Skip to content

auth0/auth0-fastify

Repository files navigation

Auth0-Fastify Auth0-Fastify Mono Repo, containing SDKs for implementing user authentication in Fastify applications.

Release Downloads License Ask DeepWiki

📚 Packages - 🔎 Features - 💬 Feedback

Packages

Two SDKs — pick the one that matches your application:

  • @auth0/auth0-fastify — for server-rendered web apps where users log in. Authenticates with an encrypted browser session cookie and handles login, logout, callback, and session management.
  • @auth0/auth0-fastify-api — for APIs / resource servers consumed by SPAs, mobile, or services. Authenticates with an Authorization: Bearer <access_token> and authorizes by scopes and claims.

Features

Jump straight to the capability you need.

@auth0/auth0-fastify — Web applications

Feature What it does
Quick start Register the Auth0 plugin with fastify.register in a few lines
Built-in routes /auth/login, /auth/logout, /auth/callback, back-channel logout
Custom login / logout / callback Roll your own routes instead of the mounted ones
Configure mounted routes Disable the built-in routes or add account-linking routes
Protect a route with a session Gate server-rendered pages behind a login session
Get the current session / user Read the authenticated user with getUser() / getSession()
Call an API (getAccessToken) Get an access token to call APIs as the user
Custom Token Exchange Create a session from an external token without a browser login
Multiple Custom Domains (MCD) Resolve the Auth0 domain per request
Custom fetch Swap in your own fetch (proxies, retries, instrumentation)
Discovery cache Control caching of OIDC discovery metadata and JWKS

@auth0/auth0-fastify-api — APIs

Feature What it does
Quick start Protect an API with fastify.register in a few lines
Protect an API route (requireAuth) Require a valid bearer access token in a preHandler
Read token claims (request.user) Access claims extracted from the verified token
Custom token / user type Type your custom claims via module augmentation
DPoP (proof-of-possession) Bind access tokens to a client key pair (RFC 9449)
On-Behalf-Of Token Exchange Exchange the caller's token for a downstream API token
Multiple Custom Domains (MCD) Accept tokens from multiple issuer domains of one tenant
Custom fetch Swap in your own fetch (proxies, retries, instrumentation)
Discovery cache Control caching of discovery metadata and signing keys

Running Examples

The following examples can be found in the examples directory:

Before running the examples, you need to install the dependencies for the monorepo and build all the packages.

  1. Install depedencies
$ npm install
  1. Build all packages
$ npm run build
  1. Follow example instructions

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please read the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

What is Auth0?

Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.

About

Mono Repo, containing SDKs for implementing user authentication and protecting API's in Fastify applications.

Topics

Resources

Contributing

Security policy

Stars

7 stars

Watchers

10 watching

Forks

Packages

 
 
 

Contributors