1.0.2 ā€¢ Published 6 months ago

@auth0/auth0-fastify-api v1.0.2

Weekly downloads
-
License
MIT
Repository
github
Last release
6 months ago

The Auth0 Fastify-API SDK is a library for protecting API's in Fastify applications.

Release Downloads License

šŸ“š Documentation - šŸš€ Getting Started - šŸ’¬ Feedback

Documentation

  • Examples - examples for your different use cases.
  • Docs Site - explore our docs site and learn more about Auth0.

Getting Started

1. Install the SDK

npm i @auth0/auth0-fastify-api

This library requires Node.js 20 LTS and newer LTS versions.

3. Register the Auth0 Fastify plugin for APIs

Register the Auth0 fastify plugin for API's with the Fastify instance.

import fastifyAuth0Api from '@auth0/auth0-fastify-api';

const fastify = Fastify({
  logger: true,
});

fastify.register(fastifyAuth0Api, {
  domain: '<AUTH0_DOMAIN>',
  audience: '<AUTH0_AUDIENCE>',
});

The AUTH0_DOMAIN can be obtained from the Auth0 Dashboard once you've created an API. The AUTH0_AUDIENCE is the identifier of the API that is being called. You can find this in the API section of the Auth0 dashboard.

Protecting API Routes

In order to protect an API route, you can use the SDK's requireAuth() method in a preHandler:

fastify.register(() => {
  fastify.get(
    '/protected-api',
    {
      preHandler: fastify.requireAuth(),
    },
    async (request: FastifyRequest, reply) => {
      return `Hello, ${request.user.sub}`;
    }
  );
});

The SDK exposes the claims, extracted from the token, as the user property on the FastifyRequest object. In order to use a custom user type to represent custom claims, you can configure the Token type in a module augmentation:

declare module '@auth0/auth0-fastify-api' {
  interface Token {
    id: number;
    name: string;
    age: number;
  }
}

Doing so will change the user type on the FastifyRequest object automatically:

fastify.register(() => {
  fastify.get(
    '/protected-api',
    {
      preHandler: fastify.requireAuth(),
    },
    async (request: FastifyRequest, reply) => {
      return `Hello, ${request.user.name}`;
    }
  );
});

!IMPORTANT
The above is to protect API routes by the means of a bearer token, and not server-side rendering routes using a session.

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please read the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

What is Auth0?

auth0
fastifyfastify-plugin@auth0/auth0-api-js
1.0.2

6 months ago

1.0.1

8 months ago

1.0.0

8 months ago