Migrating from Auth0

Step-by-step guide to migrate your application from Auth0 to Signia while maintaining user access and minimizing downtime.

Why Migrate to Signia?

Advantages Over Auth0

• 💰 Cost-effective - More predictable pricing
• 🔐 Passwordless-first - WebAuthn/Passkeys built-in
• 🌐 Web3-ready - Blockchain identity integration
• 🏢 Self-hosted option - Full data control
• 🚀 Modern stack - Built with latest technologies

Migration Overview

Migration Strategies

1. Gradual Migration (Recommended)

• Run both Auth0 and Signia in parallel
• Migrate users incrementally
• Zero downtime
• Easy rollback

2. Big Bang Migration

• Switch all users at once
• Requires downtime window
• Faster overall migration
• Higher risk

Pre-Migration Checklist

1. Inventory Current Setup

Document your Auth0 configuration:

• Applications (SPAs, web apps, mobile)
• API configurations
• Social connections (Google, GitHub, etc.)
• Enterprise connections (SAML, AD)
• Rules and hooks
• Custom domains
• MFA settings
• User database

2. Export User Data

# Using Auth0 Management API
curl -X GET \
  'https://YOUR_DOMAIN.auth0.com/api/v2/users?per_page=100' \
  -H 'Authorization: Bearer YOUR_MANAGEMENT_TOKEN'

Export includes:

• User IDs
• Email addresses
• Metadata
• Last login dates
• Authentication methods

3. Review Dependencies

Check for Auth0-specific features:

• Custom database scripts
• Rules (post-login actions)
• Hooks (pre-registration, etc.)
• Custom claims in tokens
• Guardian MFA
• Custom domains

Step-by-Step Migration

Phase 1: Setup Signia

1. Create Signia Tenant

1. Sign up at signiaid.com
2. Create organization
3. Note your tenant URL: yourorg.signiaauth.com

2. Create Applications

For each Auth0 application:

1. Navigate to Applications in Signia dashboard
2. Click Add Application
3. Configure:

   Name: [Same as Auth0 app]
   Redirect URI: [Same as Auth0]
   Scopes: openid, profile, email

4. Save Client ID and Secret

Mapping:

Auth0	Signia
Domain	yourorg.signiaauth.com
Client ID	Client ID (new)
Client Secret	Client Secret (new)
Callback URL	Login Redirect URL

Phase 2: Update Application Code

Auth0 Configuration (Before)

// Auth0 React SDK
import { Auth0Provider } from '@auth0/auth0-react';

<Auth0Provider
  domain="yourapp.auth0.com"
  clientId="AUTH0_CLIENT_ID"
  redirectUri={window.location.origin}
>
  <App />
</Auth0Provider>

Signia Configuration (After)

// Signia React SDK
import { SigniaAuthProvider } from '@getsignia/signia-auth-ui-react';

<SigniaAuthProvider config={{
  clientId: 'SIGNIA_CLIENT_ID',
  redirectUri: 'http://localhost:3000/oidc-callback',
  issuer: 'https://yourorg.signiaauth.com',
  scopes: ['openid', 'profile', 'email']
}}>
  <App />
</SigniaAuthProvider>

API Changes

Auth0	Signia
useAuth0()	useSigniaAuth()
loginWithRedirect()	client.login()
logout()	client.logout()
user	user (same structure)
isAuthenticated	isAuthenticated
isLoading	isLoading
getAccessTokenSilently()	client.getAccessToken()

Example Code Changes

Before (Auth0):

import { useAuth0 } from '@auth0/auth0-react';

function Profile() {
  const { user, isAuthenticated, loginWithRedirect, logout } = useAuth0();

  if (!isAuthenticated) {
    return <button onClick={loginWithRedirect}>Log in</button>;
  }

  return (
    <div>
      <img src={user.picture} />
      <h2>{user.name}</h2>
      <button onClick={() => logout({ returnTo: window.location.origin })}>
        Log out
      </button>
    </div>
  );
}

After (Signia):

import { useSigniaAuth, LoginButton, LogoutButton } from '@getsignia/signia-auth-ui-react';

function Profile() {
  const { user, isAuthenticated } = useSigniaAuth();

  if (!isAuthenticated) {
    return <LoginButton />;
  }

  return (
    <div>
      <img src={user.picture} />
      <h2>{user.name}</h2>
      <LogoutButton />
    </div>
  );
}

Phase 3: User Migration

Option 1: User Invitation (Recommended)

Pros:

• Users set up WebAuthn/Passkeys
• Clean migration
• Better security

Process:

1. Export users from Auth0
2. Send invitations via Signia dashboard
3. Users register with passkeys
4. Deactivate Auth0 accounts after migration

Bulk invitation:

# CSV format: email,name
curl -X POST https://api.signiaid.com/v1/users/invite \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@users.csv"

Option 2: Password Migration

If you need to preserve passwords:

Legacy Approach

This maintains passwords temporarily. Consider migrating to passwordless for better security.

Not Currently Supported

Signia is passwordless-first. Users must register with WebAuthn/Passkeys.

Phase 4: Social Connections

Migrate Social Logins

Auth0 social connections map directly to Signia:

Auth0	Signia	Status
Google OAuth	Google OAuth	✅ Supported
GitHub	GitHub OAuth	✅ Supported
Facebook	Facebook Login	🚧 Coming soon
Twitter	Twitter OAuth	🚧 Coming soon

Configuration:

1. In Signia dashboard, go to Settings → Social Logins
2. Enable desired providers
3. Configure OAuth credentials (same as Auth0)

Phase 5: API Authorization

JWT Verification

Auth0:

import jwt from 'express-jwt';
import jwksRsa from 'jwks-rsa';

const checkJwt = jwt({
  secret: jwksRsa.expressJwtSecret({
    jwksUri: 'https://yourapp.auth0.com/.well-known/jwks.json'
  }),
  audience: 'YOUR_API_IDENTIFIER',
  issuer: 'https://yourapp.auth0.com/',
  algorithms: ['RS256']
});

Signia:

import { expressjwt } from 'express-jwt';
import jwksRsa from 'jwks-rsa';

const checkJwt = expressjwt({
  secret: jwksRsa.expressJwtSecret({
    jwksUri: 'https://yourorg.signiaauth.com/.well-known/jwks.json'
  }),
  audience: 'YOUR_CLIENT_ID',
  issuer: 'https://yourorg.signiaauth.com',
  algorithms: ['RS256']
});

Changes:

• Update jwksUri to Signia endpoint
• Update issuer to Signia domain
• Update audience to Signia client ID

Phase 6: Testing

Parallel Testing

Run both Auth0 and Signia:

// Feature flag for gradual rollout
const useSignia = process.env.USE_SIGNIA === 'true' ||
                  userIsInBeta(user.id);

const AuthProvider = useSignia ? SigniaAuthProvider : Auth0Provider;

<AuthProvider client={authClient}>
  <App />
</AuthProvider>

Test Checklist

• Login flow works
• Logout flow works
• Token refresh works
• API calls authenticated
• User profile loads correctly
• Social logins work
• Mobile apps work (if applicable)
• Protected routes work
• Session persistence works

Phase 7: Cutover

Gradual Rollout (Recommended)

1. Week 1: 10% of users
2. Week 2: 25% of users
3. Week 3: 50% of users
4. Week 4: 100% of users

Monitor:

• Error rates
• Login success rate
• User complaints
• Performance metrics

Big Bang Cutover

1. Schedule maintenance window
2. Deploy Signia integration
3. Update DNS (if using custom domain)
4. Monitor closely for 24-48 hours
5. Keep Auth0 as fallback for 1 week

Phase 8: Cleanup

After successful migration:

1. Export remaining Auth0 data

   • Logs
   • Audit trails
   • User activity

2. Update documentation

   • Internal docs
   • API docs
   • User guides

3. Deactivate Auth0

   • Cancel subscription
   • Delete tenant (after backup)

Feature Mapping

Auth0 Features → Signia Equivalents

Auth0 Feature	Signia Equivalent	Status
Universal Login	WebAuthn/Passkeys	✅
Social Connections	Social Logins	✅ Partial
Database Connections	Passwordless	✅
Enterprise Connections	SAML/LDAP	🚧 Coming
MFA	WebAuthn (built-in)	✅
Rules	Hooks	🚧 Coming
Custom Domains	Custom Domains	✅ Enterprise
User Management	Dashboard	✅
APIs	RESTful APIs	✅
Machine-to-Machine	Client Credentials	✅

Auth0 Rules → Signia Hooks

Auth0 Rules need to be rewritten as Signia Hooks (coming soon).

Example Rule (Auth0):

function addRolesToToken(user, context, callback) {
  const namespace = 'https://myapp.com/';
  context.idToken[namespace + 'roles'] = user.app_metadata.roles;
  callback(null, user, context);
}

Equivalent (Signia - coming soon):

// Will be available in future release
export async function onTokenIssued(user, token) {
  token['https://myapp.com/roles'] = user.metadata.roles;
  return token;
}

Common Issues

Issue: "Invalid redirect URI"

Cause: Redirect URI mismatch

Solution:

1. Check Signia dashboard configuration
2. Ensure exact match (including /oidc-callback)
3. Update application code if needed

Issue: Users can't login

Cause: Users not invited to Signia

Solution:

1. Export users from Auth0
2. Send invitations via Signia
3. Users must register passkeys

Issue: Social login not working

Cause: OAuth credentials not configured

Solution:

1. Copy OAuth credentials from Auth0
2. Configure in Signia dashboard
3. Test connection

Issue: API returns 401

Cause: Wrong issuer or audience in JWT validation

Solution:

1. Update issuer to Signia domain
2. Update audience to Signia client ID
3. Update JWKS URI

Cost Comparison

Auth0 Pricing

• Free: 7,000 MAU
• Essentials: $35/month + $0.15/MAU
• Professional: $240/month + volume pricing
• Enterprise: Custom

Signia Pricing

• Free: 10,000 MAU
• Startup: $0.02/MAU
• Business: Custom
• Enterprise: Custom + on-prem option

Potential Savings: 40-60% at scale

Support During Migration

Resources

• Documentation: docs.signiaid.com
• Examples: GitHub examples repository
• Support: support@signiaid.com
• Community: Discord server

Migration Assistance

Contact sales@signiaid.com for:

• Migration consultation
• Technical support
• Custom integration help
• Dedicated migration team (Enterprise)

Next Steps

• Quick Start Guide - Get started with Signia
• React SDK - Frontend integration
• Security Guide - Best practices
• Dashboard Guide - Admin portal

Checklist

• Export Auth0 user data
• Create Signia tenant
• Configure applications
• Update application code
• Test authentication flows
• Invite users to Signia
• Run parallel testing
• Gradual rollout (or cutover)
• Monitor for issues
• Deactivate Auth0