I am trying to bulk import users to Auth0. We don’t use their standard hashing algorithm, so I’ve had to convert our hashes to fit their “custom_password_hash” requirements. However, when I try to log in as one of those users, the Auth0 gives an incorrect password error.
Here is how we were generating salts and hashes pre Auth0:
var salt = crypto.randomBytes(32).toString('hex');
var hash = crypto
.pbkdf2Sync(password, salt, 10000, 64, 'sha512')
.toString('hex');
Here is how I am creating the custom_password_hash object Auth0 requests for each user to be imported:
const phcobj = {
id: 'pbkdf2-sha256',
params: {i: 10000, l: 64},
salt: Buffer.from(salt, 'base64'), // create a binary buffer from base64 encoded string
hash: Buffer.from(hash, 'base64'),
};
const serialized = phc.serialize(phcobj);
return {
"algorithm": 'pbkdf2',
"hash": {
"value": serialized,
"encoding": "utf8"
}
}
I am following the requirements for pbkdf2 hashes described here: Bulk User Import Database Schema and Examples
I am able to successfully import users via the Auth0 import/export extension. The users appear in the user management section (though without any password appearing in “raw json”, but maybe this is normal.
But when I go to log in, I get an error “Wrong email or password”. This is unexpected. I should just be able to log in.
What am I missing?