From bed1c351f6e113cb603f7fc722e9550e0f87a5d1 Mon Sep 17 00:00:00 2001 From: wassimoo <12980387+wassimoo@users.noreply.github.com> Date: Mon, 27 Oct 2025 11:18:13 +0100 Subject: [PATCH 01/10] fix: correct Auth0 export users script and update documentation --- .../migrate-to-ory/0-get-auth0-user-data.sh | 57 +++-- docs/migrate-to-ory/auth0.mdx | 223 ++++++++++++------ 2 files changed, 187 insertions(+), 93 deletions(-) diff --git a/code-examples/migrate-to-ory/0-get-auth0-user-data.sh b/code-examples/migrate-to-ory/0-get-auth0-user-data.sh index d133b6f975..8dd38ae58a 100644 --- a/code-examples/migrate-to-ory/0-get-auth0-user-data.sh +++ b/code-examples/migrate-to-ory/0-get-auth0-user-data.sh @@ -1,9 +1,17 @@ #!/bin/bash +set -euo pipefail + +if [ -z "${AUTH0_DOMAIN:-}" ] || [ -z "${AUTH0_TOKEN:-}" ] || [ -z "${AUTH0_CONNECTION_ID:-}" ]; then + echo "Error: Required environment variables not set" + echo "Please set: AUTH0_DOMAIN, AUTH0_TOKEN, AUTH0_CONNECTION_ID" + exit 1 +fi + job_response=$( curl --request POST -s --url "https://${AUTH0_DOMAIN}/api/v2/jobs/users-exports" \ --header "authorization: Bearer ${AUTH0_TOKEN}" \ --header "content-type: application/json" \ - --data '{"connection_id": "'$AUTH0_CONNECTION_ID'", "format": "json", "fields": [ + --data '{"connection_id": "'"$AUTH0_CONNECTION_ID"'", "format": "json", "fields": [ {"name": "user_id"}, {"name": "email"}, {"name": "email_verified"}, @@ -31,27 +39,46 @@ job_response=$( job_id=$(echo "$job_response" | jq -r ".id") +if [ -z "$job_id" ] || [ "$job_id" = "null" ]; then + echo "Error: Failed to create export job" + echo "$job_response" | jq + exit 1 +fi + +echo "Export job created with ID: $job_id" + poll_job_status() { jobstatus=$(curl --request GET -s --url "https://${AUTH0_DOMAIN}/api/v2/jobs/${job_id}" --header "authorization: Bearer ${AUTH0_TOKEN}") - state=$(echo $jobstatus | jq -r ".status") - echo "jobstate: ${state}" - - if [[ $state == "pending" ]] || [[ $state == "processing" ]]; then - echo "${jobstatus}" | jq ".time_left_seconds" | read timeleft - if [ -z $timeleft]; then - sleep 1 - echo "polling job state" + state=$(echo "$jobstatus" | jq -r ".status") + echo "Job state: ${state}" + + if [[ "$state" == "pending" ]] || [[ "$state" == "processing" ]]; then + timeleft=$(echo "$jobstatus" | jq -r ".time_left_seconds") + if [ "$timeleft" = "null" ] || [ -z "$timeleft" ]; then + sleep 5 + echo "Polling job state..." else - sleep $timeleft - echo "time left: ${timeleft}s" + echo "Time left: ${timeleft}s" + sleep "$timeleft" fi poll_job_status - elif [[ $state == "completed" ]]; then - location=$(echo $jobstatus | jq -r ".location") + elif [[ "$state" == "completed" ]]; then + location=$(echo "$jobstatus" | jq -r ".location") curl "$location" --silent --output "AUTH0_USERDATA_nd.json.gz" gzip -d -c "AUTH0_USERDATA_nd.json.gz" | jq -s "." >"AUTH0_USERDATA.json" - echo "Finished downloading Auth0 user data!" + echo "Finished downloading Auth0 user data to AUTH0_USERDATA.json!" + + elif [[ "$state" == "failed" ]]; then + echo "Error: Export job failed" + echo "$jobstatus" | jq + exit 1 + + else + echo "Unknown job state: $state" + echo "$jobstatus" | jq + exit 1 fi } -poll_job_status + +poll_job_status \ No newline at end of file diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 2ee8d8fc8a..8923809c41 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -11,26 +11,94 @@ credentials. If your setup is different, you can use this document as a starting point in defining your own migration procedure. -This document takes you through the following steps: +## Prerequisites -- Exporting password hashes of your Auth0 users -- Creating a bulk export that contains the complete user data -- Importing Auth0 users to Ory using a custom script +Before you begin, ensure you have: -## Export password hashes +- **Auth0 account** with admin access to export user data +- **Ory account** and CLI installed +{/* TODO: change this to refer to new migration guide (docs/migrate-to-ory/migrate/create-project.mdx) */} +- **Ory project** created - See [creating a project](index.mdx) for instructions +- **Required tools**: + - [jq](https://jqlang.org/) - Command-line JSON processor + - [Gzip](https://www.gnu.org/software/gzip/) - Compression utility + - [Ory CLI](../guides/cli/01_installation.mdx) - Ory command-line interface +- **Time estimate**: 1-2 hours depending on the number of users -Because password hashes are considered sensitive information, Auth0 doesn't export them as part of the general export process. To -get the password hashes and other password-related information, you must create an Auth0 support ticket. +## Overview + +The migration process consists of three phases: + +1. **Prepare your Auth0 data** - Export user data and password hashes +2. **Configure your Ory project** - Set up identity schema for email authentication +3. **Import users to Ory** - Run the migration script to create users in Ory + +--- + +## Phase 1: Prepare your Auth0 data + +### 1. Create bulk user export + +To create a [bulk user export](https://auth0.com/docs/manage-users/user-migration/bulk-user-exports), you need a Management API +Access Token and the ID of your connection. This data is used by the migration script you run to get the user data. You can +inspect the script +[here](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/0-get-auth0-user-data.sh). + +#### Get API access token and connection ID + +Follow these steps to get the Management API Access Token and connection ID: + +1. Go to your [Auth0 dashboard](https://manage.auth0.com/#) and navigate to **Applications** → **APIs**. +2. Select **Auth0 Management API** and go to the **API Explorer** tab. Copy the displayed token. + + :::warning Token expiration + The token is valid for 24 hours by default and is configurable. + ::: + +3. Go to **Authentication** and navigate to **Database**. +4. Click