"WRONG EMAIL OR PASSWORD" after using the user import extension

fshuman · September 26, 2023, 9:19am

Hello,

I used the User Import/Export extension to export the tenant’s users. Then I asked Auth0 support for the password hashes.

In order to test the import, I proceeded to delete the user from the tenant and re-import the user using the same extension mentioned above.

The import is successful and I can see the user in the users page. But when I try to log in as the user, I get the ‘Wrong Email or Password’ error.

Could you pls advise? Could this be due to the fact I deleted the user from the tenant so the password hash is no longer valid?

I’m doing this exercise to test our backup and restore strategy in case we were to lose all users from the tenant.

Thanks,
Fatmeh

PS: this is using the username-password-authentication connection.

dan.woda · September 28, 2023, 2:05pm

Hi @fshuman,

I would expect this to work correctly. Can you please share how you are importing the hash with an example?

system · October 26, 2023, 2:24pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

fshuman · November 17, 2023, 2:58pm

Hello,

Apologies for the delay in response. I used the User Import / Export extension to import. Pls see below:

Also, I followed the documentation here User Import / Export Extension

I just wanted to highlight the steps I took:

Using the above extension, I exported the tenant’s users
I then asked Auth0 Support for the password hashes
Using the User management page, I proceeded to delete the user from the tenant (so I can replicate a scenario where our users have been deleted).
I re-imported the user using the same extension mentioned above. After import, I can see the user in the users page.

I’m wondering if this could be due to the fact I deleted the user from the tenant so the password hash is no longer valid?

Purpose of doing this: test our backup and restore strategy in case we were to lose all users from the tenant.

Thanks,
Fatmeh

dan.woda · November 17, 2023, 4:27pm

Hi @fshuman,

Thanks for the follow up.

Did you import the user’s hash? If so, can you please provide an example of the JSON import of the hash (exclude any sensitive data)?

fshuman · November 20, 2023, 5:12pm

Sure, it looks something like this:

[
    {
        "passwordHash": "$2b$10$js84xpJg1tOMrgcFaFSDrOAsWZJ98ZqGB.5rxC5wkRV3Gg2SSd32O",
        "user_metadata": {
            "firstName": "perf",
            "lastName": "test"
        },
        "user_id": "1234abcd",
        "nickname": "a-nickname",
        "name": "thename",
        "email": "email@domain.com",
        "email_verified": true,
        "picture": "https://url/for/avatar.png",
        "connection": "Username-Password-Authentication"
    }
]

I only tested it with a single user. Will it help if I email Auth0 support for a new password hash list so I can try it again? Wondering if there might be logs that can be checked based on the import job id?

Thanks,
Fatmeh

dan.woda · November 21, 2023, 1:48pm

That import looks good. I would expect everything you’ve described to work as expected.

Can you confirm you are trying the same password for the hash you’ve exported?

fshuman · November 22, 2023, 8:31pm

Yes, it was the same password. One thing I want to highlight is I deleted the user from the User Management page before re-importing. Does that matter?

Thanks,
Fatmeh

dan.woda · November 27, 2023, 4:34pm

That sounds correct to me. You would want to delete the user to simulate a data loss, right?

It shouldn’t have an impact on whether or not you can import the password hash.

fshuman · December 1, 2023, 10:42am

That’s true, yes. Will it help if I try this again? Would you have logs at your end to see what could have gone wrong?

dan.woda · December 1, 2023, 3:21pm

I can’t see the logs, but if you provide some test data I can try it on my end. Mainly a password and matching hash. (**Please use a test user for this and do not share a real password)

fshuman · December 4, 2023, 3:44pm

Ok let me create a new test user in my test tenant and request the password hash from Auth0 support.

fshuman · December 6, 2023, 1:27pm

Ticket created - I should hopefully have the password hashes to replicate the issue in the next couple of days.

fshuman · December 14, 2023, 1:53pm

Hi @dan.woda - I’ve received the password hash and will replicate the issue tomorrow.

dan.woda · December 14, 2023, 4:35pm

Sounds good, let me know when I can help.

fshuman · December 16, 2023, 10:29am

Hi @dan.woda - I was testing it and got the same error. But I noticed that the password hash property I’m using is wrong. password_hash vs passwordHash. As I’ve reset the user’s password (to see if login works), I’m going to request the new password hash and try it with password_hash instead to see if it works.