0 as we are planning to implement our own authentication. The reason to migrate away is that we are facing issues on IOS devices when we allow to iframe our app on other domains (and this is our need as well) and IOS devices treat our custom domain as 3rd party and block it out unless we allow it explicitly from the device settings.

I have explored the management API and seems like migrating the user’s information is not a difficult task to do but what I am most concerned about is migrating the passwords. Did anyone have experience migrating the users off from Auth0? How do you suggest migrating the passwords? Keep in mind we have separate tenants in auth0 according to our environments.

Any help would be appreciated.

Looking forward to hearing from you.

Thanks,
Hammad Rasheed

1 Like

Hey there!

Sorry to see you leave but I’m gonna add some tags for better searchability so maybe someone from the forum will be able to help

1 Like

Thanks a lot. I would love that. If you can please help me reach the specific audience to discuss this matter.

1 Like

Hi @hammad.rasheed,

You will need to file a support ticket to request password hashes. This is our support portal.

3 Likes

Hi @dan.woda,

Thanks a lot for your response. Appreciate it a lot.

A few questions here:

  1. We have multiple tenants, so do we have to request for each tenant separately?
  2. How can I know the hashing algorithm to verify the hash?
  3. And lastly do I have to request every time I try to migrate users or will it be a one-time request and the hash will be available every time I use the management API? Considering we would be testing the implementation/migration of users multiple times.
  4. Once I have requested the password hashes, will it be available in the management API (get all users)?

Looking forward to hearing from you.

Thanks,
Hammad Rasheed

1 Like

Yes, that’s correct. You will need to request each tenant’s users.

IIRC, it’s bcrypt. You can request that info with your export.

It is a one-time export. You may want to consider migrating the bulk of your users then forcing a password reset on the outliers.

1 Like

Hi @dan.woda,

This one as well:

  1. Once I have requested the password hashes, will it be available in the management API (get all users)?

No, this is a one-time export.

1 Like

Is there any guide for that?

No, that is something you are going to have to figure out.

Are these password hashes salted as well? If yes then will I be able to know the salt as well?

Yes, you will get everything you need to match them to incoming PW hashes.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.