the connection for which you want to export user data and copy its ID. + +#### Run export script + +The script accounts for all possible metrics you can export in a bulk user export. The bulk user export is a compressed, +newline-delimited JSON file. The process takes some time to complete and the compressed file is downloaded automatically when it's +ready. + +Follow these steps to export the user data: + +1. Export the required environment variables: + + ```shell + export AUTH0_DOMAIN="your_auth0_domain.auth0.com" + export AUTH0_CONNECTION_ID="your_auth0_connection_id" + export AUTH0_TOKEN="your_auth0_management_api_token" + ``` + +2. Run the script: + + ```shell + bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/0-get-auth0-user-data.sh) + ``` + + This script creates `AUTH0_USERDATA.json` in your current directory containing all exported user data. + +### 2. Export password hashes + +Exporting password hashes is optional but recommended. Because password hashes are considered sensitive information, Auth0 doesn't export them as part of the general export process. To get the password hashes and other password-related information, you must [create an Auth0 support ticket](#create-auth0-support-ticket). If you get your users' password hashes and import them to Ory, users can log in to their accounts using the same credentials they used before the migration. If you can't get users' password hashes, you can still import Auth0 user accounts to Ory and migrate them using a [Password migration hook](../kratos/manage-identities/25_import-user-accounts-identities.mdx). -When you export password hashes, none of the involved parties has access to users' plain text passwords. +:::note +Password hash exports are not available for Auth0's Free subscription tier. You'll need a paid Auth0 plan to request this +data. +::: -### Create Auth0 support ticket +#### Create Auth0 support ticket -Follow these steps to get the password hashes from Auth0: +Follow these steps to get the password hashes from Auth0. For more information, see the +[Auth0 documentation on exporting password hashes](https://auth0.com/docs/troubleshoot/customer-support/manage-subscriptions/export-data#user-passwords). 1. Go to your [Auth0 dashboard](https://manage.auth0.com/#) and select **Get Support**. 2. Navigate to **Tickets** → **View All** and select **Open Ticket**. @@ -38,10 +106,10 @@ Follow these steps to get the password hashes from Auth0: hashes** option. 4. Fill in the form and submit the ticket. -### Exported password hashes +#### Download password hashes file -When Auth0 processes your request, you can download a compressed JSON file that contains user IDs, password hashes, and related -information. To get complete user data, you must create a bulk user export. +When Auth0 processes your request, download the compressed JSON file that contains user IDs, password hashes, and related +information. The file you get has this format: @@ -50,99 +118,98 @@ The file you get has this format: {"_ID":{"$oid":"60425da93519d90068f82966"},"email_verified":false,"email":"test@example.com","passwordHash":"$2b$10$CSZ2JarG4XYbGa.JkfpqnO2wrlbfp5eb5LScHSGo9XGeZ.a.Ic54S","password_set_date":{"$date":"2021-03-05T16:34:49.502Z"},"tenant":"dev-rwsbs6ym","connection":"Username-Password-Authentication","_tmp_is_unique":true} ``` -## Create a bulk user export +--- -To create a [bulk user export](https://auth0.com/docs/manage-users/user-migration/bulk-user-exports), you need a Management API -Access Token and the ID of your connection. This data is used by the migration script you run to get the user data. You inspect -the script [here](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/0-get-auth0-user-data.sh). +## Phase 2: Configure your Ory project -### Get API Access Token and connection ID +### 1. Set environment variables -Follow these steps to get the Management API Access Token and connection ID: +Set your project and workspace IDs as environment variables: -1. Go to your [Auth0 dashboard](https://manage.auth0.com/#) and navigate to **Applications** → **APIs**. -2. Select **Auth0 Management API** and go to the **API Explorer** tab. Copy the displayed token. The token is valid for 24 hours, - repeat the process to generate a new token. -3. Go to **Authentication** and navigate to **Database**. -4. Click the connection for which you want to export user data and copy its ID. +```shell +export ORY_PROJECT_ID='{your-project-id}' +export ORY_WORKSPACE_ID='{your-workspace-id}' +``` -### Run the script +:::tip Finding your IDs -To create a bulk user export, run the supplied script. To use it, you must install: +If you don't have these values, you can retrieve them: -- [jq](https://stedolan.github.io/jq/download/) -- [Gzip](https://www.gnu.org/software/gzip/) +- **Using the CLI**: Run `ory list projects` to see all your projects and their IDs +- **Using the Console**: Go to [Ory Console](https://console.ory.sh/), select your project, and find the IDs in the project settings -The script accounts for all possible metrics you can export in a bulk user export. The bulk user export is a compressed, -newline-delimited JSON. The process takes some time to complete and the compressed file is downloaded automatically when it's -ready. +::: -Follow these steps: -1. Export the required environment variables: - ```shell - export AUTH0_DOMAIN="$your_auth0_domain.auth0.com" - export AUTH0_CONNECTION_ID="$your_auth0_connection_id" - export AUTH0_TOKEN="$your_auth0_management_api_token" - ``` +### 2. Configure identity schema -2. Run the script: +Before importing users, you need to configure your Ory project's identity schema to match your Auth0 setup. Since Auth0 users authenticate with email and password, configure the identity schema to use the email preset. - ```shell - bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/0-get-auth0-user-data.sh) - ``` +Update