Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
@auth0/auth0-fastify-api
Advanced tools
The Auth0 Fastify-API SDK is a library for protecting API's in Fastify applications.
📚 Documentation - 🚀 Getting Started - 💬 Feedback
Documentation
- Examples - examples for your different use cases.
- Docs Site - explore our docs site and learn more about Auth0.
Getting Started
1. Install the SDK
npm i @auth0/auth0-fastify-api
This library requires Node.js 20 LTS and newer LTS versions.
3. Register the Auth0 Fastify plugin for APIs
Register the Auth0 fastify plugin for API's with the Fastify instance.
import fastifyAuth0Api from '@auth0/auth0-fastify-api';
const fastify = Fastify({
logger: true,
});
fastify.register(fastifyAuth0Api, {
domain: '<AUTH0_DOMAIN>',
audience: '<AUTH0_AUDIENCE>',
});
The AUTH0_DOMAIN can be obtained from the Auth0 Dashboard once you've created an API.
The AUTH0_AUDIENCE is the identifier of the API that is being called. You can find this in the API section of the Auth0 dashboard.
Protecting API Routes
In order to protect an API route, you can use the SDK's requireAuth() method in a preHandler:
fastify.register(() => {
fastify.get(
'/protected-api',
{
preHandler: fastify.requireAuth(),
},
async (request: FastifyRequest, reply) => {
return `Hello, ${request.user.sub}`;
}
);
});
The SDK exposes the claims, extracted from the token, as the user property on the FastifyRequest object.
In order to use a custom user type to represent custom claims, you can configure the Token type in a module augmentation:
declare module '@auth0/auth0-fastify-api' {
interface Token {
id: number;
name: string;
age: number;
}
}
Doing so will change the user type on the FastifyRequest object automatically:
fastify.register(() => {
fastify.get(
'/protected-api',
{
preHandler: fastify.requireAuth(),
},
async (request: FastifyRequest, reply) => {
return `Hello, ${request.user.name}`;
}
);
});
[!IMPORTANT]
The above is to protect API routes by the means of a bearer token, and not server-side rendering routes using a session.
Feedback
Contributing
We appreciate feedback and contribution to this repo! Before you get started, please read the following:
- Auth0's general contribution guidelines
- Auth0's code of conduct guidelines
- This repo's contribution guide
Raise an issue
To provide feedback or report a bug, please raise an issue on our issue tracker.
Vulnerability Reporting
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
What is Auth0?
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.
Keywords
FAQs
Auth0 SDK for Fastify API's on JavaScript runtimes
We found that @auth0/auth0-fastify-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 43 open source maintainers collaborating on the project.
Package last updated on 02 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025