UniAuth.ID
Migrating
Getting StartedQuick StartOIDC Feature MatrixIntegration ChecklistAccount SetupConfigurationAuthenticationMulti-Factor AuthBackup CodesPassword PolicyRoles & PermissionsSessionsOAuth2 / OIDCDevice FlowLogout & PropagationTokensIntegrationsWebhooksSCIM ProvisioningSDKsReactNext.jsPHPLaravelDjangoRailsSpring BootExpressMigratingFrom Auth0API ReferenceError ReferenceRate LimitsSecurityRecovery PhraseOperationsDeploymentChangelog

Migrating from Auth0

UniAuth is a drop-in OIDC provider. If your code uses Auth0's discovery URL and standard OIDC claims, migration is mostly config changes. Here's the mapping.

Endpoint Mapping

Auth0UniAuth
.well-known/openid-configuration.well-known/openid-configuration
.well-known/jwks.json.well-known/jwks.json
/authorize/api/oauth/authorize
/oauth/token/api/oauth/token
/userinfo/api/oauth/userinfo
/v2/logout/api/oauth/end-session
/oauth/revoke/api/oauth/revoke
/oauth/device/code/api/oauth/device
/oauth/token (client_credentials)/api/oauth/token
/oidc/register/api/oauth/register

Best practice: don't hardcode any of these. Your OIDC library should fetch them from the discovery URL. Just replace your Auth0 domain with https://uniauth.id.

Claim Mapping

Auth0 ClaimUniAuth ClaimNotes
subsubPairwise (app-specific) in UniAuth by default — privacy-preserving
emailemailSame
email_verifiedemail_verifiedSame
namenameSame
nicknamenicknameSame
picturepictureSame
https://yourapp.com/rolesgroupsUniAuth uses standard groups scope — no custom namespace
app_metadata.rolegroupsUse groups claim with group membership
https://yourapp.com/tenantorg_id or groupsUse native organizations or groups
amramrSame — array of auth methods
acracrurn:uniauth:acr:{pwd,mfa,passkey}

Key Differences

1. Pairwise Subject Identifiers

Auth0 gives every app the same sub for a user. UniAuth gives each app a different one (HMAC-SHA256 of user ID + client ID). This is a privacy feature — apps can't correlate users across services. If you need to migrate existing users by sub, keep a mapping table or use email as the join key.

2. Custom Claim Namespace

Auth0 requires namespaced claims for custom data (e.g. https://yourapp.com/roles). UniAuth uses standard OIDC claim names — groups, trust_tier, etc. Your code can stop stripping namespaces.

3. Universal Login vs. Your UI

Auth0's Universal Login is customizable but lives on their domain. UniAuth's login page is customizable at Developer Console → Branding (per-client logo, colors, support URLs). Same concept, different UX.

4. Rules / Actions → Custom Claims

Auth0 Rules/Actions map user data into ID tokens. UniAuth uses per-client custom claim mappings configured in the Developer Console — static values, user field references, or role-based.

5. Back-Channel Logout

Auth0 supports back-channel logout (paid plans). UniAuth supports it on every tier. See Logout Guide.

Migration Checklist

  1. Create a UniAuth OAuth client at Developer Console.
  2. Replace Auth0 domain with https://uniauth.id in config.
  3. Update redirect_uri and post_logout_redirect_uri on your OAuth client.
  4. Replace namespaced claim accessors with standard names (groups instead of https://yourapp/roles).
  5. Build a sub-mapping table during cutover if you're preserving user IDs.
  6. Register backchannel_logout_uri for global logout propagation.
  7. Test the full flow against our Integration Checklist.
  8. Export users from Auth0 (bulk export), import into UniAuth (admin CSV import).

Need Help?

Migration support is available — contact us.