Migration of Meteor Users to Auth0

Hi,

We’re working on migrating authentication for our Meteor app to Auth0 - we’re trying to figure out the best way to do this, but there does not seem to be a canonical solution - there have been some posts and some experience reports, but (for us at least), the best approach remains unclear (I guess there are also different requirements and technologies are changing etc etc).

Ideally, we would like to have a solution which does not require users to reset passwords, but we can live with one which does as long as we have a way for users to understand that they need to do this, prob at login.

We looked into the password verification mechanisms both on the Auth0 end and the Meteor end - it seems they differ by a single SHA256 operation; Meteor performs this on a cleartext pw before checking with bcrypt but Auth0 does not. We can use the Auth0 Bulk Import functionality and it does support importing bcrypt’d passwords but because of the above SHA256 operation, the standard Auth0 popup or ULP does not verify the pw correctly (or more accurately, the token that it tries to verify against was generated using a different process and hence it correctly does not verify).

Auth0 does provide the migration solution in which multiple DBs are operating concurrently - this is one approach we could use, but it does seem a bit heavy handed for what we want to do (which is just to import a modestly sized set of users and have their accounts recognized and managed by Meteor with minimal user friction).

If anyone has any thoughts on the best approach, we’d love to hear them…

Thanks in advance for any pointers,
Seán.

1 Like

So, I got some response from the Auth0 guys around this - it seems that the best approach for us is to use the custom DB solution and run two DBs simultaneously while the migration takes place.

Hope this helps someone in future…

2 Likes

I was investigating this myself recently. How did it to @seanrm ? Happy with the result ?

I did previously implement Auth0 login to Meteor 2 based WeKan, by modifying OAuth2/OIDC package.

Auth0 Docs

Auth0 Issue

Auth0 related fix

Forked OAuth2/OIDC packages

wekan-oidc and wekan-accounts-oidc here:

Other modifications to OAuth2/OIDC

Some are listed at right menu of WeKan wiki:

1 Like