Auth0 Migration

v1.0.0

Use when migrating or switching from an existing auth provider (Firebase, Cognito, Supabase, Clerk, custom auth) to Auth0 - covers bulk user import, gradual...

⭐ 0· 62·0 current·0 all-time

by@auth0

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for auth0/auth0-migration.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Auth0 Migration" (auth0/auth0-migration) from ClawHub.
Skill page: https://clawhub.ai/auth0/auth0-migration
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: auth0
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install auth0-migration

ClawHub CLI

Package manager switcher

npx clawhub@latest install auth0-migration

Security Scan

Capability signals

Requires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name, description, and instructions align: this is a migration guide that uses the Auth0 CLI to import users and update code. Requiring the auth0 CLI (brew package) is appropriate. However, the SKILL.md and reference files include examples that require Auth0 management credentials and source-provider credentials (e.g., AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, DATABASE_URL, AWS credentials, Firebase CLI auth), yet the skill's metadata declares no required environment variables or primary credential — an inconsistency.

Instruction Scope

The runtime instructions and reference docs instruct running auth0 CLI commands, provider export commands (firebase auth:export, aws cognito list-users, psql with $DATABASE_URL), and Management API calls. Those actions legitimately need local files and credentials, but the SKILL.md does not enumerate or require those credentials. The instructions do not attempt to exfiltrate data to any unexpected external endpoint — they target provider CLIs and Auth0 endpoints — but they implicitly rely on sensitive secrets and local data access that are not declared.

✓

Install Mechanism

Install spec uses a Homebrew formula (auth0/auth0-cli/auth0) to provide the auth0 binary. This is a typical, low-risk installation method pointing to an identifiable tap/package rather than an arbitrary download.

Credentials

The skill declares no required environment variables or primary credential, yet example code explicitly references AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, process.env.DATABASE_URL, and provider-specific auth (AWS CLI, Firebase CLI). Migration legitimately requires those secrets, so omission is disproportionate and confusing — the skill should declare them (and suggest least-privilege scopes).

✓

Persistence & Privilege

The skill is not forced-always (always: false) and is user-invocable. disable-model-invocation is false (agent can invoke it autonomously), which is normal for skills. No skill-level persistence or modifications to other skills or system-wide configs are requested.

What to consider before installing

This looks like a legitimate Auth0 migration guide, but it omits explicit declaration of the credentials and environment variables it expects. Before installing or running it: 1) Confirm you will provide Auth0 management credentials (or a Management API token) and source-provider credentials (database connection string, AWS/Firebase credentials) — give the minimum-scoped, short-lived tokens possible. 2) Test on a non-production/test Auth0 tenant and with a small user batch first. 3) Review the reference files locally to ensure commands target only your intended providers and that no unexpected endpoints are used. 4) Verify the brew auth0 package comes from the official tap and that you trust the skill's source (homepage points to an Auth0 repo; confirm authenticity). 5) Back up user data before any bulk imports and follow privacy/legal requirements for exporting/importing user data. If you want a safer install, ask the skill author to declare required environment variables and recommended scopes for tokens, and to explicitly document which credentials are needed for each export/import step.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis

OSmacOS · Linux

Binsauth0

Install

Install Auth0 CLI (brew)

Bins: auth0

latestvk97awzx72ydj9te8ham5q6eb6984w129

62downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

macOS, Linux

Auth0 Migration Guide

Migrate users and authentication flows from existing auth providers to Auth0.

