Which identity providers are supported?

Supports Auth0, Keycloak, Okta, AWS Cognito, and Azure AD B2C via API or CLI.

How is migration validated?

Validation includes loginTests and tokenTests described in the Output Schema; run these to confirm success and preparedness for rollback.

authentication-migrator

npx machina-cli add skill a5c-ai/babysitter/authentication-migrator --openclaw

Files (1)

SKILL.md

2.2 KB

Authentication Migrator Skill

Migrates authentication systems, handling credential migration, session-to-token conversion, and identity provider integration.

Purpose

Enable authentication modernization for:

Credential migration
Session to token conversion
OAuth2/OIDC setup
MFA migration
Identity provider integration

Capabilities

1. Credential Migration

Extract user credentials
Hash conversion
Secure transfer
Validation testing

2. Session to Token Conversion

Migrate from sessions
Implement JWT tokens
Handle refresh tokens
Manage token lifecycle

3. OAuth2/OIDC Setup

Configure authorization server
Set up flows
Implement scopes
Handle client credentials

4. MFA Migration

Transfer MFA settings
Support multiple methods
Handle device registration
Manage recovery codes

5. Identity Provider Integration

Configure IdP connections
Set up federation
Handle SAML/OIDC
Manage user sync

6. User Migration Scripts

Generate migration scripts
Handle data transformation
Validate migration
Support rollback

Tool Integrations

Tool	Purpose	Integration Method
Auth0	Identity platform	API
Keycloak	Open source IdP	API/CLI
Okta	Identity management	API
AWS Cognito	AWS identity	CLI
Azure AD B2C	Azure identity	CLI

Output Schema

{
  "migrationId": "string",
  "timestamp": "ISO8601",
  "users": {
    "total": "number",
    "migrated": "number",
    "failed": "number"
  },
  "credentials": {
    "passwords": "number",
    "mfaDevices": "number"
  },
  "configuration": {
    "oauth2": {},
    "idpConnections": []
  },
  "validation": {
    "loginTests": {},
    "tokenTests": {}
  }
}

Integration with Migration Processes

authentication-modernization: Primary migration tool

Related Skills

compliance-validator: Security compliance

Related Agents

authentication-migration-agent: Migration orchestration

Source

git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/specializations/code-migration-modernization/skills/authentication-migrator/SKILL.md

View on GitHub

Overview

The authentication-migrator automates end-to-end authentication modernization, handling credential migration, session-to-token conversion, OAuth2/OIDC setup, MFA migration, and IdP integration. It supports multiple identity providers (Auth0, Keycloak, Okta, AWS Cognito, Azure AD B2C) and outputs a structured migration result for validation and rollback.

How This Skill Works

The tool sequence starts with credential extraction, hash conversion, and secure transfer. It then configures an OAuth2/OIDC authorization server, implements JWT-based sessions with refresh tokens, and establishes IdP connections (SAML/OIDC). It also generates user migration scripts, performs validation tests, and provides rollback support if issues arise.

When to Use It

When migrating from legacy credential storage to modern hashed passwords.
When transforming session-based authentication to JWT tokens with proper lifecycles.
When setting up a centralized OAuth2/OIDC authorization server.
When migrating or consolidating MFA configurations across systems.
When integrating with external identity providers (SAML/OIDC) and syncing user data.

Quick Start

Step 1: Define the migration scope and gather current credential, MFA, and IdP data.
Step 2: Implement credential migration, session-to-token conversion, and OAuth2/OIDC setup; configure IdP connections.
Step 3: Run validation tests (loginTests and tokenTests) and prepare rollback procedures.

Best Practices

Plan credential migration with compatible hashing algorithms and re-hashing logic.
Run migration in a staging environment and validate with loginTests and tokenTests.
Design and test a rollback script to revert changes if needed.
Version-control OAuth2/OIDC configurations and IdP connections.
Thoroughly test MFA flows across devices and recovery codes.

Example Use Cases

Migrate from a legacy password store to Keycloak using credential migration and session-to-token conversion.
Configure Auth0 as the IdP and set up OAuth2/OIDC flows via API for a new application.
Migrate from Okta to a centralized OAuth2 server while preserving MFA settings using API/CLI.
Migrate AWS Cognito-based authentication to a JWT-based flow via CLI.
Integrate Azure AD B2C for enterprise users using federation (SAML/OIDC) and user sync.

Frequently Asked Questions

Add this skill to your agents