Migrate users to AuthN

Users can be imported to AuthN using a comma-separated variable (CSV) file. The variables in these files can be mapped to AuthN for a smooth transition, even when using hashed passwords. Importing hashed passwords requires providing additional data, such as the hash algorithm, salt, salt order, number of hash iterations, etc. A full list of the information that is required can be found in the upload API.

Users can be imported from any system using a CSV export functionality, but Firebase and Auth0 require some additional work to successfully export the users to a format that can be imported by AuthN.

Firebase migration

The first step in migrating users from Firebase is to export them.

Export users from Firebase

1. Install the Firebase Command Line Interface (CLI). This enables you to export the users using a bash command.
2. Open a terminal window and run the following command, replacing the placeholder data with your project information:

firebase auth:export users.csv --format=CSV --project <your_project_id>

This exports your users.

3. Next, log in to your Firebase console and open your project.
4. Select Authentication and then select the Users tab.
5. Click the three buttons beside the Add Users form to open the menu, and then select Password hash parameters.
6. Copy and paste the following parameters into a hash config file:

• base64_signer_key
• base64_salt_separator
• rounds
• mem_cost

Your file text should look similar to this:

hash_config {
  algorithm: SCRYPT,
  base64_signer_key: XXXX/XXX+XXXXXXXXXXXXXXXXX+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==,
  base64_salt_separator: Aa==,
  rounds: 8,
  mem_cost: 14,
}

Import users from Firebase

1. In the Pangea Console , click AuthN.
2. In the left navigation panel, click Users.
3. Click + New.
4. Click Import Users.
5. An Import users modal opens.
6. Click Import CSV. A file selector opens.
7. Navigate to your User CSV file, select it, and then click Upload.
8. A modal displays to map the CSV values to AuthN user information. Map the fields, and then click Import.
9. Add field mapping, and map field password hash to password hash:

• Select the FIREBASED-SCRYPT algorithm
• Provide Parallelism: 1
• Block Size (rounds in hash_config): 8
• Cost Factor (mem_cost in hash_config): 14
• Signer Key (base64_signer_key in hash_config).
• Salt Separator (base64_salt_separator in hash_config).

10. Click Import to import the users. The page redirects back to the Users page.

Auth0 migration

The first step in migration is to export existing users from Auth0.

Export users from Auth0

In order to export users from Auth0 using the API, you will need the following information from Auth0.

• Auth0 tenant ID - This can be found at https://manage.auth0.com/dashboard/us/<tenant-ID>

Export users with the API

1. Get an access token with a POST request to the API. The following example can be used, modifying the placeholder text to match your data:

url --request POST \
  --url https://<YOUR-DOMAIN>.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"<YOUR-CLIENT-ID>","client_secret":"<YOUR-SECRET>","audience":"<YOUR-API-LINK>","grant_type":"client_credentials"}'

2. Make a POST request to export the users. Here is an example request:

curl --request POST \
  --url 'https://<YOUR-DOMAIN>/api/v2/jobs/users-exports' \
  --header 'authorization: Bearer <YOUR-BEARER-TOKEN>' \
  --header 'content-type: application/json' \
  --data '{"connection_id": "<YOUR-CONNECTION-ID>", "format": "csv", "limit": 5, "fields": [{"name": "email"}, { "name": "identities[0].connection", "export_as": "provider" }]}'

3. Make a GET request to obtain the resulting URL for the job.

Here is an example curl request:

curl --request GET \ --url 'https://<YOUR-DOMAIN>/api/v2/jobs/<YOUR-JOB-ID>' \ --header 'authorization: Bearer <YOUR-BEARER-TOKEN>'

note

In order to get the password hashes from Auth0, you might need to open a ticket with support.

Export users using the extension

1. In the Auth0 Dashboard, navigate to Extensions.

2. Install the User Import/Export extension.

3. Open the User Import/Export extension, select Export, and then select your user database connection.

4. Select the fields you want to export, including the password hash fields. The passwords are hashed using the bcrypt algorithm.

5. Click Export Users to download the user data as a CSV file.

   note

   In order to get the password hashes from Auth0, you might need to open a ticket with support.

This CSV file can be used to import your users to AuthN.

Was this article helpful?

Contact us