Overview

When to Use This Skill

Migrating from another auth provider to Auth0
Bulk importing existing users
Gradually transitioning active user bases
Updating JWT validation in APIs

When NOT to Use

Starting fresh with Auth0 - Use auth0-quickstart for new projects without existing users
Already using Auth0 - This is for migrating TO Auth0, not between Auth0 tenants
Only adding MFA or features - Use feature-specific skills if just adding capabilities

Migration Approaches

Bulk Migration: One-time user import (recommended for small/inactive bases)
Gradual Migration: Lazy migration over time (recommended for large active bases)
Hybrid: Import inactive users, lazy-migrate active users

Step 0: Detect Existing Auth Provider

Check if the project already has authentication:

Search for common auth-related patterns in the codebase:

Pattern	Indicates
`signInWithEmailAndPassword`, `onAuthStateChanged`	Firebase Auth
`useUser`, `useSession`, `isSignedIn`	Existing auth hooks
`passport.authenticate`, `LocalStrategy`	Passport.js
`authorize`, `getAccessToken`, `oauth`	OAuth/OIDC
`JWT`, `jwt.verify`, `jsonwebtoken`	Token-based auth
`/api/auth/`, `/login`, `/callback`	Auth routes

If existing auth detected, ask:

I detected existing authentication in your project. Are you:

Migrating to Auth0 (replace existing auth)

Adding Auth0 alongside (keep both temporarily)

Starting fresh (remove old auth, new Auth0 setup)

Migration Workflow

Step 1: Export Existing Users

Export users from your current provider. See User Import Guide for detailed instructions:

Required data per user:

Email address
Email verified status
Password hash (if available)
User metadata/profile data
Creation timestamp

Step 2: Import Users to Auth0

Import users via Dashboard, CLI, or Management API.

Quick start:

# Via Auth0 CLI
auth0 api post "jobs/users-imports" \
  --data "connection_id=con_ABC123" \
  --data "users=@users.json"

For detailed instructions:

Step 3: Migrate Application Code

Update your application code to use Auth0 SDKs.

See Code Migration Patterns for detailed before/after examples:

Frontend:

Backend:

Provider-Specific:

After migrating code, use framework-specific skills:

auth0-react for React applications
auth0-nextjs for Next.js applications
auth0-vue for Vue.js applications
auth0-angular for Angular applications
auth0-express for Express.js applications
auth0-react-native for React Native/Expo applications

Step 4: Update API JWT Validation

If your API validates JWTs, update to validate Auth0 tokens.

Key differences:

Algorithm: HS256 (symmetric) → RS256 (asymmetric)
Issuer: Custom → https://YOUR_TENANT.auth0.com/
JWKS URL: https://YOUR_TENANT.auth0.com/.well-known/jwks.json

See JWT Validation Examples for:

Node.js / Express implementation
Python / Flask implementation
Key differences and migration checklist

Gradual Migration Strategy

For production applications with active users, use a phased approach:

Phase 1: Parallel Auth

Support both Auth0 and legacy provider simultaneously:

// Support both providers during migration
const getUser = async () => {
  // Try Auth0 first
  const auth0User = await getAuth0User();
  if (auth0User) return auth0User;

  // Fall back to legacy provider
  return await getLegacyUser();
};

Phase 2: New Users on Auth0

All new signups go to Auth0
Existing users continue on legacy provider
Migrate users on next login (lazy migration)

Phase 3: Forced Migration

Prompt remaining users to "update account"
Send password reset emails via Auth0
Set deadline for legacy system shutdown

Phase 4: Cleanup

Remove legacy auth code
Archive user export for compliance
Update documentation

Common Migration Issues

Issue	Solution
Password hashes incompatible	Use Auth0 custom DB connection with lazy migration
Social logins don't link	Configure same social connection, users auto-link by email
Custom claims missing	Add claims via Auth0 Actions
Token format different	Update API to validate RS256 JWTs with Auth0 issuer
Session persistence	Auth0 uses rotating refresh tokens; update token storage
Users must re-login	Expected for redirect-based auth; communicate to users

Reference Documentation

User Import

Complete guide to exporting and importing users:

Code Migration

Before/after examples for all major frameworks:

Related Skills

Core Integration

auth0-quickstart - Initial Auth0 setup after migration

SDK Skills

auth0-react - React SPA integration
auth0-nextjs - Next.js integration
auth0-vue - Vue.js integration
auth0-angular - Angular integration
auth0-express - Express.js integration
auth0-react-native - React Native/Expo integration

References

Comments

Loading comments...