Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does Auth0 provide a way to export a user database?

Tags:

auth0

Auth0 looks like a very promising user management solution, but I'm curious if it allows you to export a user database.

This is an important feature because:

  1. I'd like to make my own backups. (Not so much because I'm worried Auth0 might lose my data. But what if there's a bug in my code or my Auth0 keys are compromised?)
  2. I might want to switch user management providers someday.

From Documentation > Importing Users to Auth0, I see there's a way to import users (on-demand when you can obtain their passwords anyway). And I can see they use bcrypt for password hashing (at least by default). But I don't see any mention of exporting users.

like image 351
C. Dragon 76 Avatar asked Aug 04 '15 15:08

C. Dragon 76

2 Answers

Auth0 does not currently provide the facility to directly export password hashes. Not on their API and not by downloading from their web interface. Probably they never will provide this doing so would somewhat reduce security since an attacker with access to your Auth0 account could then attempt to brute force all of the user's accounts rather than just the active ones.

To get a more or less compuete export of user data there are three possible ways, all of which require activity in advance.

  1. Request a full export from support - currently you have to be already signed up for support at at least developer level for at least a month (see the document Moving out of Auth0)
  2. Do a gradual move out by creating a new, local password hash each time the user logs in. - you will have to wait for all your users to have logged in once. This is the inverse of the procedure for migrating in to Auth0. N.B. this will mean you miss users who never log in during your migration period.
  3. Create and store a password hash yourself using Auth0s custom database connection for use whenever your user logs in. If you already have users in Auth0 you can combine this with method 2. to migrate those users into your custom database.

The answer from Nathan Totten here covers how to get the rest of your user data, though Auth0 support should be able to provide you with an export including all of that.

like image 91
Michael Avatar answered Sep 21 '22 05:09

Michael

The Auth0 Management API allows you to export your data. Additionally, we have a tool that will help you both import and export users: https://auth0.com/docs/extensions/user-import-export

For the official policy see this document: https://auth0.com/docs/policies/data-export

like image 34
Nathan Totten Avatar answered Sep 21 '22 05:09

Nathan Totten
Sign in to Comment

Related questions

How do I pass configuration options to an Auth0 hosted page using the JS API?
signoutRedirect of oidc-client-js against Auth0 returns no end session endpoint
Error: Bad Audience while making Auth0 /user/user_id api call
Set custom login url in Spring Security UsernamePasswordAuthenticationFilter JWT authentication
Implicit Flow with silent refresh in React
Auth0 - enriching data with user information
'Could not load type 'Microsoft.Extensions.Primitives.InplaceStringBuilder' from assembly 'Microsoft.Extensions.Primitives
ASP.NET Core 2.1 cookie authentication appears to have server affinity
Auth0 - Disable user profile cache
Lock Auth0 for android not returning UserProfile on authentication
How to properly handle a JWT refresh?
CORS problems with Auth0 and React
TypeError, 'digest' of undefined, in development environment
How is angular-jwt decoding my JWT without a secret?
How to use Auth0 with react-admin?
KeyCloak should be used as auth server for my users?
How do I get a refresh token from auth0 passwordless using lock v11?
Verifying Auth0 JWT throws invalid algorigthm
Auth0 does not persist login on page refresh for email/password

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!