Auth0 Fastify Integration

Add authentication to Fastify web applications using @auth0/auth0-fastify.

Prerequisites

• Fastify application (v5.x or newer)
• Node.js 20 LTS or newer
• Auth0 account and application configured
• If you don't have Auth0 set up yet, use the auth0-quickstart skill first

When NOT to Use

• Single Page Applications - Use auth0-react, auth0-vue, or auth0-angular for client-side auth
• Next.js applications - Use auth0-nextjs skill which handles both client and server
• Mobile applications - Use auth0-react-native for React Native/Expo
• Stateless APIs - Use @auth0/auth0-fastify-api instead for JWT validation without sessions
• Microservices - Use JWT validation for service-to-service auth

Quick Start Workflow

1. Install SDK

npm install @auth0/auth0-fastify fastify @fastify/view ejs dotenv

2. Configure Environment

Create .env:

AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret
SESSION_SECRET=<openssl-rand-hex-64>
APP_BASE_URL=http://localhost:3000

Generate secret: openssl rand -hex 64

3. Configure Auth Plugin

Create your Fastify server (server.js):

import 'dotenv/config';
import Fastify from 'fastify';
import fastifyAuth0 from '@auth0/auth0-fastify';
import fastifyView from '@fastify/view';
import ejs from 'ejs';

const fastify = Fastify({ logger: true });

// Register view engine
await fastify.register(fastifyView, {
  engine: { ejs },
  root: './views',
});

// Configure Auth0 plugin
await fastify.register(fastifyAuth0, {
  domain: process.env.AUTH0_DOMAIN,
  clientId: process.env.AUTH0_CLIENT_ID,
  clientSecret: process.env.AUTH0_CLIENT_SECRET,
  appBaseUrl: process.env.APP_BASE_URL,
  sessionSecret: process.env.SESSION_SECRET,
});

fastify.listen({ port: 3000 });

This automatically creates:

• /auth/login - Login endpoint
• /auth/logout - Logout endpoint
• /auth/callback - OAuth callback

4. Add Routes

// Public route
fastify.get('/', async (request, reply) => {
  const session = await fastify.auth0Client.getSession({ request, reply });
  return reply.view('views/home.ejs', {
    isAuthenticated: !!session,
  });
});

// Protected route
fastify.get('/profile', {
  preHandler: async (request, reply) => {
    const session = await fastify.auth0Client.getSession({ request, reply });
    if (!session) {
      return reply.redirect('/auth/login');
    }
  }
}, async (request, reply) => {
  const user = await fastify.auth0Client.getUser({ request, reply });
  return reply.view('views/profile.ejs', { user });
});

5. Test Authentication

Start your server:

node server.js

Visit http://localhost:3000 and test the login flow.

Common Mistakes

Related Skills

• auth0-quickstart - Basic Auth0 setup
• auth0-migration - Migrate from another auth provider
• auth0-mfa - Add Multi-Factor Authentication
• auth0-cli - Manage Auth0 resources from the terminal

Quick Reference

Plugin Options:

• domain - Auth0 tenant domain (required)
• clientId - Auth0 client ID (required)
• clientSecret - Auth0 client secret (required)
• appBaseUrl - Application URL (required)
• sessionSecret - Session encryption secret (required, min 64 chars)
• audience - API audience (optional, for calling APIs)

Client Methods:

• fastify.auth0Client.getSession({ request, reply }) - Get user session
• fastify.auth0Client.getUser({ request, reply }) - Get user profile
• fastify.auth0Client.getAccessToken({ request, reply }) - Get access token
• fastify.auth0Client.logout(options, { request, reply }) - Logout user

Common Use Cases:

• Protected routes → Use preHandler to check session (see Step 4)
• Check auth status → !!session
• Get user info → getUser({ request, reply })
• Call APIs → getAccessToken({ request, reply })

References

• Auth0 Fastify Documentation
• SDK GitHub Repository