feat: Migration section overhaul

[tamalchowdhury]

This PR makes a significant overhaul to the migrate to Kinde section. Making it easier for businesses with existing user base to migrate to Kinde.

The update adds these new providers -making them a starting point for clients coming from these providers and future expansion capabilities.

• Clerk
• Supabase
• Firebase
• AWS Cognito
• Azure B2C

The update also creates dedicated pages for these resources for:

• Bulk import
• Create user with Kinde API
• Drip-feed migration (reference + full tutorial)

The PR also updates the existing index page and Auth0 page with new clear instructions and options for them to migrate.

This new addition will help reduce support tickets, increase visibility from search and AI, and overall improve the client onboarding experience.

Summary by CodeRabbit

• Documentation
  • Added migration guides for Clerk, Firebase Auth, AWS Cognito, Azure B2C, Supabase, Auth0 and a rewritten migration hub
  • New how-tos/tutorials: bulk import, drip-feed migration, drip-feed tutorial, API-based user provisioning, create-users API
  • Expanded export/import mappings, supported hashed-password notes, migration strategy options, testing/troubleshooting, and consolidated support links

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Documentation additions and rewrites in "Switch to Kinde": new provider-specific migration guides (Auth0, Clerk, Supabase, Firebase, AWS Cognito, Azure B2C), a migration hub, bulk-import and drip-feed migration guides/tutorials, an API-based user provisioning guide, and frontmatter updates to workflow/example pages.

Changes

Migration documentation and drip-feed workflow

Layer / File(s)	Summary
Frontmatter / Metadata src/content/docs/.../auth0-to-kinde.mdx, .../aws-cognito-to-kinde.mdx, .../azure-b2c-to-kinde.mdx, .../clerk-to-kinde.mdx, .../firebase-to-kinde.mdx, .../supabase-to-kinde.mdx, .../migrate-users-bulk-import.mdx, .../drip-feed-migration.mdx, .../create-users-with-api.mdx, .../switch-to-kinde-for-user-authentication.mdx, .../existing-password-provided-workflow.mdx, .../workflows/drip-feed-migration.mdx	Added or updated frontmatter (titles, sidebar labels/order, relatedArticles, descriptions, topics/keywords, updated dates, ai_summary, and feature flags) across migration and workflow pages.
Migration hub & high-level guides src/content/docs/get-started/switch-to-kinde/switch-to-kinde-for-user-authentication.mdx, .../drip-feed-migration.mdx, .../migrate-users-bulk-import.mdx, .../create-users-with-api.mdx	Introduced a migration overview hub and dedicated high-level guides for drip-feed migration, bulk import guidance, and API-based user provisioning.
Provider export & mapping guides src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx, .../clerk-to-kinde.mdx, .../firebase-to-kinde.mdx, .../aws-cognito-to-kinde.mdx, .../azure-b2c-to-kinde.mdx, .../supabase-to-kinde.mdx	Added or rewrote provider-specific migration pages with export instructions, provider-specific field/CSV/JSON mappings, supported hashing details, and recommended migration paths (drip-feed, bulk import, hard cutover).
Bulk import reference src/content/docs/get-started/switch-to-kinde/migrate-users-bulk-import.mdx	New bulk-import guide covering CSV schema, supported hashing/salt handling, validation/pre-import checks, dashboard import steps, and post-import operational notes.
Drip-feed workflow tutorial / examples src/content/docs/workflows/workflow-tutorials/drip-feed-migration.mdx, src/content/docs/workflows/example-workflows/existing-password-provided-workflow.mdx, src/content/docs/get-started/switch-to-kinde/drip-feed-migration.mdx	Added a full drip-feed tutorial with generic and provider-specific workflow code (Auth0, Cognito, Azure B2C), Kinde configuration, deployment/testing, and decommissioning guidance; linked example workflow to the tutorial.
API-based provisioning src/content/docs/get-started/switch-to-kinde/create-users-with-api.mdx	New Management API guide describing check/create/set-password flows, supported hashing methods for PUT password, migration-window sync pattern, and rate-limit/batching guidance.
Auth0 doc rewrite & minor updates src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx, .../existing-password-provided-workflow.mdx	Auth0 page reorganized (What you need, Key considerations, explicit export steps, three migration methods, mappings); workflow example updated with expanded ai_summary and link to drip-feed tutorial.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant KindeAuth as Kinde (Auth)
  participant Workflow as Kinde Workflow
  participant Legacy as Legacy Auth Provider
  Client->>KindeAuth: Submit sign-in (email + password)
  KindeAuth->>Workflow: Trigger user:existing_password_provided (if user missing)
  Workflow->>Legacy: Validate credentials (ROPC / AdminInitiateAuth / verify)
  Legacy-->>Workflow: Validation result (success / failure)
  alt validation success
    Workflow->>KindeAuth: Create user / set password / mark migrated
    KindeAuth-->>Client: Issue token / complete sign-in
  else validation failure
    KindeAuth-->>Client: Reject sign-in (invalid credentials)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰
Hops through docs and migration lanes,
CSVs, workflows, salted plains,
Sniffing hashes, mapping fields with cheer,
A rabbit's guide to move users near.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: Migration section overhaul' accurately reflects the core objective of this pull request—a comprehensive reorganization and expansion of the migration documentation section.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch tamal/add/clerk-and-firebase-migration-guide

