← Back to Skills Marketplace

Auth0 Fastify API

Name: Auth0 Fastify API
Author: auth0

by Auth0 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install auth0-fastify-api

Description

Use when securing Fastify API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates @auth0/auth0-fastify-api fo...

README (SKILL.md)

Auth0 Fastify API Integration

Protect Fastify API endpoints with JWT access token validation using @auth0/auth0-fastify-api.

Prerequisites

Fastify API application (v5.x or newer)
Node.js 20 LTS or newer
Auth0 API configured (not Application - must be API resource)
If you don't have Auth0 set up yet, use the auth0-quickstart skill first

When NOT to Use

Server-rendered web applications - Use @auth0/auth0-fastify for session-based auth
Single Page Applications - Use auth0-react, auth0-vue, or auth0-angular for client-side auth
Next.js applications - Use auth0-nextjs skill
Mobile applications - Use auth0-react-native for React Native/Expo

Quick Start Workflow

1. Install SDK

npm install @auth0/auth0-fastify-api fastify dotenv

2. Create Auth0 API

You need an API (not Application) in Auth0:

# Using Auth0 CLI
auth0 apis create \
  --name "My Fastify API" \
  --identifier https://my-api.example.com

Or create manually in Auth0 Dashboard → Applications → APIs

3. Configure Environment

Create .env:

AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_AUDIENCE=https://my-api.example.com

4. Configure Auth Plugin

Create your Fastify server (server.js):

import 'dotenv/config';
import Fastify from 'fastify';
import fastifyAuth0Api from '@auth0/auth0-fastify-api';

const fastify = Fastify({ logger: true });

// Register Auth0 API plugin
await fastify.register(fastifyAuth0Api, {
  domain: process.env.AUTH0_DOMAIN,
  audience: process.env.AUTH0_AUDIENCE,
});

fastify.listen({ port: 3001 });

5. Protect Routes

// Public route - no authentication
fastify.get('/api/public', async (request, reply) => {
  return {
    message: 'Hello from a public endpoint!',
    timestamp: new Date().toISOString(),
  };
});

// Protected route - requires valid JWT
fastify.get('/api/private', {
  preHandler: fastify.requireAuth()
}, async (request, reply) => {
  return {
    message: 'Hello from a protected endpoint!',
    user: request.user.sub,
    timestamp: new Date().toISOString(),
  };
});

// Protected route with user info
fastify.get('/api/profile', {
  preHandler: fastify.requireAuth()
}, async (request, reply) => {
  return {
    profile: request.user,  // JWT claims
  };
});

6. Test API

Test public endpoint:

curl http://localhost:3001/api/public

Test protected endpoint (requires access token):

curl http://localhost:3001/api/private \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Common Mistakes

Mistake	Fix
Created Application instead of API in Auth0	Must create API resource in Auth0 Dashboard → Applications → APIs
Missing Authorization header	Include `Authorization: Bearer \x3Ctoken>` in all protected endpoint requests
Wrong audience in token	Client must request token with matching `audience` parameter
Using ID token instead of access token	Must use access token for API auth, not ID token
Not handling 401/403 errors	Implement proper error handling for unauthorized/forbidden responses

Related Skills

auth0-quickstart - Basic Auth0 setup
auth0-fastify - For server-rendered Fastify web apps with sessions
auth0-mfa - Add Multi-Factor Authentication

Quick Reference

Plugin Options:

domain - Auth0 tenant domain (required)
audience - API identifier from Auth0 API settings (required)

Request Properties:

request.user - Decoded JWT claims object
request.user.sub - User ID (subject)

Middleware:

fastify.requireAuth() - Protect route with JWT validation
fastify.requireAuth({ scopes: 'read:data' }) - Require specific scope
fastify.requireAuth({ scopes: ['read:data', 'write:data'] }) - Require specific scopes

Common Use Cases:

Protect routes → Use preHandler: fastify.requireAuth() (see Step 5)
Get user ID → request.user.sub
Custom claims → Access via request.user['namespace/claim']