your project's identity schema: + +```shell +ory patch identity-config --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_ID \ + --replace '/identity/default_schema_id="preset://email"' \ + --replace '/identity/schemas=[{"id":"preset://email","url":"base64://ewogICIkaWQiOiAiaHR0cHM6Ly9zY2hlbWFzLm9yeS5zaC9wcmVzZXRzL2tyYXRvcy9pZGVudGl0eS5lbWFpbC5zY2hlbWEuanNvbiIsCiAgIiRzY2hlbWEiOiAiaHR0cDovL2pzb24tc2NoZW1hLm9yZy9kcmFmdC0wNy9zY2hlbWEjIiwKICAidGl0bGUiOiAiUGVyc29uIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJmb3JtYXQiOiAiZW1haWwiLAogICAgICAgICAgInRpdGxlIjogIkUtTWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgIndlYmF1dGhuIjogewogICAgICAgICAgICAgICAgImlkZW50aWZpZXIiOiB0cnVlCiAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAidG90cCI6IHsKICAgICAgICAgICAgICAgICJhY2NvdW50X25hbWUiOiB0cnVlCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9LAogICAgICAgICAgICAicmVjb3ZlcnkiOiB7CiAgICAgICAgICAgICAgInZpYSI6ICJlbWFpbCIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInZlcmlmaWNhdGlvbiI6IHsKICAgICAgICAgICAgICAidmlhIjogImVtYWlsIgogICAgICAgICAgICB9CiAgICAgICAgICB9LAogICAgICAgICAgIm1heExlbmd0aCI6IDMyMAogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJlbWFpbCIKICAgICAgXSwKICAgICAgImFkZGl0aW9uYWxQcm9wZXJ0aWVzIjogZmFsc2UKICAgIH0KICB9Cn0K"}]' +``` -## Import users to Ory +--- -To import your Auth0 users to Ory, you must create new users in Ory and associate them with the imported data. +## Phase 3: Import users to Ory -- If you import the Auth0 user data from the bulk user export and you have the password hashes, your users can log in with their - emails and passwords. -- If you don't have password hashes from Auth0, create new users for the known email addresses and the associated data. In this - case, users must create new passwords when they log in to their accounts for the first time. To facilitate this, enable - [account recovery](../kratos/self-service/flows/account-recovery-password-reset). +### 1. Configure environment variables -The procedure is performed by running a -[custom script](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh). To use -it, you must install: +Configure the migration script by exporting the necessary environment variables: -- [jq](https://stedolan.github.io/jq/download/) -- [Gzip](https://www.gnu.org/software/gzip/) +```shell +export RESERVE_ONLY="false" # Set to "true" if you DON'T HAVE Auth0 password hashes. +export AUTH0_USERDATA="{path-to-the-json-file-with-bulk-user-export-data}" +export AUTH0_PWEXPORT="{path-to-the-json-file-with-password-hashes}" +``` -Follow these steps to import Auth0 users to Ory: +:::info Migration Mode -1. Create an Ory Network project using Ory CLI: +- Set `RESERVE_ONLY="false"` if you have password hashes +- Set `RESERVE_ONLY="true"` if you don't have password hashes +::: - ```shell - ory create project --name "Ory Docs Auth0 Migration Example" - export ORY_PROJECT_ID='{set to the project ID from output}' - ``` +### 2. Run import script -2. Change the identity schema using Ory CLI: +Execute the migration script to import users: - ```shell - ory patch identity-config --project --workspace \ - --replace '/identity/default_schema_id="preset://email"' \ - --replace '/identity/schemas=[{"id":"preset://email","url":"base64://ewogICIkaWQiOiAiaHR0cHM6Ly9zY2hlbWFzLm9yeS5zaC9wcmVzZXRzL2tyYXRvcy9pZGVudGl0eS5lbWFpbC5zY2hlbWEuanNvbiIsCiAgIiRzY2hlbWEiOiAiaHR0cDovL2pzb24tc2NoZW1hLm9yZy9kcmFmdC0wNy9zY2hlbWEjIiwKICAidGl0bGUiOiAiUGVyc29uIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJmb3JtYXQiOiAiZW1haWwiLAogICAgICAgICAgInRpdGxlIjogIkUtTWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgIndlYmF1dGhuIjogewogICAgICAgICAgICAgICAgImlkZW50aWZpZXIiOiB0cnVlCiAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAidG90cCI6IHsKICAgICAgICAgICAgICAgICJhY2NvdW50X25hbWUiOiB0cnVlCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9LAogICAgICAgICAgICAicmVjb3ZlcnkiOiB7CiAgICAgICAgICAgICAgInZpYSI6ICJlbWFpbCIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInZlcmlmaWNhdGlvbiI6IHsKICAgICAgICAgICAgICAidmlhIjogImVtYWlsIgogICAgICAgICAgICB9CiAgICAgICAgICB9LAogICAgICAgICAgIm1heExlbmd0aCI6IDMyMAogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJlbWFpbCIKICAgICAgXSwKICAgICAgImFkZGl0aW9uYWxQcm9wZXJ0aWVzIjogZmFsc2UKICAgIH0KICB9Cn0K"}]' - ``` +```shell +bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh) +``` -3. Export the necessary environment variables: +You can inspect the script +[here](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh). - ```shell - export RESERVE_ONLY="false" # Set to "true" if you DON'T HAVE Auth0 password hashes. - export AUTH0_USERDATA="{path-to-the-json-file-with-bulk-user-export-data}" - export AUTH0_PWEXPORT="{path-to-the-json-file-with-password-hashes}" - ``` +--- -4. Run the script to import users: +## Post-migration steps - ```shell - bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh) - ``` +After the import script completes, follow these steps to verify and finalize the migration: -5. Check the list of users available in your project to verify if the operation is successful: +1. **Verify the migration**: Check the list of users available in your project to confirm the import was successful: ```shell - ory list identities --project --workspace + ory list identities --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_ID ``` + +2. **Test user login**: Try logging in with a few test accounts to ensure the migration was successful. + +3. **Enable account recovery** (if migrating without password hashes): + + - Users will need to reset their passwords on first login + - Ensure [account recovery](../kratos/self-service/flows/account-recovery-password-reset) is enabled + - Communicate this to your users before migration + +4. **Communicate with users**: Inform your users about: + + - The migration timeline + - Any actions they need to take (password reset if migrating without