Importing user with PBKDF2 hash to Firebase

Question

I am trying to import users to Firebase Auth from a MongoDB database using a Node script with firebase-adminSDK. In the legacy system passwords are hashed using PBKDF2 SHA256 with 25000 iterations and stored in the database as hex strings with a separate salt also stored as a hex string.

const users = [{
 uid: <idFromLegacyDb>,
 email: <emailFromLegacyDb>,
 passwordHash: Buffer.from('passwordHashFromLegacyDb', 'hex'),
 passwordSalt: Buffer.from('saltFromLegacyDb', 'hex'),
}]

const importResult = await auth.importUsers(users, {
 hash: {
  algorithm: 'PBKDF2_SHA256',
  rounds: 25000,
 }
})
console.log(importResult)

The import finishes with a success but login from the frontend returns with an incorrect password and the user entry in Firebase auth exists but without any passwordHash field.

Any ideas why login fails? Can't seem to find any logs from auth go get closer to the problem. Thanks!

score 0 · Answer 1 · answered Nov 14 '22 at 22:02

Ok, solved.

Like most other similar issues it turned out to be a problem with the encoding. Perhaps specific to my legacy setup but here is the correct code:

const users = [{
 uid: <idFromLegacyDb>,
 email: <emailFromLegacyDb>,
 passwordHash: Buffer.from('passwordHashFromLegacyDb', 'hex'),
 passwordSalt: Buffer.from('saltFromLegacyDb', 'utf8'), // salt buffer should be decoded as utf8
}]

const importResult = await auth.importUsers(users, {
 hash: {
  algorithm: 'PBKDF2_SHA256',
  rounds: 25000,
 }
})
console.log(importResult)

Importing user with PBKDF2 hash to Firebase

1 Answers1