I've got my users exported the in CLI:
firebase auth:export my_users.json
The passwords in the exported file should be hashed with SCRYPT, because as the documentation states:
auth:export command only exports passwords hashed using the scrypt algorithm, which is used by the Firebase backend. Account records with passwords hashed using other algorithms are exported with empty passwordHash and salt fields. Projects might have passwords hashed with other algorithms after importing user records from a file, since passwords are only re-hashed with scrypt when an imported user signs in for the first time
My hash-key and salt fields are not empty in the result.
Also, I know that all my users signed in at least once.
Now, when I try to import my_users.json:
firebase auth:import --hash-algo=SCRYPT --rounds=1 my_users.json
I get the following error:
Must provide hash key(base64 encoded) for hash algorithm SCRYPT
But what should I set --hash-key to, since the auth:export command did not take any parameters? ...
Thanks in advance
So you can now get the hash key and the salt info from the firebase console GUI.
I had to enter incognito mode in chrome for some reason (firebase support suggested this).
I could then log into my firebase console in the incognito browser.
(Note that you need to use the firebase instance that you are copying users
from, not the one that you are copying users to)
You click on Authentication -> Users
and then click on the three vertical dots next to the reload button and a popup menu will show up with a single menu item: "Password hash parameters".
Click on this menu item and all of the settings you need for doing the
firebase auth:import command will show up.
Here's what I see:
hash_config {
algorithm: SCRYPT,
base64_signer_key: <long string of random characters>,
base64_salt_separator: <short string of random characters>,
rounds: 8,
mem_cost: 14,
}
I can then do the command successfully
firebase auth:import ./users.json --hash-algo=scrypt --rounds=8 --mem-cost=14 --hash-key=<long string of random characters> --salt-separator=<short string of random characters>
Referring to Firebase documentation - "Firebase Authentication Password Hashing":
https://firebaseopensource.com/projects/firebase/scrypt/
Finding the Password Hash Parameters
Firebase generates unique password hash parameters for each Firebase project. To access these parameters, navigate to the 'Users' tab of the 'Authentication' section in the Firebase Console and select 'Password Hash Parameters' from the drop down in the upper-right hand corner of the users table.
Seems like there is no option to fetch hash parameters via cli unfortunately. So, the GUI is the only way, I suppose (as Geoffrey Wall mentioned on their answer).