Okta
Octa
Introduction
One of the challenges when migrating an application's authentication infrastructure to Auth0 is migrating user information from the existing user database to Auth0.
Auth0 provides the following two user import functions, and this time we will introduce the procedure for "automatic migration".
- Batch import: Migration using a JSON file that defines user information
- Automatic migration: Automatically migrate user information from the existing user database when the user logs in via Auth0
premise
The existing user database environment used in the procedure on this page and the login operation check is as follows.
- Database environment: Use Amazon RDS
- MySQL version 8.0.28
- Network connection from Auth0 tenant
*In a real environment, there are cases where it is not possible to directly connect to the database from the Internet. In that case, it is necessary to take measures such as providing an API for database reference.
- Database name: userdb
- Table name: members
- User information stored in the table:
| Identity | User Name | Password * | |
| user01 | test.user1 | test.user1@example.com | $2a$0... (snip)...iH8du |
| user02 | test.user2 | test.user2@example.com | $2a$0... (snip)...iH8du |
* Hash value by bcrypt
The operation examples on this page are for Auth0-linked web applications. In addition, the information regarding functions and settings described on this page is current as of December 2022.
User migration for automatic migration
The automatic migration function migrates users from the existing user database to Auth0 according to the flow below.
Setting overview
To realize user migration by automatic migration, the following settings are required.
- Setting the Custom Database Connection feature
Define a new Custom Database Connection to enable linkage with the existing user database - Enabling the automatic migration feature
Enable the automatic migration function in the defined Custom Database Connection - Customizing Database Action Scripts
Define Login and Get User scripts to realize linkage processing with existing user database
Setting Example
- Click Authentication > Database
![[ Authentication ] > [ Database ]をクリック](/business/security/okta/image/okta_auth0_ummi_dr02.png)
- Click + Create DB connection
- Enter an arbitrary connection name in the Name field and click [Create].
![Enter an arbitrary connection name in the Name field and click [Create].](/business/security/okta/image/okta_auth0_ummi_dr04.png)
- On the Custom Database tab, enable Use my own database
In the Settings tab, enable Import Users to Auth0
- [Custom Database] tab > Database Action Script > [Login] tab, select MySQL (template for MySQL) from [Load Template]
![[ Custom Database ]タブ > Database Action Script > [ Login ]タブで、[ Load Template ]からMySQL(MySQL用テンプレート)を選択](/business/security/okta/image/okta_auth0_ummi_dr07.png)
- Edit the template script according to the connection parameters to the existing user database, table information, password hashing algorithm, etc.
function login(email, password, callback) {
const mysql = require('mysql');
const bcrypt = require('bcrypt');
const connection = mysql.createConnection({
host: ‘データベースのホスト名',
user: 'ユーザ名',
password: 'パスワード',
database: 'データベース名',
port: ポート番号
});
connection.connect();
const query = 'SELECT ID, UserName, Email, Password FROM members WHERE Email = ?';
connection.query(query, [ email ], function(err, results) {
if (err) return callback(err);
if (results.length === 0) return callback(new WrongUsernameOrPasswordError(email));
const user = results[0];
bcrypt.compare(password, user.Password, function(err, isValid) {
if (err || !isValid) return callback(err || new WrongUsernameOrPasswordError(email));
callback(null, {
user_id: user.ID.toString(),
//nickname: user.nickame,
email: user.Email
});
});
});
}
- On the [Get User] tab, select MySQL (Template for MySQL) from [Load Template]
![On the [Get User] tab, select MySQL (Template for MySQL) from [Load Template]](/business/security/okta/image/okta_auth0_ummi_dr08.png)
- Edit the template script according to the connection parameters for the existing user database, table information, etc.
function getByEmail(email, callback) {
const mysql = require('mysql');
const connection = mysql.createConnection({
host: 'データベースのホスト名',
user: 'ユーザ名',
password: 'パスワード',
database: 'データベース名',
port: ポート番号
});
connection.connect();
const query = 'SELECT Id, UserName, Email FROM members WHERE Email = ?';
connection.query(query, [ email ], function(err, results) {
if (err || results.length === 0) return callback(err || null);
const user = results[0];
callback(null, {
user_id: user.Id.toString(),
//nickname: user.nickname,
email: user.Email
});
});
}
- After editing each script, click [Save And Try] to test the connection
![After editing each script, click [Save And Try] to test the connection](/business/security/okta/image/okta_auth0_ummi_dr09.png)
- Enter the user information in the existing user database and click [Try].
* Enter only the email address for the Get User script
![After editing each script, click [Save And Try] to test the connection](/business/security/okta/image/okta_auth0_ummi_dr10.png)
- Confirm the success of the connection test by displaying the following message.
Login confirmation example: login by a user in the existing user database
![Auth0管理画面 [ User Management ] > [ Users ]にて、既存ユーザデータベース内のユーザがAuth0側へインポートされていることを確認](/business/security/okta/image/okta_auth0_ummi_dr14.png)
in conclusion
By using the automatic migration function, users can be automatically migrated from the existing user database to Auth0 when the user logs in. This function can also be used in the free Auth0 trial environment, so please try it out.
Auth0 has a user migration function in addition to the automatic migration introduced this time. If you are interested in user migration realized by Auth0, please contact us.
reference
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Weekdays: 9:00-17:00