Migrate user with its authenticator factor

evgeniya.gabrikova

Hi,

I am trying to migrate users from my current db to fusionauth together with their two factor methods. All goes good appart of authenticator method. I am using Import Users API call and based on the documentation I need to specify in the authenticator method object its secret, name and configuration ( authenticator.algorithm, authenticator.codeLength, authenticator.timeStep ). For the secret prop I am using authenticator set up key ( also known as recovery key ). Migration procces is succesfull but on the login if I choose authenticator method it says Invalid code.

In my current project I do store user totp_secret encrypted with cryptography.fernet py lib. When I do decrypt it manually with fernet token I get that authenticator set up key ( also known as recovery key ) and I am able to insert it manually to the google authenticator app and I see the same value as I will do it authomaticly by aplication that using this lib.

What do I do wrong?

evgeniya.gabrikova

@evgeniya-gabrikova Well, if anyone will struggle with the same topic, the solution is : the secret property of authenticator method should be the result of base32 decoded to base64 encoded authenticator set up key.

dan

@evgeniya-gabrikova Thanks so much for coming back and sharing your solution!

Avoids the "Wisdom of the Ancients" problem: https://xkcd.com/979/