"WRONG EMAIL OR PASSWORD" after using the user import extension

Hello,

I used the User Import/Export extension to export the tenant’s users. Then I asked Auth0 support for the password hashes.

In order to test the import, I proceeded to delete the user from the tenant and re-import the user using the same extension mentioned above.

The import is successful and I can see the user in the users page. But when I try to log in as the user, I get the ‘Wrong Email or Password’ error.

Could you pls advise? Could this be due to the fact I deleted the user from the tenant so the password hash is no longer valid?

I’m doing this exercise to test our backup and restore strategy in case we were to lose all users from the tenant.

Thanks,
Fatmeh

PS: this is using the username-password-authentication connection.

Hi @fshuman,

I would expect this to work correctly. Can you please share how you are importing the hash with an example?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Hello,

Apologies for the delay in response. I used the User Import / Export extension to import. Pls see below:

Screenshot 2023-11-17 at 14.53.301476×632 79.7 KB

Also, I followed the documentation here User Import / Export Extension

I just wanted to highlight the steps I took:

1. Using the above extension, I exported the tenant’s users
2. I then asked Auth0 Support for the password hashes
3. Using the User management page, I proceeded to delete the user from the tenant (so I can replicate a scenario where our users have been deleted).
4. I re-imported the user using the same extension mentioned above. After import, I can see the user in the users page.

I’m wondering if this could be due to the fact I deleted the user from the tenant so the password hash is no longer valid?

Purpose of doing this: test our backup and restore strategy in case we were to lose all users from the tenant.

Thanks,
Fatmeh

Hi @fshuman,

Thanks for the follow up.

Did you import the user’s hash? If so, can you please provide an example of the JSON import of the hash (exclude any sensitive data)?

Sure, it looks something like this:

[
    {
        "passwordHash": "$2b$10$js84xpJg1tOMrgcFaFSDrOAsWZJ98ZqGB.5rxC5wkRV3Gg2SSd32O",
        "user_metadata": {
            "firstName": "perf",
            "lastName": "test"
        },
        "user_id": "1234abcd",
        "nickname": "a-nickname",
        "name": "thename",
        "email": "email@domain.com",
        "email_verified": true,
        "picture": "https://url/for/avatar.png",
        "connection": "Username-Password-Authentication"
    }
]

I only tested it with a single user. Will it help if I email Auth0 support for a new password hash list so I can try it again? Wondering if there might be logs that can be checked based on the import job id?

Thanks,
Fatmeh

That import looks good. I would expect everything you’ve described to work as expected.

Can you confirm you are trying the same password for the hash you’ve exported?

Yes, it was the same password. One thing I want to highlight is I deleted the user from the User Management page before re-importing. Does that matter?

Thanks,
Fatmeh

That sounds correct to me. You would want to delete the user to simulate a data loss, right?

It shouldn’t have an impact on whether or not you can import the password hash.

That’s true, yes. Will it help if I try this again? Would you have logs at your end to see what could have gone wrong?

I can’t see the logs, but if you provide some test data I can try it on my end. Mainly a password and matching hash. (**Please use a test user for this and do not share a real password)

Ok let me create a new test user in my test tenant and request the password hash from Auth0 support.

Ticket created - I should hopefully have the password hashes to replicate the issue in the next couple of days.

Hi @dan.woda - I’ve received the password hash and will replicate the issue tomorrow.

Sounds good, let me know when I can help.

Hi @dan.woda - I was testing it and got the same error. But I noticed that the password hash property I’m using is wrong. password_hash vs passwordHash. As I’ve reset the user’s password (to see if login works), I’m going to request the new password hash and try it with password_hash instead to see if it works.