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/content/docs/get-started/switch-to-kinde/clerk-to-kinde.mdx`:
- Line 75: The table row for `hashed_password` uses incorrect terminology
("encrypted"); update the description for the `hashed_password` field to say it
is the user's password hashed with a secure one-way hashing algorithm (e.g.,
salted hash) and not encrypted or reversible—replace "The user's password
encrypted with a hashing algorithm" with a phrase like "The user's password
hashed using a secure one-way hashing algorithm (not reversible)."

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2c4fdd9f-c77b-4e2f-84f0-e719984df276

📥 Commits

Reviewing files that changed from the base of the PR and between 8e9178e and 0094f66.

📒 Files selected for processing (3)

• src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/clerk-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/firebase-to-kinde.mdx

[cloudflare-workers-and-pages]

Deploying kinde-docs-preview with    Cloudflare Pages

Latest commit:	fb6a963
Status:	✅  Deploy successful!
Preview URL:	https://850c1bdb.kinde-docs-preview.pages.dev
Branch Preview URL:	https://tamal-add-clerk-and-firebase.kinde-docs-preview.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx`:
- Line 89: The markdown image reference with alt text "Import from Kinde tool
screen shot" currently uses the literal path "to be added" which will render as
a broken <img>; replace the placeholder path "(to be added)" with a valid image
URL or a relative asset path, or remove the entire markdown image line `![Import
from Kinde tool screen shot](to be added)` if no image is available, ensuring
the content displays correctly.
- Line 84: Reorder and renumber the section headings so steps appear
sequentially: move the "## Step 1: Prepare your Kinde business" section to the
top of the procedure, change "## Export user data from Auth0" to "## Step 2:
Export user data from Auth0", and change "## Step 4: Import into Kinde" to "##
Step 3: Import into Kinde"; also scan the file for any other step headings
(e.g., the heading currently labeled "Step 4" at the diff and the one at lines
172-179) and update their labels and order to produce a contiguous Step 1 → Step
2 → Step 3 flow.
- Around line 121-131: The JSON code block in
src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx incorrectly
includes an HTTP verb/URL line ("POST https://YOUR_DOMAIN/oauth/token") which is
not valid JSON; split the block into two labeled blocks (e.g., an ```http```
block containing the POST line and headers, and a separate ```json``` block
containing only the body starting with "{ \"grant_type\": ... }") so syntax
highlighting is correct and the request is clear.

In `@src/content/docs/get-started/switch-to-kinde/azure-b2c-to-kinde.mdx`:
- Line 81: The `accountEnabled` → `email_verified` mapping is incorrect: remove
the mapping that maps `accountEnabled` to the Kinde `email_verified` column (the
table row containing `accountEnabled` and `email_verified`) and instead either
omit any mapping for `email_verified` so it defaults to FALSE, or move
`accountEnabled` into a non-Kinde field/note; then add a short note beneath the
table stating that if Azure B2C does not track email verification separately,
`email_verified` should be set to FALSE by default.
- Around line 66-69: The GET query's $select list omits givenName and surname
but the column-mapping (mapping givenName → first_name and surname → last_name)
expects them; update the query shown (the GET
https://graph.microsoft.com/v1.0/users?$select=... line) to include givenName
and surname in the comma-separated $select fields so the response contains those
properties and the mapping to first_name/last_name works.