password hashes) + - How to get support if they encounter issues + +5. **Monitor the migration**: Keep track of user login attempts and any issues that arise during the first few days after + migration. From 889d08c32f4dbb6b9663adbf95c0280de97a97bf Mon Sep 17 00:00:00 2001 From: wassimoo <12980387+wassimoo@users.noreply.github.com> Date: Mon, 27 Oct 2025 11:42:01 +0100 Subject: [PATCH 02/10] docs: auth0 migration guid formatting improvements --- docs/migrate-to-ory/auth0.mdx | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 8923809c41..61d36d5c11 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -17,8 +17,8 @@ Before you begin, ensure you have: - **Auth0 account** with admin access to export user data - **Ory account** and CLI installed -{/* TODO: change this to refer to new migration guide (docs/migrate-to-ory/migrate/create-project.mdx) */} -- **Ory project** created - See [creating a project](index.mdx) for instructions + {/* TODO: change this to refer to new migration guide (docs/migrate-to-ory/migrate/create-project.mdx) */} +- **Ory project** created - See [creating a project](index.mdx) for instructions - **Required tools**: - [jq](https://jqlang.org/) - Command-line JSON processor - [Gzip](https://www.gnu.org/software/gzip/) - Compression utility @@ -52,7 +52,9 @@ Follow these steps to get the Management API Access Token and connection ID: 2. Select **Auth0 Management API** and go to the **API Explorer** tab. Copy the displayed token. :::warning Token expiration + The token is valid for 24 hours by default and is configurable. + ::: 3. Go to **Authentication** and navigate to **Database**. @@ -84,15 +86,18 @@ Follow these steps to export the user data: ### 2. Export password hashes -Exporting password hashes is optional but recommended. Because password hashes are considered sensitive information, Auth0 doesn't export them as part of the general export process. To get the password hashes and other password-related information, you must [create an Auth0 support ticket](#create-auth0-support-ticket). +Exporting password hashes is optional but recommended. Because password hashes are considered sensitive information, Auth0 doesn't +export them as part of the general export process. To get the password hashes and other password-related information, you must +[create an Auth0 support ticket](#create-auth0-support-ticket). If you get your users' password hashes and import them to Ory, users can log in to their accounts using the same credentials they used before the migration. If you can't get users' password hashes, you can still import Auth0 user accounts to Ory and migrate them using a [Password migration hook](../kratos/manage-identities/25_import-user-accounts-identities.mdx). -:::note -Password hash exports are not available for Auth0's Free subscription tier. You'll need a paid Auth0 plan to request this -data. +:::note + +Password hash exports are not available for Auth0's Free subscription tier. You'll need a paid Auth0 plan to request this data. + ::: #### Create Auth0 support ticket @@ -136,15 +141,15 @@ export ORY_WORKSPACE_ID='{your-workspace-id}' If you don't have these values, you can retrieve them: - **Using the CLI**: Run `ory list projects` to see all your projects and their IDs -- **Using the Console**: Go to [Ory Console](https://console.ory.sh/), select your project, and find the IDs in the project settings +- **Using the Console**: Go to [Ory Console](https://console.ory.sh/), select your project, and find the IDs in the project + settings ::: - - ### 2. Configure identity schema -Before importing users, you need to configure your Ory project's identity schema to match your Auth0 setup. Since Auth0 users authenticate with email and password, configure the identity schema to use the email preset. +Before importing users, you need to configure your Ory project's identity schema to match your Auth0 setup. Since Auth0 users +authenticate with email and password, configure the identity schema to use the email preset. Update your project's identity schema: @@ -171,7 +176,8 @@ export AUTH0_PWEXPORT="{path-to-the-json-file-with-password-hashes}" :::info Migration Mode - Set `RESERVE_ONLY="false"` if you have password hashes -- Set `RESERVE_ONLY="true"` if you don't have password hashes +- Set `RESERVE_ONLY="true"` if you don't have password hashes + ::: ### 2. Run import script From 9a3928139ef45f1dc08b4fcafb0e81a546dade5a Mon Sep 17 00:00:00 2001 From: Wassim <12980387+wassimoo@users.noreply.github.com> Date: Wed, 12 Nov 2025 15:34:15 +0100 Subject: [PATCH 03/10] docs: improve formatting in auth0 migration to follow our style guide. --- docs/migrate-to-ory/auth0.mdx | 60 ++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 61d36d5c11..5d707ee77b 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -15,29 +15,29 @@ If your setup is different, you can use this document as a starting point in def Before you begin, ensure you have: -- **Auth0 account** with admin access to export user data -- **Ory account** and CLI installed +- Auth0 account with admin access to export user data +- Ory account and CLI installed {/* TODO: change this to refer to new migration guide (docs/migrate-to-ory/migrate/create-project.mdx) */} -- **Ory project** created - See [creating a project](index.mdx) for instructions -- **Required tools**: +- Ory project created - See [creating a project](index.mdx) for instructions +- Required tools: - [jq](https://jqlang.org/) - Command-line JSON processor - [Gzip](https://www.gnu.org/software/gzip/) - Compression utility - [Ory CLI](../guides/cli/01_installation.mdx) - Ory command-line interface -- **Time estimate**: 1-2 hours depending on the number of users +- Time estimate: 1-2 hours depending on the number of users ## Overview The migration process consists of three phases: -1. **Prepare your Auth0 data** - Export user data and password hashes -2. **Configure your Ory project** - Set up identity schema for email authentication -3. **Import users to Ory** - Run the migration script to create users in Ory +1. [Prepare your Auth0 data](#prepare-your-auth0-data): Export user data and password hashes +2. [Configure your Ory project](#configure-your-ory-project): Set up identity schema for email authentication +3. [Import users to Ory](#import-users-to-ory): Run the migration script to create users in Ory --- -## Phase 1: Prepare your Auth0 data +## Prepare your Auth0 data -### 1. Create bulk user export +### Create bulk user export To create a [bulk user export](https://auth0.com/docs/manage-users/user-migration/bulk-user-exports), you need a Management API Access Token and the ID of your connection. This data is used by the migration script you run to get the user data. You can @@ -82,17 +82,21 @@ Follow these steps to export the user data: bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/0-get-auth0-user-data.sh) ``` - This script creates `AUTH0_USERDATA.json` in your current directory containing all exported user data. + This script creates `AUTH0_USERDATA.json` in your current directory and contains all the exported user data. -### 2. Export password hashes +### Export password hashes Exporting password hashes is optional but recommended. Because password hashes are considered sensitive information, Auth0 doesn't export them as part of the general export process. To get the password hashes and other password-related information, you must [create an Auth0 support ticket](#create-auth0-support-ticket). If you get your users' password hashes and import them to Ory, users can log in to their accounts using the same credentials they -used before the migration. If you can't get users' password hashes, you can still import Auth0 user accounts to Ory and migrate -them using a [Password migration hook](../kratos/manage-identities/25_import-user-accounts-identities.mdx). +used before the migration. For more information, see +[Bulk identity migration](../migrate-to-ory/migrate/migrate-strategies#bulk-identity-migration). + +- If you can't get users' password hashes, you can still import Auth0 user accounts to Ory and migrate them using a + [Password migration hook](../kratos/manage-identities/25_import-user-accounts-identities.mdx). For more information, see + [Graceful identity migration](../migrate-to-ory/migrate/migrate-strategies#graceful-identity-migration). :::note @@ -125,9 +129,9 @@ The file you get has this format: --- -## Phase 2: Configure your Ory project +## Configure your Ory project -### 1. Set environment variables +### Set environment variables Set your project and workspace IDs as environment variables: @@ -140,13 +144,12 @@ export ORY_WORKSPACE_ID='{your-workspace-id}' If you don't have these values, you can retrieve them: -- **Using the CLI**: Run `ory list projects` to see all your projects and their IDs -- **Using the Console**: Go to [Ory Console](https://console.ory.sh/), select your project, and find the IDs in the project - settings +- Using the CLI: Run `ory list projects` to see all your projects and their IDs +- Using the Console: Go to [Ory Console](https://console.ory.sh/), select your project, and find the IDs in the project settings ::: -### 2. Configure identity schema +### Configure identity schema Before importing users, you need to configure your Ory project's identity schema to match your Auth0 setup. Since Auth0 users authenticate with email and password, configure the identity schema to use the email preset. @@ -161,9 +164,9 @@ ory patch identity-config --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_I --- -## Phase 3: Import users to Ory +## Import users to Ory -### 1. Configure environment variables +### Configure environment variables Configure the migration script by exporting the necessary environment variables: @@ -180,7 +183,7 @@ export AUTH0_PWEXPORT="{path-to-the-json-file-with-password-hashes}" ::: -### 2. Run import script +### Run import script Execute the migration script to import users: @@ -197,25 +200,24 @@ You can inspect the script After the import script completes, follow these steps to verify and finalize the migration: -1. **Verify the migration**: Check the list of users available in your project to confirm the import was successful: +1. Verify the migration: Check the list of users available in your project to confirm the import was successful: ```shell ory list identities --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_ID ``` -2. **Test user login**: Try logging in with a few test accounts to ensure the migration was successful. +2. Test user login: Try logging in with a few test accounts to ensure the migration was successful. -3. **Enable account recovery** (if migrating without password hashes): +3. Enable account recovery (if migrating without password hashes): - Users will need to reset their passwords on first login - Ensure [account recovery](../kratos/self-service/flows/account-recovery-password-reset) is enabled - Communicate this to your users before migration -4. **Communicate with users**: Inform your users about: +4. Communicate with users: Inform your users about: - The migration timeline - Any actions they need to take (password reset if migrating without password hashes) - How to get support if they encounter issues -5. **Monitor the migration**: Keep track of user login attempts and any issues that arise during the first few days after - migration. +5. Monitor the migration: Keep track of user login attempts and any issues that arise during the first few days after migration. From 8044ebeb8b7a2207b8d0e9752db3e3b35e7982b6 Mon Sep 17 00:00:00 2001 From: Wassim <12980387+wassimoo@users.noreply.github.com> Date: Thu, 13 Nov 2025 14:24:52 +0100 Subject: [PATCH 04/10] docs: update Auth0 migration guide to correct project link --- docs/migrate-to-ory/auth0.