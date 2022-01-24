Auth0 verification plugin for Fastify, internally uses fastify-jwt.

Installation

Just run:

npm install fastify-auth0-verify --save

Usage

Register as a plugin, providing one or more of the following options:

domain : The Auth0 tenant domain. It enables verification of RS256 encoded JWT tokens. It is also used to verify the token issuer ( iss ). Either provide a domain or the full URL, including the trailing slash ( https://domain.com/ ).

: The Auth0 tenant domain. It enables verification of RS256 encoded JWT tokens. It is also used to verify the token issuer ( ). Either provide a domain or the full URL, including the trailing slash ( ). audience : The Auth0 audience ( aud ), usually the API name. If you provide the value true , the domain will be also used as audience. Accepts a string value, or an array of strings for multiple providers.

: The Auth0 audience ( ), usually the API name. If you provide the value , the domain will be also used as audience. Accepts a string value, or an array of strings for multiple providers. issuer : The Auth0 issuer ( iss ), usually the API name. By default the domain will be also used as audience. Accepts a string value, or an array of strings for multiple issuers.

: The Auth0 issuer ( ), usually the API name. By default the domain will be also used as audience. Accepts a string value, or an array of strings for multiple issuers. secret : The Auth0 client secret. It enables verification of HS256 encoded JWT tokens.

: The Auth0 client secret. It enables verification of HS256 encoded JWT tokens. complete : If to return also the header and signature of the verified token.

: If to return also the header and signature of the verified token. secretsTtl : How long (in milliseconds) to cache RS256 secrets before getting them again using well known JWKS URLS. Setting to 0 or less disables the cache.

: How long (in milliseconds) to cache RS256 secrets before getting them again using well known JWKS URLS. Setting to 0 or less disables the cache. cookie : Used to indicate that the token can be passed using cookie, instead of the Authorization header. cookieName : The name of the cookie.

: Used to indicate that the token can be passed using cookie, instead of the Authorization header.

Once registered, your fastify instance and request will be decorated as describe by fastify-jwt .

In addition, the request will also get the authenticate decorator.

This decorator can be used as preValidation hook to add authenticate to your routes. The token information will be available in request.user .

Example:

const server = require ( 'fastify' )() server.register( require ( 'fastify-auth0-verify' ), { domain : "<auth0 auth domain>" , audience : "<auth0 app audience>" , }) server.register( function ( instance, _options, done ) { instance.get( '/verify' , { handler : function ( request, reply ) { reply.send(request.user) }, preValidation : instance.authenticate }) done() }) server.listen( 0 , err => { if (err) { throw err } })

You can configure there to be more than one Auth0 API audiences:

const server = require ( 'fastify' )() server.register( require ( 'fastify-auth0-verify' ), { domain : '<auth0 auth domain>' , audience : [ '<auth0 app audience>' , '<auth0 admin audience>' ] }) server.register( function ( instance, _options, done ) { instance.get( '/verify' , { handler : function ( request, reply ) { reply.send(request.user) }, preValidation : instance.authenticate }) done() }) server.listen(APP_PORT, err => { if (err) { throw err } })

Contributing

See CONTRIBUTING.md

License

Copyright NearForm Ltd. Licensed under the Apache-2.0 license.