"Wrong email or password" after bulk user import

I am trying to bulk import users to Auth0. We don’t use their standard hashing algorithm, so I’ve had to convert our hashes to fit their “custom_password_hash” requirements. However, when I try to log in as one of those users, the Auth0 gives an incorrect password error.

Here is how we were generating salts and hashes pre Auth0:

var salt = crypto.randomBytes(32).toString('hex');
var hash = crypto
    .pbkdf2Sync(password, salt, 10000, 64, 'sha512')
    .toString('hex');

Here is how I am creating the custom_password_hash object Auth0 requests for each user to be imported:

const phcobj = {
    id: 'pbkdf2-sha256',
    params: {i: 10000, l: 64},
    salt: Buffer.from(salt, 'base64'), // create a binary buffer from base64 encoded string
    hash: Buffer.from(hash, 'base64'), 
  };
  const serialized = phc.serialize(phcobj);
  return {
    "algorithm": 'pbkdf2',
    "hash": {
      "value": serialized,
      "encoding": "utf8"
    }
  }

I am following the requirements for pbkdf2 hashes described here: Bulk User Import Database Schema and Examples

I am able to successfully import users via the Auth0 import/export extension. The users appear in the user management section (though without any password appearing in “raw json”, but maybe this is normal.

But when I go to log in, I get an error “Wrong email or password”. This is unexpected. I should just be able to log in.

What am I missing?

1 Like

Additionally, the user_id I imported is not reflected on the user once imported (according to my “users” tab).