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 5d707ee77b..a259692549 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -17,8 +17,8 @@ Before you begin, ensure you have: - Auth0 account with admin access to export user data - Ory account and CLI installed - {/* TODO: change this to refer to new migration guide (docs/migrate-to-ory/migrate/create-project.mdx) */} -- Ory project created - See [creating a project](index.mdx) for instructions + {/* TODO: change this to refer to new migration guide () */} +- Ory project created - See [creating a project](docs/migrate-to-ory/migrate/create-project.mdx) for instructions - Required tools: - [jq](https://jqlang.org/) - Command-line JSON processor - [Gzip](https://www.gnu.org/software/gzip/) - Compression utility @@ -90,11 +90,11 @@ Exporting password hashes is optional but recommended. Because password hashes a export them as part of the general export process. To get the password hashes and other password-related information, you must [create an Auth0 support ticket](#create-auth0-support-ticket). -If you get your users' password hashes and import them to Ory, users can log in to their accounts using the same credentials they +- If you get your users' password hashes and import them to Ory, users can log in to their accounts using the same credentials they used before the migration. For more information, see [Bulk identity migration](../migrate-to-ory/migrate/migrate-strategies#bulk-identity-migration). -- If you can't get users' password hashes, you can still import Auth0 user accounts to Ory and migrate them using a +- If you can't get users' password hashes, you can still import Auth0 user accounts to Ory and migrate the hashes using a [Password migration hook](../kratos/manage-identities/25_import-user-accounts-identities.mdx). For more information, see [Graceful identity migration](../migrate-to-ory/migrate/migrate-strategies#graceful-identity-migration). From fb8ed63a8e1e9bb00c06de8cd21df39eeb1aa8af Mon Sep 17 00:00:00 2001 From: Wassim <12980387+wassimoo@users.noreply.github.com> Date: Thu, 13 Nov 2025 15:09:55 +0100 Subject: [PATCH 05/10] docs: refine Auth0 migration guide formatting and update project link reference --- docs/migrate-to-ory/auth0.mdx | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index a259692549..9f1b254f3d 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -17,7 +17,6 @@ Before you begin, ensure you have: - Auth0 account with admin access to export user data - Ory account and CLI installed - {/* TODO: change this to refer to new migration guide () */} - Ory project created - See [creating a project](docs/migrate-to-ory/migrate/create-project.mdx) for instructions - Required tools: - [jq](https://jqlang.org/) - Command-line JSON processor @@ -90,9 +89,9 @@ Exporting password hashes is optional but recommended. Because password hashes a export them as part of the general export process. To get the password hashes and other password-related information, you must [create an Auth0 support ticket](#create-auth0-support-ticket). -- If you get your users' password hashes and import them to Ory, users can log in to their accounts using the same credentials they -used before the migration. For more information, see -[Bulk identity migration](../migrate-to-ory/migrate/migrate-strategies#bulk-identity-migration). +- If you get your users' password hashes and import them to Ory, users can log in to their accounts using the same credentials + they used before the migration. For more information, see + [Bulk identity migration](../migrate-to-ory/migrate/migrate-strategies#bulk-identity-migration). - If you can't get users' password hashes, you can still import Auth0 user accounts to Ory and migrate the hashes using a [Password migration hook](../kratos/manage-identities/25_import-user-accounts-identities.mdx). For more information, see From d3d8cbebf0e1c4ea59bed4917ea26e6db76c1bce Mon Sep 17 00:00:00 2001 From: Wassim Bougarfa <12980387+wassimoo@users.noreply.github.com> Date: Fri, 14 Nov 2025 18:16:08 +0100 Subject: [PATCH 06/10] docs: update Auth0 migration guide for clarity and consistency --- docs/migrate-to-ory/auth0.mdx | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 9f1b254f3d..92bfbf0cff 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -16,8 +16,8 @@ If your setup is different, you can use this document as a starting point in def Before you begin, ensure you have: - Auth0 account with admin access to export user data -- Ory account and CLI installed -- Ory project created - See [creating a project](docs/migrate-to-ory/migrate/create-project.mdx) for instructions +- Ory account with an Ory project already created - See [creating a project](docs/migrate-to-ory/migrate/create-project.mdx) for + instructions - Required tools: - [jq](https://jqlang.org/) - Command-line JSON processor - [Gzip](https://www.gnu.org/software/gzip/) - Compression utility @@ -30,7 +30,7 @@ The migration process consists of three phases: 1. [Prepare your Auth0 data](#prepare-your-auth0-data): Export user data and password hashes 2. [Configure your Ory project](#configure-your-ory-project): Set up identity schema for email authentication -3. [Import users to Ory](#import-users-to-ory): Run the migration script to create users in Ory +3. [Import users to Ory](#import-users-to-ory): Run the migration import script to create users in Ory --- @@ -59,9 +59,9 @@ Follow these steps to get the Management API Access Token and connection ID: 3. Go to **Authentication** and navigate to **Database**. 