How to set hash-key parameter for auth: import after authorization by default: export to firebase?
I have my users exported to the CLI:
firebase auth:export my_users.json
The passwords in the exported file must be hashed with SCRYPT, because the documentation states:
auth: The export command only exports hashed passwords using the scrypt algorithm used by the Firebase backend. Account records with password hashes using other algorithms are exported with empty passwordHash and salt fields. Projects can have passwords with different algorithms after importing user entries from a file, as passwords are only re-hashed with scrypt when the imported user first signs up
My hash keys and salt fields are not empty in the result. Also, I know that all my users have signed at least once.
Now when I try to import my_users.json:
firebase auth:import --hash-algo=SCRYPT --rounds=1 my_users.json
I am getting the following error:
Must provide hash key(base64 encoded) for hash algorithm SCRYPT
But what should I ask --hash-key, since the auth: export command took no parameters? ...
Thank you in advance
source to share
You can now get the hash key and salt information from the Firebase Console GUI. For some reason I had to enter incognito mode in chrome (Firebase support suggested this).
I was then able to log into my Firebase console in an incognito browser.
(Note that you need to use the firebase instance you are copying users from, not the one you copy users to)
You click on "Authentication → Users" and then click on the three vertical dots next to the reboot button and a pop-up menu appears with a single menu item: Password Hash Options.
Click on that menu item and all the settings required to run the firebase auth: import command will appear. This is what I see:
hash_config {
algorithm: SCRYPT,
base64_signer_key: <long string of random characters>,
base64_salt_separator: <short string of random characters>,
rounds: 8,
mem_cost: 14,
}
Then I can execute the command successfully
firebase auth:import ./users.json --hash-algo=scrypt --rounds=8 --mem-cost=14 --hash-key=<long string of random characters> --salt-separator=<short string of random characters>
source to share
Link to Firebase documentation - "Hashing Firebase Authentication Password": https://firebaseopensource.com/projects/firebase/scrypt/
Finding password hash parameters
Firebase generates unique password hash parameters for each Firebase project. To access these options, go to the Users tab in the Authentication section of the Firebase console and select Password Hash Options from the drop-down menu in the upper right corner of the users table.
It looks like there is no way to get hash parameters via cli unfortunately. So I guess GUI is the only way to go (as Jeffrey Wall mentioned in his answer ).
source to share
I am a new Firebase user and want to deepen it, but there is something I want to ask about.
I am making an Android mobile app that is Firebase related, here I am using Firebase Authentication for login and registration system. what I want to ask is ...
- Does firebase use hashing and salting to handle passwords?
- Then what is the reason firebase doesn't store the authenticated password?
- How do I explain to people who ask, "How can I log in but the password is not saved? How can the system handle such things?"
- Is there a system in the database that stores the password, or does Firebase not store the password, just how can it be handled if it is not saved?
- Is password processing related to UID / registered email name?
I have no intention of doing this, but I am working on my last assignment in my lecture, I hope I get an answer here because I don’t want to answer casually if there is a lecturer asking me about it.
source to share