How should I migrate user login form Meteor to non-Meteor project?


I am migrating user documents in Mongo from my Meteor project to non-Meteor project (express backend + mongodb).

I would like to know how to migrate the user data so that the users can continue to login using the same password in my non-Meteor app. I don’t fully understand what goes on under the hood in Meteor’s user-accounts package for login/signup.

Currently, the users in Mongo have this shape in my Meteor app:

	"_id" : "some id",
	"createdAt" : date,
	"services" : {
		"password" : {
			"bcrypt" : "some hash"
		"resume" : {
			"loginTokens" : [
					"when" : date,
					"hashedToken" : "some hash"
	"username" : "some username"

My plan is to use bcrypt to hash the plain password when user tries to login in a non-Meteor app, and compare it with the value for services.password.bcrypt. Would it work?


What are you migrating to? I’d be nice to have a migration path to something like


I am using passportjs.

I saw in this StackOverflow question that accounts-password hashes the password with sha-256 before sending the plaintext to the server.

So I think the login flow using passportjs should be:

  • user tries to login with id/password
  • hash the password with sha256 and send to server
  • use bcrypt to hash and compare the password from the db.

But what about salts? Does Meteor salt the hash and where are they stored?


Bcrypt’s whole reason for being is salts.

Yes, Meteor salts.


Figured it out.

  1. Hash the plaintext password with sha256
  2. Compare the hash to the services.password.bcrypt using bcrypt.
  3. If match, login, if not reject.

Works well with passportjs.


Note - you need to use the SHA256 module that is included in Meteor as opposed to say,