
auth0-migration
★ 37by auth0 · part of auth0/agent-skills
Use when migrating or switching from an existing auth provider (Firebase, Cognito, Supabase, Clerk, custom auth) to Auth0 - covers bulk user import, gradual…
Use when migrating or switching from an existing auth provider (Firebase, Cognito, Supabase, Clerk, custom auth) to Auth0 - covers bulk user import, gradual…
Inspect the full instructions your agent will receiveExpandCollapse
This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.
by auth0
Use when migrating or switching from an existing auth provider (Firebase, Cognito, Supabase, Clerk, custom auth) to Auth0 - covers bulk user import, gradual…
npx skills add https://github.com/auth0/agent-skills --skill auth0-migration
Download ZIPGitHub37
Auth0 Migration Guide
Migrate users and authentication flows from existing auth providers to Auth0.
Overview
When to Use This Skill
-
Migrating from another auth provider to Auth0
-
Bulk importing existing users
-
Gradually transitioning active user bases
-
Updating JWT validation in APIs
When NOT to Use
-
Starting fresh with Auth0 - Use
auth0-quickstartfor new projects without existing users -
Already using Auth0 - This is for migrating TO Auth0, not between Auth0 tenants
-
Only adding MFA or features - Use feature-specific skills if just adding capabilities
Migration Approaches
-
Bulk Migration: One-time user import (recommended for small/inactive bases)
-
Gradual Migration: Lazy migration over time (recommended for large active bases)
-
Hybrid: Import inactive users, lazy-migrate active users
Step 0: Detect Existing Auth Provider
Check if the project already has authentication:
Search for common auth-related patterns in the codebase:
Pattern Indicates
signInWithEmailAndPassword, onAuthStateChanged Firebase Auth
useUser, useSession, isSignedIn Existing auth hooks
passport.authenticate, LocalStrategy Passport.js
authorize, getAccessToken, oauth OAuth/OIDC
JWT, jwt.verify, jsonwebtoken Token-based auth
/api/auth/, /login, /callback Auth routes
If existing auth detected, ask:
I detected existing authentication in your project. Are you:
-
Migrating to Auth0 (replace existing auth)
-
Adding Auth0 alongside (keep both temporarily)
-
Starting fresh (remove old auth, new Auth0 setup)
Migration Workflow
Step 1: Export Existing Users
Export users from your current provider. See User Import Guide for detailed instructions:
Required data per user:
-
Email address
-
Email verified status
-
Password hash (if available)
-
User metadata/profile data
-
Creation timestamp
Step 2: Import Users to Auth0
Import users via Dashboard, CLI, or Management API.
Quick start:
# Via Auth0 CLI
auth0 api post "jobs/users-imports" \
--data "connection_id=con_ABC123" \
--data "[email protected]"
For detailed instructions:
Step 3: Migrate Application Code
Update your application code to use Auth0 SDKs.
See Code Migration Patterns for detailed before/after examples:
Frontend:
Backend:
Provider-Specific:
After migrating code, use framework-specific skills:
-
auth0-reactfor React applications -
auth0-nextjsfor Next.js applications -
auth0-vuefor Vue.js applications -
auth0-angularfor Angular applications -
auth0-expressfor Express.js applications -
auth0-react-nativefor React Native/Expo applications
Step 4: Update API JWT Validation
If your API validates JWTs, update to validate Auth0 tokens.
Key differences:
-
Algorithm: HS256 (symmetric) → RS256 (asymmetric)
-
Issuer: Custom →
https://YOUR_TENANT.auth0.com/ -
JWKS URL:
https://YOUR_TENANT.auth0.com/.well-known/jwks.json
See JWT Validation Examples for:
-
Node.js / Express implementation
-
Python / Flask implementation
-
Key differences and migration checklist
Gradual Migration Strategy
For production applications with active users, use a phased approach:
Phase 1: Parallel Auth
Support both Auth0 and legacy provider simultaneously:
// Support both providers during migration
const getUser = async () => {
// Try Auth0 first
const auth0User = await getAuth0User();
if (auth0User) return auth0User;
// Fall back to legacy provider
return await getLegacyUser();
};
Phase 2: New Users on Auth0
-
All new signups go to Auth0
-
Existing users continue on legacy provider
-
Migrate users on next login (lazy migration)
Phase 3: Forced Migration
-
Prompt remaining users to "update account"
-
Send password reset emails via Auth0
-
Set deadline for legacy system shutdown
Phase 4: Cleanup
-
Remove legacy auth code
-
Archive user export for compliance
-
Update documentation
Common Migration Issues
Issue Solution Password hashes incompatible Use Auth0 custom DB connection with lazy migration Social logins don't link Configure same social connection, users auto-link by email Custom claims missing Add claims via Auth0 Actions Token format different Update API to validate RS256 JWTs with Auth0 issuer Session persistence Auth0 uses rotating refresh tokens; update token storage Users must re-login Expected for redirect-based auth; communicate to users
Reference Documentation
User Import
Complete guide to exporting and importing users:
Code Migration
Before/after examples for all major frameworks:
Related Skills
Core Integration
auth0-quickstart- Initial Auth0 setup after migration
SDK Skills
-
auth0-react- React SPA integration -
auth0-nextjs- Next.js integration -
auth0-vue- Vue.js integration -
auth0-angular- Angular integration -
auth0-express- Express.js integration -
auth0-react-native- React Native/Expo integration
References
npx skills add https://github.com/auth0/agent-skills --skill auth0-migrationRun this in your project — your agent picks the skill up automatically.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.