User Migration with custom hash password

I am trying to use the import user extension to migrate users from a legacy DB. I am building a json file to migrate the users. I need a little help with custom password hash object. The scenario is:
The hashing of the password is done with a function that uses a key-phrase to set the Key and IV values of a .NET RijndaelManaged crypto object. The object is set with PKSC7 padding and a cipher mode of CBC. That then hashes the password.
How should my custom hash object look like in this case? Or is this even a supported algorithm?

Take a look at this migration guide: Configure Automatic Migration from Your Database

And this thread: Custom password hashing

1 Like

Thanks for the reply. I forgot to mention that I am planning for a Bulk Migration and not Automatic Migration.

Are you open to force users to reset their passwords? If so, you could ditch the old hashes and force the users to reset their passwords on their first login.

If that is the only option then I don’t think I have a choice.

How would you go about forcing users to reset their passwords on first time login? Is this something you can do with Universal login?

Hi, good question.

TL;DR:

If your application uses Universal Login, the user can use the Lock widget on the Login screen to trigger a password reset email. With the New Universal Login Experience, the user can click the Don’t remember your password? link and then enter their email address. This fires off a POST request to Auth0 that triggers the password reset process. The user receives a password reset email.

Source: Change Users' Passwords

Ah, so there is no way to force a user to reset password flow; For instance, if they were unaware that they needed to do a password reset, they would enter a password and get an invalid password error message, presumably multiple times.

@dan.woda
@rueben.tiow
@konrad.sopala
@tyf
Need help!

What have you tried? Are you seeing any errors?

1 Like

Hi @spoudel,

These are the available algorithms:

  • argon2
  • bcrypt
  • hmac
  • ldap
  • md4
  • md5
  • sha1
  • sha256
  • sha512
  • pbkdf2
  • scrypt

(Reference: Bulk User Import Database Schema and Examples)

In this case, I recommend considering an automatic migration over a bulk migration. This way, your users will be prompted to reset their passwords on their first login.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.