References

Usage Guidance

This skill appears to be a straightforward Auth0 + Fastify integration, but metadata and runtime instructions don't fully match. Before installing or using it: 1) Treat AUTH0_DOMAIN and AUTH0_AUDIENCE as required configuration — the skill should declare them; avoid pasting sensitive management credentials into .env unless you understand where they will be stored. 2) If you plan to run the example auth0 CLI command, recognize that requires Auth0 management credentials (not declared by the skill). 3) Install dependencies (npm install @auth0/auth0-fastify-api fastify dotenv) yourself in a controlled/dev environment and inspect package sources and versions. 4) Confirm the skill will not read other environment variables or files you consider sensitive. 5) Prefer obtaining the skill from an official, versioned repository (the SKILL.md points to Auth0's repos) and verify that the package names are official. If the publisher cannot clarify the undeclared env vars and CLI credential requirements, treat the mismatch as a red flag and proceed cautiously.

Capability Analysis

Type: OpenClaw Skill Name: auth0-fastify-api Version: 1.0.0 The skill bundle provides standard documentation and code snippets for integrating Auth0 JWT authentication into a Fastify API using the @auth0/auth0-fastify-api package. All instructions, including the use of the Auth0 CLI and environment variable configuration in SKILL.md, are consistent with legitimate authentication workflows and show no signs of malicious intent, data exfiltration, or prompt injection.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

Name, description, and SKILL.md consistently describe integrating @auth0/auth0-fastify-api to protect Fastify endpoints with JWTs. The steps, examples, and references match the stated purpose.

⚠ Instruction Scope

The SKILL.md instructs creating and reading a .env (AUTH0_DOMAIN, AUTH0_AUDIENCE) and running commands (npm install, optional auth0 CLI usage). The skill metadata declared no required environment variables or binaries — the runtime instructions therefore implicitly require access to environment variables and developer tooling that the metadata doesn't advertise.

ℹ Install Mechanism

There is no install spec (instruction-only), which is low risk. However, the instructions explicitly require running npm install and optionally the Auth0 CLI; these will fetch and execute code from third-party sources at runtime. This is expected for an integration skill but worth noting because the skill itself doesn't enumerate or manage those installs.

⚠ Credentials

The skill asks the developer to populate AUTH0_DOMAIN and AUTH0_AUDIENCE in .env and the code samples read process.env.*. Yet requires.env is empty. Additionally, creating an Auth0 API via the auth0 CLI implies use of Auth0 management credentials (not declared). The skill requests or uses environment/config values without declaring them, which is disproportionate to the declared metadata.

✓ Persistence & Privilege

always is false and there is no install step that modifies other skills or system-wide agent settings. The skill does not request persistent platform privileges in its metadata.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install auth0-fastify-api
After installation, invoke the skill by name or use /auth0-fastify-api
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of auth0-fastify-api skill. - Secure Fastify API endpoints using JWT Bearer token validation via @auth0/auth0-fastify-api. - Supports permission checks, stateless authentication, and integration with REST APIs receiving Auth0-issued access tokens. - Includes quick start setup, example code, troubleshooting tips, and references for protecting API routes. - Describes when to use this skill and alternative options for web or mobile apps. - Provides quick reference for plugin options, middleware usage, and common mistakes.

Metadata

Slug auth0-fastify-api

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Auth0 Fastify API?

Use when securing Fastify API endpoints with JWT Bearer token validation, scope/permission checks, or stateless auth - integrates @auth0/auth0-fastify-api fo... It is an AI Agent Skill for Claude Code / OpenClaw, with 67 downloads so far.

How do I install Auth0 Fastify API?

Run "/install auth0-fastify-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Auth0 Fastify API free?

Yes, Auth0 Fastify API is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Auth0 Fastify API support?

Auth0 Fastify API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Auth0 Fastify API?

It is built and maintained by Auth0 (@auth0); the current version is v1.0.0.

More Skills