Upgrade from an outdated hash algorithm to bcrypt for Custom Database

Problem statement

We want to upgrade from an outdated hash algorithm to bcrypt for custom DB in import mode or bulk imports.


For Custom DBs in import mode, Auth0 will re-hash the user’s password provided into the Universal Login form using bcrypt upon a successful login against the legacy database or on signup if it is enabled.

For bulk imported users with custom hashes, if the hash has been imported correctly and Auth0 can reproduce the hash using the same algorithm and the user’s password, Auth0 will re-hash the password using bcrypt, then delete the old imported hash and use the internally created bcrypt hash going forwards.

In the event the hash does not match, Auth0 doesn’t know whether the hash was imported incorrectly or the user provided the wrong password, thus it will report a wrong email or password error to the user, but the tenant logs will record this as a “type:fp” with a description of “Password change required”.