Following the recent news about the deprecation of Atlas App Services, I have started planning my migration to another service. I currently use MongoDB authentication (email/password) and do not store passwords myself, as this aspect is securely managed by MongoDB.
My question is: how can I migrate my production users to another authentication provider, such as Firebase? Is there a way to export or transfer their credentials, or are they locked into MongoDB’s deprecated services?
Hi @Jesus_Santin. I was able to query for all of my users using the Atlas App Services Admin API. You can check that out here. I don’t use email/password, so not sure on what you’ll get back, but hopefully it gets you going in the right direction.
I have tested the API and I am able to retrieve all the users. However, unfortunately, the response does not include the passwords, so I am unable to export them to another authentication service. Thanks anyway!
Hi @Jesus_Santin I have also started looking into the topic of migrating away from Atlas as an authentication provider.
My current guess is that we are probably able to get the user data via the Admin SDK, and recreate user entities with a different provider, with social logins such as Sign-in-with-Apple and Sign-in-with-Google not being a problem, because the external user id stays the same.
But for email-password we most likely have to give every user a temporary password and request them to reset it
Thank you, @philprime In that case, the management of user credentials adds an additional problem to the ones we’ve already faced with the migration of code and services to other platforms.
If we are not allowed to export the credentials, I believe MongoDB should enable an on-demand transfer — at least — to any of the three main cloud providers.
I agree! Some sort of export would be great. We, the developers using MongoDB Atlas App Sync, are already frustrated with MongoDB’s decision, would be nice if we don’t need to have this customer-facing too.
@Joel_Lord to quote you in your previous post in the other thread, this would be one way for you to “[…] develop resources to help you navigate this migration process.”
While not explicitly about getting user data, you can follow this tutorial to get started with the Admin API and Postman.
As far as a replacement, Auth0 is a strong option for authentication, and they have a free tier. You can refer to their docs for more information about how to import user data.
I’ve been using the Admin API to fetch user data for a while now, so I am also believe it could be sufficient to map the identities to another provider.
But if we do not get any (hopefully hashed) user credentials with the user data, there is no way to have a non-disruptive user experience, and every single user will have to reset their password.
This problem is not exclusive to MongoDB Atlas, as this could happen with every authentication provider (inkl. Auth0), but as you are planning to shut it down anyways, it would be really helpful if you could allow us to export the hashed passwords too.
Whatever new authentication provider we are going to use, they still need to support us importing users and hashed passwords too, but you could at least support us here, to have complete data.
Thank you for taking the time to respond to our concerns. What’s a bit missing from all the responses and announcements is what parts of Atlas App Services will continue to exist, that creates a lot of questions.
More in line with this topic, you talk about how Auth0 is a good alternative, does this mean that in the future you will also do away with “App Users” (Authentication)? The same goes for rules, schemes, …
This deprecation is a major blow to my app and business, and we’re struggling to keep up. I feel like the team may have underestimated not only the time we need to migrate to a new stack, but also the amount of effort we’re putting into researching alternatives to avoid ending up in the same situation again. This process is taking a lot of time, and if we make the wrong choice, we risk not finishing in time or having to start over if the new service gets discontinued as well. It’s a tough spot to be in.
@klaassum My understanding is that Authentication will effectively be deprecated as the SDK’s are all being deprecated and the community device libraries will only house the local “Realm” databases (which are NOT going to be supported by Mongo team members). As I now understand, the only part of App Services that will be left are triggers and functions (I assume all run as system user in future).