feat: add support for migration of firebase scrypt passwords #1768
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
J0
commented
Sep 16, 2024
Contributor
|
Would prefer if the name for the Firebase scrypt be |
J0
force-pushed
the
j0/add_scrypt_password_hash
branch
2 times, most recently
from
ba549df to
5d88639
Compare
Pull Request Test Coverage Report for Build 11048130786Details
💛 - Coveralls |
J0
commented
Sep 25, 2024
J0
force-pushed
the
j0/add_scrypt_password_hash
branch
from
df090f3 to
d524770
Compare
J0
commented
Sep 25, 2024
J0
commented
Sep 25, 2024
J0
changed the title
hf
reviewed
Sep 25, 2024
J0
force-pushed
the
j0/add_scrypt_password_hash
branch
from
d524770 to
e3768ab
Compare
kangmingtay
pushed a commit
that referenced
this pull request
Sep 27, 2024
🤖 I have created a release *beep* *boop* --- ## [2.162.0](v2.161.0...v2.162.0) (2024-09-27) ### Features * add support for migration of firebase scrypt passwords ([#1768](#1768)) ([ba00f75](ba00f75)) ### Bug Fixes * apply authorized email restriction to non-admin routes ([#1778](#1778)) ([1af203f](1af203f)) * magiclink failing due to passwordStrength check ([#1769](#1769)) ([7a5411f](7a5411f)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
hf
pushed a commit
to supabase/auth-js
that referenced
this pull request
Dec 26, 2024
## What kind of change does this PR introduce? As per title - relevant PR: supabase/auth#1768
cemalkilic
pushed a commit
that referenced
this pull request
Aug 7, 2025
## What kind of change does this PR introduce? Fix #1750. Firebase uses a [modified version of scrypt](https://github.com/firebase/scrypt) We add support for Firebase Scrypt hashes so that developers can move over from Firebase (or similar) without the obligation to force a password reset for all users. As there is no pre-defined convention for Firebase scrypt hashes, we establish the following: ``` $fbscrypt$v=1,n=<N>,r=<r>,p=<p>[,ss=<salt_separator>][,sk=<signer_key>]$<salt>$<hash> ``` ``` $fbscrypt: Firebase scrypt Identifier $v: version identifier. Intended to allow for flexibility in parameters used. $n: N is the CPU/memory cost parameter. $r: block size $p: parallelization $ss: salt seperator, optional, only if using firebase, base64-encoded string used to separate the salt from other parameters. $sk: signer key, a base64-encoded string used as an additional input to the hash function. $<salt>: base64 encoded salt $<hash>: base64 encoded output ```` Developers can extract their [hash parameters from the firebase console](https://firebaseopensource.com/projects/firebase/scrypt/) For testing and debugging, clone this [utility](https://github.com/firebase/scrypt/#finding-the-password-hash-parameters) and follow the instructions in `BUILDING`. On MacOS please add the following flags when attempting to build so as to guard against error: `AES_FUNCTION` missing ``` export CFLAGS="-I$(brew --prefix openssl)/include" export LDFLAGS="-L$(brew --prefix openssl)/lib -L/usr/local/opt/openssl/lib" ``` [More details about export from CLI](https://firebase.google.com/docs/cli/auth)
cemalkilic
pushed a commit
that referenced
this pull request
Aug 7, 2025
🤖 I have created a release *beep* *boop* --- ## [2.162.0](v2.161.0...v2.162.0) (2024-09-27) ### Features * add support for migration of firebase scrypt passwords ([#1768](#1768)) ([ba00f75](ba00f75)) ### Bug Fixes * apply authorized email restriction to non-admin routes ([#1778](#1778)) ([1af203f](1af203f)) * magiclink failing due to passwordStrength check ([#1769](#1769)) ([7a5411f](7a5411f)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
xeladotbe
pushed a commit
to xeladotbe/supabase-auth
that referenced
this pull request
Sep 27, 2025
…e#1768) ## What kind of change does this PR introduce? Fix supabase#1750. Firebase uses a [modified version of scrypt](https://github.com/firebase/scrypt) We add support for Firebase Scrypt hashes so that developers can move over from Firebase (or similar) without the obligation to force a password reset for all users. As there is no pre-defined convention for Firebase scrypt hashes, we establish the following: ``` $fbscrypt$v=1,n=<N>,r=<r>,p=<p>[,ss=<salt_separator>][,sk=<signer_key>]$<salt>$<hash> ``` ``` $fbscrypt: Firebase scrypt Identifier $v: version identifier. Intended to allow for flexibility in parameters used. $n: N is the CPU/memory cost parameter. $r: block size $p: parallelization $ss: salt seperator, optional, only if using firebase, base64-encoded string used to separate the salt from other parameters. $sk: signer key, a base64-encoded string used as an additional input to the hash function. $<salt>: base64 encoded salt $<hash>: base64 encoded output ```` Developers can extract their [hash parameters from the firebase console](https://firebaseopensource.com/projects/firebase/scrypt/) For testing and debugging, clone this [utility](https://github.com/firebase/scrypt/#finding-the-password-hash-parameters) and follow the instructions in `BUILDING`. On MacOS please add the following flags when attempting to build so as to guard against error: `AES_FUNCTION` missing ``` export CFLAGS="-I$(brew --prefix openssl)/include" export LDFLAGS="-L$(brew --prefix openssl)/lib -L/usr/local/opt/openssl/lib" ``` [More details about export from CLI](https://firebase.google.com/docs/cli/auth)
xeladotbe
pushed a commit
to xeladotbe/supabase-auth
that referenced
this pull request
Sep 27, 2025
🤖 I have created a release *beep* *boop* --- ## [2.162.0](supabase/auth@v2.161.0...v2.162.0) (2024-09-27) ### Features * add support for migration of firebase scrypt passwords ([supabase#1768](supabase#1768)) ([ba00f75](supabase@ba00f75)) ### Bug Fixes * apply authorized email restriction to non-admin routes ([supabase#1778](supabase#1778)) ([1af203f](supabase@1af203f)) * magiclink failing due to passwordStrength check ([supabase#1769](supabase#1769)) ([7a5411f](supabase@7a5411f)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
issuedat
pushed a commit
that referenced
this pull request
Sep 30, 2025
## What kind of change does this PR introduce? Fix #1750. Firebase uses a [modified version of scrypt](https://github.com/firebase/scrypt) We add support for Firebase Scrypt hashes so that developers can move over from Firebase (or similar) without the obligation to force a password reset for all users. As there is no pre-defined convention for Firebase scrypt hashes, we establish the following: ``` $fbscrypt$v=1,n=<N>,r=<r>,p=<p>[,ss=<salt_separator>][,sk=<signer_key>]$<salt>$<hash> ``` ``` $fbscrypt: Firebase scrypt Identifier $v: version identifier. Intended to allow for flexibility in parameters used. $n: N is the CPU/memory cost parameter. $r: block size $p: parallelization $ss: salt seperator, optional, only if using firebase, base64-encoded string used to separate the salt from other parameters. $sk: signer key, a base64-encoded string used as an additional input to the hash function. $<salt>: base64 encoded salt $<hash>: base64 encoded output ```` Developers can extract their [hash parameters from the firebase console](https://firebaseopensource.com/projects/firebase/scrypt/) For testing and debugging, clone this [utility](https://github.com/firebase/scrypt/#finding-the-password-hash-parameters) and follow the instructions in `BUILDING`. On MacOS please add the following flags when attempting to build so as to guard against error: `AES_FUNCTION` missing ``` export CFLAGS="-I$(brew --prefix openssl)/include" export LDFLAGS="-L$(brew --prefix openssl)/lib -L/usr/local/opt/openssl/lib" ``` [More details about export from CLI](https://firebase.google.com/docs/cli/auth)
issuedat
pushed a commit
that referenced
this pull request
Sep 30, 2025
🤖 I have created a release *beep* *boop* --- ## [2.162.0](v2.161.0...v2.162.0) (2024-09-27) ### Features * add support for migration of firebase scrypt passwords ([#1768](#1768)) ([ba00f75](ba00f75)) ### Bug Fixes * apply authorized email restriction to non-admin routes ([#1778](#1778)) ([1af203f](1af203f)) * magiclink failing due to passwordStrength check ([#1769](#1769)) ([7a5411f](7a5411f)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
mandarini
pushed a commit
to supabase/supabase-js
that referenced
this pull request
Oct 2, 2025
## What kind of change does this PR introduce? As per title - relevant PR: supabase/auth#1768
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
Fix #1750. Firebase uses a modified version of scrypt We add support for Firebase Scrypt hashes so that developers can move over from Firebase (or similar) without the obligation to force a password reset for all users.
As there is no pre-defined convention for Firebase scrypt hashes, we establish the following:
Developers can extract their hash parameters from the firebase console
For testing and debugging, clone this utility and follow the instructions in
BUILDING.On MacOS please add the following flags when attempting to build so as to guard against error:
AES_FUNCTIONmissingMore details about export from CLI
You'll can then to use the admin method to update the
PasswordHash