Stats
Actions
Tags
From auth0
Adds session-based authentication to Fastify web apps using Auth0. Handles login, logout, and protected routes via @auth0/auth0-fastify.
How this skill is triggered — by the user, by Claude, or both
Slash command
/auth0:auth0-fastifyThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Add authentication to Fastify web applications using @auth0/auth0-fastify.
Add authentication to Fastify web applications using @auth0/auth0-fastify.
auth0-quickstart skill firstauth0-react, auth0-vue, or auth0-angular for client-side authauth0-nextjs skill which handles both client and serverauth0-react-native for React Native/Expo@auth0/auth0-fastify-api instead for JWT validation without sessionsnpm install @auth0/auth0-fastify fastify @fastify/view ejs dotenv
Create .env:
AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret
SESSION_SECRET=<openssl-rand-hex-64>
APP_BASE_URL=http://localhost:3000
Generate secret: openssl rand -hex 64
Create your Fastify server (server.js):
import 'dotenv/config';
import Fastify from 'fastify';
import fastifyAuth0 from '@auth0/auth0-fastify';
import fastifyView from '@fastify/view';
import ejs from 'ejs';
const fastify = Fastify({ logger: true });
// Register view engine
await fastify.register(fastifyView, {
engine: { ejs },
root: './views',
});
// Configure Auth0 plugin
await fastify.register(fastifyAuth0, {
domain: process.env.AUTH0_DOMAIN,
clientId: process.env.AUTH0_CLIENT_ID,
clientSecret: process.env.AUTH0_CLIENT_SECRET,
appBaseUrl: process.env.APP_BASE_URL,
sessionSecret: process.env.SESSION_SECRET,
});
fastify.listen({ port: 3000 });
This automatically creates:
/auth/login - Login endpoint/auth/logout - Logout endpoint/auth/callback - OAuth callback// Public route
fastify.get('/', async (request, reply) => {
const session = await fastify.auth0Client.getSession({ request, reply });
return reply.view('views/home.ejs', {
isAuthenticated: !!session,
});
});
// Protected route
fastify.get('/profile', {
preHandler: async (request, reply) => {
const session = await fastify.auth0Client.getSession({ request, reply });
if (!session) {
return reply.redirect('/auth/login');
}
}
}, async (request, reply) => {
const user = await fastify.auth0Client.getUser({ request, reply });
return reply.view('views/profile.ejs', { user });
});
Start your server:
node server.js
Visit http://localhost:3000 and test the login flow.
| Mistake | Fix |
|---|---|
| Forgot to add callback URL in Auth0 Dashboard | Add /auth/callback path to Allowed Callback URLs (e.g., http://localhost:3000/auth/callback) |
| Missing or weak SESSION_SECRET | Generate secure 64-char secret with openssl rand -hex 64 and store in .env |
| App created as SPA type in Auth0 | Must be Regular Web Application type for server-side auth |
| Session secret exposed in code | Always use environment variables, never hardcode secrets |
| Wrong appBaseUrl for production | Update APP_BASE_URL to match your production domain |
| Not awaiting fastify.register | Fastify v4+ requires awaiting plugin registration |
auth0-quickstart - Basic Auth0 setupauth0-migration - Migrate from another auth providerauth0-mfa - Add Multi-Factor Authenticationauth0-cli - Manage Auth0 resources from the terminalPlugin Options:
domain - Auth0 tenant domain (required)clientId - Auth0 client ID (required)clientSecret - Auth0 client secret (required)appBaseUrl - Application URL (required)sessionSecret - Session encryption secret (required, min 64 chars)audience - API audience (optional, for calling APIs)Client Methods:
fastify.auth0Client.getSession({ request, reply }) - Get user sessionfastify.auth0Client.getUser({ request, reply }) - Get user profilefastify.auth0Client.getAccessToken({ request, reply }) - Get access tokenfastify.auth0Client.logout(options, { request, reply }) - Logout userCommon Use Cases:
preHandler to check session (see Step 4)!!sessiongetUser({ request, reply })getAccessToken({ request, reply })npx claudepluginhub auth0/agent-skills --plugin auth0Secures Fastify API endpoints with Auth0 JWT Bearer token validation and scope/permission checks. Integrates @auth0/auth0-fastify-api for stateless authentication of REST APIs.
Implement and validate FastAPI authentication strategies including JWT tokens, OAuth2 password flows, OAuth2 scopes for permissions, and Supabase integration. Use when implementing authentication, securing endpoints, handling user login/signup, managing permissions, integrating OAuth providers, or when user mentions JWT, OAuth2, Supabase auth, protected routes, access control, role-based permissions, or authentication errors.
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.