4. Click the connection for which you want to export user data and copy its ID. -#### Run export script +### Run export script -The script accounts for all possible metrics you can export in a bulk user export. The bulk user export is a compressed, +The export script accounts for all possible metrics you can export in a bulk user export. The bulk user export is a compressed, newline-delimited JSON file. The process takes some time to complete and the compressed file is downloaded automatically when it's ready. @@ -75,13 +75,13 @@ Follow these steps to export the user data: export AUTH0_TOKEN="your_auth0_management_api_token" ``` -2. Run the script: +2. Run the export script: ```shell bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/0-get-auth0-user-data.sh) ``` - This script creates `AUTH0_USERDATA.json` in your current directory and contains all the exported user data. + This export script creates `AUTH0_USERDATA.json` in your current directory and contains all the exported user data. ### Export password hashes @@ -165,9 +165,13 @@ ory patch identity-config --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_I ## Import users to Ory +The migration import script processes your exported Auth0 user data and creates corresponding identities in Ory. You can inspect +the import script +[here](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh). + ### Configure environment variables -Configure the migration script by exporting the necessary environment variables: +Set necessary environment variables for the import script: ```shell export RESERVE_ONLY="false" # Set to "true" if you DON'T HAVE Auth0 password hashes. @@ -182,7 +186,7 @@ export AUTH0_PWEXPORT="{path-to-the-json-file-with-password-hashes}" ::: -### Run import script +### Run the import script Execute the migration script to import users: @@ -190,9 +194,6 @@ Execute the migration script to import users: bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh) ``` -You can inspect the script -[here](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh). - --- ## Post-migration steps @@ -211,7 +212,6 @@ After the import script completes, follow these steps to verify and finalize the - Users will need to reset their passwords on first login - Ensure [account recovery](../kratos/self-service/flows/account-recovery-password-reset) is enabled - - Communicate this to your users before migration 4. Communicate with users: Inform your users about: From 99de406e852a108f6ce7398ebf74de09b5ac643a Mon Sep 17 00:00:00 2001 From: Wassim Bougarfa <12980387+wassimoo@users.noreply.github.com> Date: Fri, 14 Nov 2025 18:47:12 +0100 Subject: [PATCH 07/10] docs: clarify wording in Auth0 migration guide import script section --- docs/migrate-to-ory/auth0.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 92bfbf0cff..6143a47b41 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -188,7 +188,7 @@ export AUTH0_PWEXPORT="{path-to-the-json-file-with-password-hashes}" ### Run the import script -Execute the migration script to import users: +Execute the import script to import users: ```shell bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh) From b9faa8a1cec14e5fda0ad4487239d307ccb304d7 Mon Sep 17 00:00:00 2001 From: Wassim Bougarfa <12980387+wassimoo@users.noreply.github.com> Date: Mon, 17 Nov 2025 12:25:04 +0100 Subject: [PATCH 08/10] feat: enhance Auth0 migration script with environment variable checks. --- .../migrate-to-ory/1-create-ory-identities.sh | 36 +++++++++++++++---- docs/migrate-to-ory/auth0.mdx | 26 ++++++++++++-- 2 files changed, 53 insertions(+), 9 deletions(-) diff --git a/code-examples/migrate-to-ory/1-create-ory-identities.sh b/code-examples/migrate-to-ory/1-create-ory-identities.sh index 9470346246..b081852624 100644 --- a/code-examples/migrate-to-ory/1-create-ory-identities.sh +++ b/code-examples/migrate-to-ory/1-create-ory-identities.sh @@ -1,4 +1,26 @@ #!/bin/bash +set -euo pipefail + +# Check required environment variables +if [[ -z "${ORY_PROJECT_ID:-}" ]] || [[ -z "${ORY_WORKSPACE_ID:-}" ]]; then + echo "Error: Required environment variables not set" + echo "Please set: ORY_PROJECT_ID, ORY_WORKSPACE_ID" + exit 1 +fi + +if [[ -z "${AUTH0_USERDATA:-}" ]]; then + echo "Error: AUTH0_USERDATA environment variable not set" + echo "Please set: AUTH0_USERDATA (path to Auth0 user data JSON file)" + exit 1 +fi + +if [[ "${RESERVE_ONLY:-false}" != "true" ]] && [[ -z "${AUTH0_PWEXPORT:-}" ]]; then + echo "Error: AUTH0_PWEXPORT environment variable not set" + echo "Please set: AUTH0_PWEXPORT (path to password hashes JSON file)" + echo "Or set RESERVE_ONLY=true to skip password import" + exit 1 +fi + create_payload() { unset payload ory_schema_id='preset://email' @@ -21,7 +43,7 @@ create_payload() { '{schema_id: $sid, traits: {email: $em}, - metadata_admin: "auth0", + metadata_admin: {origin: "auth0"}, credentials: {password: {config: @@ -35,7 +57,7 @@ create_identity() { echo "please supply a valid payload" exit 1 else - echo $payload | ory import identities --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_ID + echo $payload | ory import identities --workspace $ORY_WORKSPACE_ID --project $ORY_PROJECT_ID fi } @@ -47,13 +69,15 @@ if [[ "${RESERVE_ONLY}" == "true" ]]; then create_identity done else - # add passwords to user data by email - pw_hashes=$(cat "${AUTH0_PWEXPORT}" | jq -s "." | jq "map({email, passwordHash})") - auth0_alldata=$(jq 'JOIN(INDEX(inputs[];.email);.[];.email;add)' <(cat "${AUTH0_USERDATA}") <(echo "$pw_hashes") | jq -s ".") + # Create an index from passwords file and merge with user data + auth0_alldata=$(jq --slurpfile pw "${AUTH0_PWEXPORT}" \ + '($pw[0] | INDEX(.email)) as $pw_index | + . | map(. + {passwordHash: (if $pw_index[.email] then $pw_index[.email].passwordHash else null end)})' \ + "${AUTH0_USERDATA}") echo "$auth0_alldata" | jq -r '.