This is the multi-page printable view of this section. Click here to print.
Reference information about how Authproject handles user migration
There are two primary methods to load existing users into Authproject. The first is with a “lift-and-shift,” meaning to take the entire user database and upload it all at once, and the second is a “lazy migration,” where users are only migrated when they attempt to sign in.
When migrating users from your existing authentication platform and onto Authproject, the second primary way is to perform a “lazy migration.”
Lazy migrations are a slow process of migrating users only as they sign in. This works well for those that are able to make changes to their existing authentication codebase, and for those that don’t mind hosting their infrastructure after Authproject is set up.
When speed is not a concern, lazy migrations are beneficial for those that want a seamless experience. It allows users to sign in with their existing passwords, whereupon their password is checked and stored securely in our systems.
The main disadvantage of lazy migrations are that it requires changes to be made to the existing authentication platform.
In order to authenticate a user, you must have an API endpoint available where we can submit the user email and password, and your authentication platform verifies it for us. If the password the user submits (and we proxy to you) is correct, you provide us with the rest of the user data to store in our system. If it is incorrect, the user will need to try entering their password again.
When a lazy migration is performed, we will make a request to an endpoint you develop to verify their password.
The verification endpoint must accept URLEncoded form parameters, with the email
being stored in email, and the password being stored in password.
email=email%40example.com&password=my-secure-password
Once this request arrives at the endpoint you have previously specified, we expect one of two responses in JSON format.
{
"success": true,
"user_info": {
"user_info_key_a": "user_info_value_a",
"user_info_key_b": "user_info_value_b"
}
}
{
"success": false
}
Once the password is verified, you can return a dictionary of user information
to us. This will be transparently stored next to the user in our systems, and
can be queried at the /oauth2/userinfo endpoint of our API. It is further
documented on our user info page.
When migrating users from your existing authentication platform and onto Authproject, the first primary way is to do a “lift-and-shift.”
Lift-and-shift is the process of taking the entire user database and uploading it to Authproject all at once. This is called a “lift-and-shift” because you “lift” the users from the existing database, and “shift” them to the new one.
The primary advantages of this system are that you can stop running your old authentication platform immediately, and that you don’t have to modify your existing codebase to support a lazy migration.
When the upload is complete, you can perform a “hard cutover” (immediately force users to utilize Authproject) to Authproject, where any user that was previously using your platform now has to sign in here. This can be beneficial for reducing attack surface.
In order to perform a lazy migration, an extra API endpoint needs to be created on your existing authentication system, which may not be possible in some cases. A lift-and-shift avoids this, so your users can start using Authproject immediately.
The primary disadvantage of a lift-and-shift migration is that users will no longer be able to use the passwords they had previously specified. This is because passwords should not be exported from an existing system, and we cannot guarantee compatibility with other authentication systems’ password storage mechanism.
Because other authentication platforms may use special, or custom, password verification algorithms, we cannot support the uploading of user passwords to our system. This is a significant drawback, and is one of the primary reasons we designed the lazy migration system.
When you are onboarded to Authproject, simply work with us to handle user import. We’ll walk you through the process, ensure that your users are present in our databases, and test the system to ensure proper functionality.