In `@src/content/docs/get-started/switch-to-kinde/create-users-with-api.mdx`:
- Line 61: Fix the typo in the documentation string "A prefered way to use the
Management API (Node.js, Python, etc.) - [see usage
guide](/developer-tools/kinde-api/access-token-for-api/)." by replacing
"prefered" with the correct spelling "preferred" so the sentence reads "A
preferred way to use the Management API (...)" in the file
src/content/docs/get-started/switch-to-kinde/create-users-with-api.mdx (locate
the text "A prefered way to use the Management API" to update).
- Around line 113-121: The JSON example currently shows bcrypt with empty "salt"
and "salt_position" which is misleading; update the bcrypt example by removing
the "salt" and "salt_position" fields (leave "hashed_password",
"hashing_method": "bcrypt", and "is_temporary_password") OR replace it with two
examples: one bcrypt example without salt fields and a separate example for a
scheme that needs external salt (e.g., "hashing_method": "sha256" or "md5") that
includes "salt" and "salt_position"; ensure the snippets reference the same
field names ("hashed_password", "hashing_method", "salt", "salt_position",
"is_temporary_password") so readers and validators see the correct shape per
algorithm.

In `@src/content/docs/get-started/switch-to-kinde/migrate-users-bulk-import.mdx`:
- Around line 127-132: The CSV example row for user "lliu@company.com" contains
a leading space in the external_organization_id field
(`lliu@company.com,Lee,Liu,FALSE,,, xyz002`) which will be parsed as " xyz002";
remove the space so the row reads `lliu@company.com,Lee,Liu,FALSE,,,xyz002`, and
while editing verify there are no other stray leading/trailing spaces in the CSV
sample and that the header `external_organization_id` aligns with the values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2c994d0e-1514-473e-b027-dfba4d6bcc20

📥 Commits

Reviewing files that changed from the base of the PR and between 0094f66 and 73745f8.

📒 Files selected for processing (12)

• src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/aws-cognito-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/azure-b2c-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/clerk-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/create-users-with-api.mdx
• src/content/docs/get-started/switch-to-kinde/drip-feed-migration.mdx
• src/content/docs/get-started/switch-to-kinde/firebase-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/migrate-users-bulk-import.mdx
• src/content/docs/get-started/switch-to-kinde/supabase-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/switch-to-kinde-for-user-authentication.mdx
• src/content/docs/workflows/example-workflows/existing-password-provided-workflow.mdx
• src/content/docs/workflows/workflow-tutorials/drip-feed-migration.mdx

✅ Files skipped from review due to trivial changes (6)

• src/content/docs/get-started/switch-to-kinde/drip-feed-migration.mdx
• src/content/docs/get-started/switch-to-kinde/supabase-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/aws-cognito-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/firebase-to-kinde.mdx
• src/content/docs/workflows/workflow-tutorials/drip-feed-migration.mdx
• src/content/docs/workflows/example-workflows/existing-password-provided-workflow.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• src/content/docs/get-started/switch-to-kinde/clerk-to-kinde.mdx

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx`:
- Line 101: The wording is inconsistent: replace the phrase "You will have a
JSON file to import into Kinde." with "You will have an NDJSON file to import
into Kinde." and add a brief clarifying sentence referencing the earlier note
("Auth0 exports NDJSON") so readers understand the exported format must be
NDJSON (newline-delimited JSON) before import; update the sentence near the
existing "Auth0 exports NDJSON" mention to ensure both lines use "NDJSON"
consistently and, if helpful, note that each line is a JSON record for import
compatibility.
- Line 189: The link text "[drip-feed migration]" in the sentence currently
points to "/get-started/switch-to-kinde/drip-feed-migration/" which differs from
the other occurrence; update this link target so both references use the same
canonical path (match the exact href used at the other occurrence on the page)
by editing the link URL for the "[drip-feed migration]" anchor in this sentence
to the unified path.

In `@src/content/docs/get-started/switch-to-kinde/firebase-to-kinde.mdx`:
- Around line 111-113: Step 2 in the "Sign in to Kinde..." checklist contradicts
earlier guidance about non-migratable Firebase passwords; update the step that
currently reads about signing in with "existing Firebase credentials" to instead
instruct testers to verify first sign-in using the allowed flows
(passwordless/email link, social provider, or the password-reset flow), and
clarify that passwords must be reset if needed; update the numbered step text
and any adjacent explanatory copy in the same snippet to remove mention of
migrating existing passwords and to instruct sending a password-reset or using
the configured passwordless/social flow for verification.
- Around line 83-85: The table currently lists Firebase fields `first_name`,
`last_name`, and `phone` as if they exist in Firebase exports; clarify these are
derived or manually enriched fields and may not be present in Firebase Auth
(which often only has `displayName` and `phoneNumber`). Update the table rows
for "first name", "last name", and "phone number" to note they're derived/manual
(or mapped from `displayName` / `phoneNumber`) and add a short sentence above
the table explaining that Firebase Auth exports may require parsing
`displayName` into first/last or manually enriching phone values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f8357a2a-f736-418d-8e34-4d70670744be

📥 Commits

Reviewing files that changed from the base of the PR and between 73745f8 and 5744e85.