[] | .email, .passwordHash' | while read email && read pwhash; do create_payload - create_identity $payload + create_identity done fi diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 6143a47b41..51984858c4 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -122,8 +122,28 @@ information. The file you get has this format: ```json -{"_ID":{"$oid":"60425dc43519d90068f82973"},"email_verified":false,"email":"test2@example.com","passwordHash":"$2b$10$Z6hUTEEeoJXN5/AmSm/4.eZ75RYgFVriQM9LPhNEC7kbAbS/VAaJ2","password_set_date":{"$date":"2021-03-05T16:35:16.775Z"},"tenant":"dev-rwsbs6ym","connection":"Username-Password-Authentication","_tmp_is_unique":true} -{"_ID":{"$oid":"60425da93519d90068f82966"},"email_verified":false,"email":"test@example.com","passwordHash":"$2b$10$CSZ2JarG4XYbGa.JkfpqnO2wrlbfp5eb5LScHSGo9XGeZ.a.Ic54S","password_set_date":{"$date":"2021-03-05T16:34:49.502Z"},"tenant":"dev-rwsbs6ym","connection":"Username-Password-Authentication","_tmp_is_unique":true} +[ + { + "_ID": { "$oid": "60425dc43519d90068f82973" }, + "email_verified": false, + "email": "test2@example.com", + "passwordHash": "$2b$10$Z6hUTEEeoJXN5/AmSm/4.eZ75RYgFVriQM9LPhNEC7kbAbS/VAaJ2", + "password_set_date": { "$date": "2021-03-05T16:35:16.775Z" }, + "tenant": "dev-rwsbs6ym", + "connection": "Username-Password-Authentication", + "_tmp_is_unique": true + }, + { + "_ID": { "$oid": "60425da93519d90068f82966" }, + "email_verified": false, + "email": "test@example.com", + "passwordHash": "$2b$10$CSZ2JarG4XYbGa.JkfpqnO2wrlbfp5eb5LScHSGo9XGeZ.a.Ic54S", + "password_set_date": { "$date": "2021-03-05T16:34:49.502Z" }, + "tenant": "dev-rwsbs6ym", + "connection": "Username-Password-Authentication", + "_tmp_is_unique": true + } +] ``` --- @@ -169,7 +189,7 @@ The migration import script processes your exported Auth0 user data and creates the import script [here](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh). -### Configure environment variables +### Set environment variables Set necessary environment variables for the import script: From dfee90563ede6f3b89eb9cfa7e871f6f8ee13cf7 Mon Sep 17 00:00:00 2001 From: Wassim Bougarfa <12980387+wassimoo@users.noreply.github.com> Date: Mon, 17 Nov 2025 13:29:16 +0100 Subject: [PATCH 09/10] docs: refine wording in Auth0 migration guide for bulk user export section --- docs/migrate-to-ory/auth0.mdx | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index 51984858c4..fdba3bd2a8 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -38,10 +38,9 @@ The migration process consists of three phases: ### Create bulk user export -To create a [bulk user export](https://auth0.com/docs/manage-users/user-migration/bulk-user-exports), you need a Management API -Access Token and the ID of your connection. This data is used by the migration script you run to get the user data. You can -inspect the script -[here](https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/0-get-auth0-user-data.sh). +To create a [bulk user export](https://auth0.com/docs/manage-users/user-migration/bulk-user-exports), you need the Management API +Access Token and the ID of your connection. You will need this information to export the Auth0 user data, when you run the +migration export script. #### Get API access token and connection ID From 0a7542ad279b0dff42f31324400efb3939dd24c4 Mon Sep 17 00:00:00 2001 From: Wassim Bougarfa <12980387+wassimoo@users.noreply.github.com> Date: Wed, 19 Nov 2025 18:54:31 +0100 Subject: [PATCH 10/10] docs: remove redundant sections in Auth0 migration guide --- docs/migrate-to-ory/auth0.mdx | 8 -------- 1 file changed, 8 deletions(-) diff --git a/docs/migrate-to-ory/auth0.mdx b/docs/migrate-to-ory/auth0.mdx index fdba3bd2a8..9b0b87ad31 100644 --- a/docs/migrate-to-ory/auth0.mdx +++ b/docs/migrate-to-ory/auth0.mdx @@ -32,8 +32,6 @@ The migration process consists of three phases: 2. [Configure your Ory project](#configure-your-ory-project): Set up identity schema for email authentication 3. [Import users to Ory](#import-users-to-ory): Run the migration import script to create users in Ory ---- - ## Prepare your Auth0 data ### Create bulk user export @@ -145,8 +143,6 @@ The file you get has this format: ] ``` ---- - ## Configure your Ory project ### Set environment variables @@ -180,8 +176,6 @@ ory patch identity-config --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_I --replace '/identity/schemas=[{"id":"preset://email","url":"base64://ewogICIkaWQiOiAiaHR0cHM6Ly9zY2hlbWFzLm9yeS5zaC9wcmVzZXRzL2tyYXRvcy9pZGVudGl0eS5lbWFpbC5zY2hlbWEuanNvbiIsCiAgIiRzY2hlbWEiOiAiaHR0cDovL2pzb24tc2NoZW1hLm9yZy9kcmFmdC0wNy9zY2hlbWEjIiwKICAidGl0bGUiOiAiUGVyc29uIiwKICAidHlwZSI6ICJvYmplY3QiLAogICJwcm9wZXJ0aWVzIjogewogICAgInRyYWl0cyI6IHsKICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgInByb3BlcnRpZXMiOiB7CiAgICAgICAgImVtYWlsIjogewogICAgICAgICAgInR5cGUiOiAic3RyaW5nIiwKICAgICAgICAgICJmb3JtYXQiOiAiZW1haWwiLAogICAgICAgICAgInRpdGxlIjogIkUtTWFpbCIsCiAgICAgICAgICAib3J5LnNoL2tyYXRvcyI6IHsKICAgICAgICAgICAgImNyZWRlbnRpYWxzIjogewogICAgICAgICAgICAgICJwYXNzd29yZCI6IHsKICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogdHJ1ZQogICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgIndlYmF1dGhuIjogewogICAgICAgICAgICAgICAgImlkZW50aWZpZXIiOiB0cnVlCiAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAidG90cCI6IHsKICAgICAgICAgICAgICAgICJhY2NvdW50X25hbWUiOiB0cnVlCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9LAogICAgICAgICAgICAicmVjb3ZlcnkiOiB7CiAgICAgICAgICAgICAgInZpYSI6ICJlbWFpbCIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInZlcmlmaWNhdGlvbiI6IHsKICAgICAgICAgICAgICAidmlhIjogImVtYWlsIgogICAgICAgICAgICB9CiAgICAgICAgICB9LAogICAgICAgICAgIm1heExlbmd0aCI6IDMyMAogICAgICAgIH0KICAgICAgfSwKICAgICAgInJlcXVpcmVkIjogWwogICAgICAgICJlbWFpbCIKICAgICAgXSwKICAgICAgImFkZGl0aW9uYWxQcm9wZXJ0aWVzIjogZmFsc2UKICAgIH0KICB9Cn0K"}]' ``` ---- - ## Import users to Ory The migration import script processes your exported Auth0 user data and creates corresponding identities in Ory. You can inspect @@ -213,8 +207,6 @@ Execute the import script to import users: bash <(curl https://raw.githubusercontent.com/ory/docs/master/code-examples/migrate-to-ory/1-create-ory-identities.sh) ``` ---- - ## Post-migration steps After the import script completes, follow these steps to verify and finalize the migration: