Labsco
auth0 logo

auth0-fastify-api

37

by auth0 · part of auth0/agent-skills

Use when securing Fastify API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates @auth0/auth0-fastify-api for…

🔥🔥🔥✓ VerifiedFreeQuick setup
🧩 One of 7 skills in the auth0/agent-skills package — works on its own, and pairs well with its siblings.

Use when securing Fastify API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates @auth0/auth0-fastify-api for…

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.


name: auth0-fastify-api description: > Use when protecting Fastify API endpoints with JWT Bearer token validation or scope checks. Integrates @auth0/auth0-fastify-api for stateless APIs receiving access tokens from frontends or mobile apps. license: Apache-2.0 metadata: author: Auth0 support@auth0.com version: '1.0.0' openclaw: emoji: "\U0001F510" homepage: https://github.com/auth0/agent-skills requires: bins: - auth0

Auth0 Fastify API Integration

Protect Fastify API endpoints with JWT access token validation using @auth0/auth0-fastify-api.


When NOT to Use

  • Server-rendered web applications - Use @auth0/auth0-fastify for session-based auth
  • Single Page Applications - Use auth0-react, auth0-vue, or auth0-angular for client-side auth
  • Next.js applications - Use auth0-nextjs skill
  • Mobile applications - Use auth0-react-native for React Native/Expo

Related Skills

  • auth0-quickstart - Basic Auth0 setup
  • auth0-fastify - For server-rendered Fastify web apps with sessions
  • auth0-mfa - Add Multi-Factor Authentication
  • auth0-cli - Manage Auth0 resources from the terminal

Quick Reference

Plugin Options:

  • domain - Auth0 tenant domain (required)
  • audience - API identifier from Auth0 API settings (required)

Request Properties:

  • request.user - Decoded JWT claims object
  • request.user.sub - User ID (subject)

Middleware:

  • fastify.requireAuth() - Protect route with JWT validation
  • fastify.requireAuth({ scopes: 'read:data' }) - Require specific scope
  • fastify.requireAuth({ scopes: ['read:data', 'write:data'] }) - Require specific scopes

Common Use Cases:

  • Protect routes → Use preHandler: fastify.requireAuth() (see Step 5)
  • Get user ID → request.user.sub
  • Custom claims → Access via request.user['namespace/claim']

References