📒 Files selected for processing (7)

• src/content/docs/get-started/switch-to-kinde/auth0-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/aws-cognito-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/azure-b2c-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/clerk-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/firebase-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/supabase-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/switch-to-kinde-for-user-authentication.mdx

✅ Files skipped from review due to trivial changes (4)

• src/content/docs/get-started/switch-to-kinde/clerk-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/supabase-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/azure-b2c-to-kinde.mdx
• src/content/docs/get-started/switch-to-kinde/switch-to-kinde-for-user-authentication.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• src/content/docs/get-started/switch-to-kinde/aws-cognito-to-kinde.mdx

[coderabbitai]

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/workflows/workflow-tutorials/drip-feed-migration.mdx`:
- Around line 373-379: The numbered list is broken because the "Push your
workflow code to GitHub" step (the bash snippet with git add/commit/push) was
placed far below the other steps; move that git push snippet so it immediately
follows the earlier "Create the workflow code" steps (i.e., place the three-line
bash block directly after step 4's code examples or inline within step 4) so the
ordered list continues as "5." instead of restarting; update the surrounding
markdown so the code block remains part of the same numbered list item.
- Around line 264-301: The Cognito AdminInitiateAuth request sent via
kinde.secureFetch lacks AWS Signature V4 signing so it will be rejected; fix by
adding SigV4-signed Authorization (and related X-Amz-*) headers before the call
to kinde.secureFetch that builds cognitoResponse (or replace the call with a
proxy endpoint that performs SigV4 signing server-side), implementing the
signing logic using the Web Crypto API for the edge runtime (or an AWS-signing
helper) and ensuring the signed headers are applied for AuthFlow:
"ADMIN_USER_PASSWORD_AUTH" / AdminInitiateAuth; if you choose not to implement
signing inline, update the code block and surrounding text to call the proxy URL
and/or add a prominent warning that the example is incomplete and requires
SigV4.
- Line 35: The frontmatter contains a placeholder field ai_summary: "hello" that
must be removed or replaced with a real summary; edit the document's frontmatter
to either delete the ai_summary key entirely or update its value to a meaningful
summary string (refer to the ai_summary frontmatter field in this file) before
publishing.
- Line 52: The sentence "Make sure the imported emails are set to
`email_verified` to `TRUE` so it can properly fire on first login." is
grammatically awkward; update it to something like "Make sure the imported
emails have `email_verified` set to TRUE so the trigger can fire on first
login." or "Set `email_verified` to TRUE for imported emails so the trigger can
fire on first login." — edit the sentence in the drip-feed-migration.mdx content
where the phrase "are set to `email_verified` to `TRUE`" appears (refer to that
exact phrase) to one of these clearer alternatives.
- Around line 105-115: There are duplicate and placeholder headings in the
drip-feed migration doc: rename the second "### 2. Deploy the workflow" heading
to "### 3." and either remove the stub block containing "### 2. Setup kinde
application" / "git setup here." or replace it with real steps; specifically,
capitalize "Kinde" in the "Setup kinde application" heading and replace the
placeholder sentence "Set up application in kinde and set password
authentication." with actual setup steps (or delete this stub entirely if the
full deployment instructions from the later "## Step 2: Deploy the workflow"
section will remain); ensure no duplicate step numbering remains and that the
only deployment guidance is the complete content already provided later.
- Around line 141-168: The Workflow uses kindeAPI.post("/api/v1/user") which
will fail for emails that were bulk-imported; instead call GET
/api/v1/users?email={providedEmail} to find the existing user, extract user.id,
and then call kindeAPI.put(`/api/v1/users/${user.id}/password`, { password,
is_temporary_password: false }); replace the create flow in the Workflow
function (and similarly in the Auth0, Cognito and Azure B2C variant handlers) so
you no longer POST /api/v1/user, the code only performs the GET-then-PUT pattern
and the example text should be updated to reflect that the create:users scope is
not required (only update:user_passwords).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5ad0fa39-1d63-4463-aece-6be6a37251a3

📥 Commits

Reviewing files that changed from the base of the PR and between 47c784b and 76b273d.

📒 Files selected for processing (2)

• src/content/docs/get-started/switch-to-kinde/switch-to-kinde-for-user-authentication.mdx
• src/content/docs/workflows/workflow-tutorials/drip-feed-migration.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• src/content/docs/get-started/switch-to-kinde/switch-to-kinde-for-user-authentication.mdx