Importing users from third party identity provider

dan · 16 Sept 2020, 17:47

We are migrating to FusionAuth. Our current systems have some users that are contained in a database and others that have been authed by Facebook.

Running into an error while attempting to import our FB-based users (i.e. those who log in via FB and thus do not have a password/salt).

Here's the message from the logs:

ERROR: POST /api/user/import failed with response code 400, response was: "{"fieldErrors": {"user.password": [{"code": "[blank]user.password", "message": "You must specify the [user.password] property for each user."}]}}"

Is there a way around this for importing third party identity provider logins?

dan · 16 Sept 2020, 17:48

No, the users must have a password. In this scenario, where you know the users do not have a password, you can just set a secure random password. A UUID, or other securely generated high entropy value.

You can provide the password value, but this will cause FusionAuth to hash it inline, so it will be costly in terms of time and CPU if you are importing a large number of users.

If you don’t want to take this hit at import time, you can provide these users just random hashed values, as long as you provide the factor, encryptionScheme, salt and password FusionAuth will assume this is a hash, and it will not re-hash it.