Hi, I'm working through the process to migrate users from Auth0 to Kratos. I know we can export and import users, but that would involve downtime. I'm wondering if there is a way to do this in a way that prevents downtime? User's relogging is fine, but we have a lot of signups every minute. Auth0 had this process of "just-in-time" migration (https://auth0.com/docs/manage-users/user-migration/configure-automatic-migration-from-your-database) where we could migrate users on the fly. Is there such a thing with Ory? How do your customers typically tackle this? Also, is it possible to keep the previous user_ids we had in Auth0? Thanks!

have you seen https://www.ory.sh/docs/migrate-to-ory/migrate-from-auth0 ?

Hi @jolly-ocean-27001 There is of course a lot of edge cases and it is difficult to have a one-size fits all solution. But in essence the process would involve running Ory with the imported users you currently have alongside Auth0. A user login would first be with Ory and if for whatever reason that didn't work (e.g. Account doesn't exist), do a fallback to Auth0.

@high-optician-2097 yep have seen it, but the scenarios describe there will involve a lot of downtime. From the time we get the export from Auth0 (only via support ticket), to the migration completing we will have a lot of new signups which won't exist in the export.

we have a similar migration from aws cognito that we might undertake at some point. it doesnt provide an export 😕, i saw a couple of thread in the issues that talks about adding just in time migration to ory, would be great to see it. though i’m also interested in a seeing anyone else’s workaround to achieve this.

I've just completed a migration into Kratos from a custom system and I opted to fork kratos and add a new endpoint that allowed us to use our own user identifier and created_at times

yeah that's something we'd like to do as well, as we use that uid across diferent systems

to be clear... we're running base ory kratos (v0.10.1) as a service in our cluster, and the forked version as a "importer service" that only handles calls to the new "import" endpoint. we aren't going to maintain this fork long term, just through the migration phase

ah, that makes more sense

ory cloud? I doubt it... we're all self-hosted

yeah

That makes sense, we’ll have to figure out how to run both systems in parallel for some time. I think it should be possible without writing directly to the database :) @late-balloon-3804 would you mind sharing the endpoint?

we had to modify a few things to get some of our "legacy accounts" to import. the handler func (

upsert

) is also poorly named now, as no update is performed. it was easier to delete existing identities and re-create them, which you'll see in

persister_identity.go

https://github.com/onXmaps/kratosx/blob/0.10.1/identity/handler.go#L83

@high-optician-2097 any guidance here would be super appreciated, we're keen to migrate to Ory asap, but this issue will be a sticking point.

@jolly-ocean-27001 my understanding is that you are in contact with other people at Ory right now as part of a PoC - we can definitely assist you in that process with some engineers. I did not write the Auth0 migration guide, so I don’t really know how it works or what’s missing. It’s probably best to get together in a video call with eng from Ory as part of the onboarding to solve your problems 🙂 Generally speaking, there are several possibilities you can take to migrate and we will need to find out in the context of your business/problem what the best way is. But that’s too much conversation required over chat 🙂

sounds great, thanks @high-optician-2097 🙏