Overview
When comparing a password hash export provided by Auth0 Developer Support with a bulk user export triggered via the Management API / user export extension, some users are present in the bulk export that are not in the password hash export.
Applies To
- Custom Database
- Password Hash Export
Cause
If the custom database previously operated in legacy authentication mode with import disabled, users logged in while in that mode would not have any hash stored, as all authentication is done via the legacy database.
After enabling import mode, if users do not log in again, Auth0 will not have created a new hash of the user’s password on import, but they will still be present in user searches and bulk user exports on the connection.
Solution
Check the last login dates on the missing users. If they are older than when the database was moved to import mode, it is expected that no password hash will be available from Auth0 exports.
The users would need to either log in once to complete their import into Auth0 or, if migrating to a new tenant, import either with no password (requiring a password reset flow to gain access) or import with a custom password hash obtained from the legacy database. See Custom password hash for more details.