Auth0 Home Blog Docs

Soft/Automatic migration of users to auth0 via custom authentication service

login

#1

Problem:
I am planning on doing a soft migration of our users to auth0, but the only option that I found was Automatic Migration with database connection . Our database is sitting behind a VPN and it would require considerable effort to allow a direct connection to auth0. And to be honest, we frankly don’t really want to provide our database credentials to auth0 even if keys in the configuration object are opaque.

Scenario.
Our ideal scenario is us spinning up an ad-hoc authentication service that auth0 can send an http request to.
And it would check to see if the username/password combination is correct and upon authentication, it would respond with the user profile information.

There doesn’t seem to be any documentation that outlines a scenario to do this other than using the custom database connection flow. In this case, in the Login and Sign Up database action scripts, I can just write some logic to make a http request to our service rather than providing the database credentials.

My question is.
Is there a more standard/straightforward way of doing this? This method might work but obviously seems to not be the intended use case for the Connect Custom Database functionality. I would also need a method for the Login javascript box to authenticate itself with my service. I could assign a encrypted key to the configuration object that is used to authenticate with the custom service, but again is there any standard functionality built into auth0 to do this.


#2

Hey @kamikq, your requirement is a pretty standard one and it’s something many others do as well. I don’t see any problems with the approach.

You can expose a REST API and authenticate it with a token that only has access to retrieve a given user. The token can be saved in the configuration object.

Note that you don’t need a Sign Up script. Just a Login script and a Get User script would do for the migration scenario. So the API you expose needs at most two endpoints.


#3

Hi Thameera,

Thanks for the response.
I actually realized that there is an example template in the Login and Get User action scripts for basic auth. I wish it wasn’t so hidden haha.


#4

Yes, there’s a template too! Glad you found it :slight_smile: