fix: correct Auth0 export users script and update documentation (#2330)

* fix: correct Auth0 export users script and update documentation

* docs: auth0 migration guid formatting improvements

* docs: improve formatting in auth0 migration to follow our style guide.

* docs: update Auth0 migration guide to correct project link

* docs: refine Auth0 migration guide formatting and update project link reference

* docs: update Auth0 migration guide for clarity and consistency

* docs: clarify wording in Auth0 migration guide import script section

* feat: enhance Auth0 migration script with environment variable checks.

* docs: refine wording in Auth0 migration guide for bulk user export section

* docs: remove redundant sections in Auth0 migration guide

Author: wassimoo

code-examples/migrate-to-ory/0-get-auth0-user-data.sh

@@ -1,9 +1,17 @@
 #!/bin/bash
+set -euo pipefail
+
+if [ -z "${AUTH0_DOMAIN:-}" ] || [ -z "${AUTH0_TOKEN:-}" ] || [ -z "${AUTH0_CONNECTION_ID:-}" ]; then
+    echo "Error: Required environment variables not set"
+    echo "Please set: AUTH0_DOMAIN, AUTH0_TOKEN, AUTH0_CONNECTION_ID"
+    exit 1
+fi
+
 job_response=$(
     curl --request POST -s --url "https://${AUTH0_DOMAIN}/api/v2/jobs/users-exports" \
         --header "authorization: Bearer ${AUTH0_TOKEN}" \
         --header "content-type: application/json" \
-        --data '{"connection_id": "'$AUTH0_CONNECTION_ID'", "format": "json", "fields": [
+        --data '{"connection_id": "'"$AUTH0_CONNECTION_ID"'", "format": "json", "fields": [
                 {"name": "user_id"},
                 {"name": "email"},
                 {"name": "email_verified"},
@@ -31,27 +39,46 @@ job_response=$(
 
 job_id=$(echo "$job_response" | jq -r ".id")
 
+if [ -z "$job_id" ] || [ "$job_id" = "null" ]; then
+    echo "Error: Failed to create export job"
+    echo "$job_response" | jq
+    exit 1
+fi
+
+echo "Export job created with ID: $job_id"
+
 poll_job_status() {
     jobstatus=$(curl --request GET -s --url "https://${AUTH0_DOMAIN}/api/v2/jobs/${job_id}" --header "authorization: Bearer ${AUTH0_TOKEN}")
-    state=$(echo $jobstatus | jq -r ".status")
-    echo "jobstate: ${state}"
-
-    if [[ $state == "pending" ]] || [[ $state == "processing" ]]; then
-        echo "${jobstatus}" | jq ".time_left_seconds" | read timeleft
-        if [ -z $timeleft]; then
-            sleep 1
-            echo "polling job state"
+    state=$(echo "$jobstatus" | jq -r ".status")
+    echo "Job state: ${state}"
+
+    if [[ "$state" == "pending" ]] || [[ "$state" == "processing" ]]; then
+        timeleft=$(echo "$jobstatus" | jq -r ".time_left_seconds")
+        if [ "$timeleft" = "null" ] || [ -z "$timeleft" ]; then
+            sleep 5
+            echo "Polling job state..."
         else
-            sleep $timeleft
-            echo "time left: ${timeleft}s"
+            echo "Time left: ${timeleft}s"
+            sleep "$timeleft"
         fi
         poll_job_status
 
-    elif [[ $state == "completed" ]]; then
-        location=$(echo $jobstatus | jq -r ".location")
+    elif [[ "$state" == "completed" ]]; then
+        location=$(echo "$jobstatus" | jq -r ".location")
         curl "$location" --silent --output "AUTH0_USERDATA_nd.json.gz"
         gzip -d -c "AUTH0_USERDATA_nd.json.gz" | jq -s "." >"AUTH0_USERDATA.json"
-        echo "Finished downloading Auth0 user data!"
+        echo "Finished downloading Auth0 user data to AUTH0_USERDATA.json!"
+        
+    elif [[ "$state" == "failed" ]]; then
+        echo "Error: Export job failed"
+        echo "$jobstatus" | jq
+        exit 1
+        
+    else
+        echo "Unknown job state: $state"
+        echo "$jobstatus" | jq
+        exit 1
     fi
 }
-poll_job_status
+
+poll_job_status

code-examples/migrate-to-ory/1-create-ory-identities.sh

@@ -1,4 +1,26 @@
 #!/bin/bash
+set -euo pipefail
+
+# Check required environment variables
+if [[ -z "${ORY_PROJECT_ID:-}" ]] || [[ -z "${ORY_WORKSPACE_ID:-}" ]]; then
+    echo "Error: Required environment variables not set"
+    echo "Please set: ORY_PROJECT_ID, ORY_WORKSPACE_ID"
+    exit 1
+fi
+
+if [[ -z "${AUTH0_USERDATA:-}" ]]; then
+    echo "Error: AUTH0_USERDATA environment variable not set"
+    echo "Please set: AUTH0_USERDATA (path to Auth0 user data JSON file)"
+    exit 1
+fi
+
+if [[ "${RESERVE_ONLY:-false}" != "true" ]] && [[ -z "${AUTH0_PWEXPORT:-}" ]]; then
+    echo "Error: AUTH0_PWEXPORT environment variable not set"
+    echo "Please set: AUTH0_PWEXPORT (path to password hashes JSON file)"
+    echo "Or set RESERVE_ONLY=true to skip password import"
+    exit 1
+fi
+
 create_payload() {
     unset payload
     ory_schema_id='preset://email'
@@ -21,7 +43,7 @@ create_payload() {
                 '{schema_id: $sid,
                   traits:
                     {email: $em},
-                    metadata_admin: "auth0",
+                    metadata_admin: {origin: "auth0"},
                      credentials:
                          {password:
                              {config:
@@ -35,7 +57,7 @@ create_identity() {
         echo "please supply a valid payload"
         exit 1
     else
-        echo $payload | ory import identities --project $ORY_PROJECT_ID --workspace $ORY_WORKSPACE_ID
+        echo $payload | ory import identities --workspace $ORY_WORKSPACE_ID --project $ORY_PROJECT_ID
     fi
 }
 
@@ -47,13 +69,15 @@ if [[ "${RESERVE_ONLY}" == "true" ]]; then
         create_identity
     done
 else
-    # add passwords to user data by email
-    pw_hashes=$(cat "${AUTH0_PWEXPORT}" | jq -s "." | jq "map({email, passwordHash})")
-    auth0_alldata=$(jq 'JOIN(INDEX(inputs[];.email);.[];.email;add)' <(cat "${AUTH0_USERDATA}") <(echo "$pw_hashes") | jq -s ".")
+    # Create an index from passwords file and merge with user data
+    auth0_alldata=$(jq --slurpfile pw "${AUTH0_PWEXPORT}" \
+        '($pw[0] | INDEX(.email)) as $pw_index | 
+         . | map(. + {passwordHash: (if $pw_index[.email] then $pw_index[.email].passwordHash else null end)})' \
+        "${AUTH0_USERDATA}")
 
     echo "$auth0_alldata" | jq -r '.[] | .email, .passwordHash' | while read email && read pwhash; do
         create_payload
-        create_identity $payload
+        create_identity
     done
 
 fi