← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install auth0-fastify
功能描述
Use when adding authentication (login, logout, protected routes) to Fastify web applications - integrates @auth0/auth0-fastify for session-based auth. For st...
使用说明 (SKILL.md)
Auth0 Fastify Integration
Add authentication to Fastify web applications using @auth0/auth0-fastify.
Prerequisites
- Fastify application (v5.x or newer)
- Node.js 20 LTS or newer
- Auth0 account and application configured
- If you don't have Auth0 set up yet, use the
auth0-quickstartskill first
When NOT to Use
- Single Page Applications - Use
auth0-react,auth0-vue, orauth0-angularfor client-side auth - Next.js applications - Use
auth0-nextjsskill which handles both client and server - Mobile applications - Use
auth0-react-nativefor React Native/Expo - Stateless APIs - Use
@auth0/auth0-fastify-apiinstead for JWT validation without sessions - Microservices - Use JWT validation for service-to-service auth
Quick Start Workflow
1. Install SDK
npm install @auth0/auth0-fastify fastify @fastify/view ejs dotenv
2. Configure Environment
Create .env:
AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret
SESSION_SECRET=\x3Copenssl-rand-hex-64>
APP_BASE_URL=http://localhost:3000
Generate secret: openssl rand -hex 64
3. Configure Auth Plugin
Create your Fastify server (server.js):
import 'dotenv/config';
import Fastify from 'fastify';
import fastifyAuth0 from '@auth0/auth0-fastify';
import fastifyView from '@fastify/view';
import ejs from 'ejs';
const fastify = Fastify({ logger: true });
// Register view engine
await fastify.register(fastifyView, {
engine: { ejs },
root: './views',
});
// Configure Auth0 plugin
await fastify.register(fastifyAuth0, {
domain: process.env.AUTH0_DOMAIN,
clientId: process.env.AUTH0_CLIENT_ID,
clientSecret: process.env.AUTH0_CLIENT_SECRET,
appBaseUrl: process.env.APP_BASE_URL,
sessionSecret: process.env.SESSION_SECRET,
});
fastify.listen({ port: 3000 });
This automatically creates:
/auth/login- Login endpoint/auth/logout- Logout endpoint/auth/callback- OAuth callback
4. Add Routes
// Public route
fastify.get('/', async (request, reply) => {
const session = await fastify.auth0Client.getSession({ request, reply });
return reply.view('views/home.ejs', {
isAuthenticated: !!session,
});
});
// Protected route
fastify.get('/profile', {
preHandler: async (request, reply) => {
const session = await fastify.auth0Client.getSession({ request, reply });
if (!session) {
return reply.redirect('/auth/login');
}
}
}, async (request, reply) => {
const user = await fastify.auth0Client.getUser({ request, reply });
return reply.view('views/profile.ejs', { user });
});
5. Test Authentication
Start your server:
node server.js
Visit http://localhost:3000 and test the login flow.
Common Mistakes
| Mistake | Fix |
|---|---|
| Forgot to add callback URL in Auth0 Dashboard | Add /auth/callback path to Allowed Callback URLs (e.g., http://localhost:3000/auth/callback) |
| Missing or weak SESSION_SECRET | Generate secure 64-char secret with openssl rand -hex 64 and store in .env |
| App created as SPA type in Auth0 | Must be Regular Web Application type for server-side auth |
| Session secret exposed in code | Always use environment variables, never hardcode secrets |
| Wrong appBaseUrl for production | Update APP_BASE_URL to match your production domain |
| Not awaiting fastify.register | Fastify v4+ requires awaiting plugin registration |
Related Skills
auth0-quickstart- Basic Auth0 setupauth0-migration- Migrate from another auth providerauth0-mfa- Add Multi-Factor Authentication
Quick Reference
Plugin Options:
domain- Auth0 tenant domain (required)clientId- Auth0 client ID (required)clientSecret- Auth0 client secret (required)appBaseUrl- Application URL (required)sessionSecret- Session encryption secret (required, min 64 chars)audience- API audience (optional, for calling APIs)
Client Methods:
fastify.auth0Client.getSession({ request, reply })- Get user sessionfastify.auth0Client.getUser({ request, reply })- Get user profilefastify.auth0Client.getAccessToken({ request, reply })- Get access tokenfastify.auth0Client.logout(options, { request, reply })- Logout user
Common Use Cases:
- Protected routes → Use
preHandlerto check session (see Step 4) - Check auth status →
!!session - Get user info →
getUser({ request, reply }) - Call APIs →
getAccessToken({ request, reply })
References
安全使用建议
This skill is a documentation-only recipe for adding Auth0 session auth to Fastify and appears coherent. Before using: (1) do not commit .env or secrets to version control; keep AUTH0_CLIENT_SECRET and SESSION_SECRET private and rotate if exposed; (2) ensure you create a Regular Web Application in Auth0 (not SPA) and add the correct callback URL; (3) verify @auth0/auth0-fastify is the official package and review package versions from the npm registry; (4) follow Node/Fastify version requirements (Node 20, Fastify v5+). The registry metadata doesn't declare env vars (the guide does) — that's not dangerous but double-check you only provide Auth0 credentials needed for this app.
功能分析
Type: OpenClaw Skill
Name: auth0-fastify
Version: 1.0.0
The skill bundle provides standard instructions and code snippets for integrating Auth0 authentication into a Fastify application using the official @auth0/auth0-fastify SDK. It follows security best practices, such as using environment variables for secrets and providing guidance on secure session management, with no evidence of malicious intent or suspicious behavior in SKILL.md or _meta.json.
能力标签
能力评估
Purpose & Capability
Name/description match the content: SKILL.md explains integrating @auth0/auth0-fastify into Fastify apps and only asks for packages and Auth0-related config that are directly relevant.
Instruction Scope
Runtime instructions are limited to installing npm packages, creating a .env with Auth0 and session secrets, and registering the plugin in Fastify. The guide does not instruct reading unrelated system files, exfiltrating data, or contacting unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec or remote downloads. It recommends standard npm packages from the registry — no high-risk fetches or archive extraction are involved.
Credentials
The env vars shown in the guide (AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, SESSION_SECRET, APP_BASE_URL) are the expected and necessary credentials/config for Auth0 server-side integration. No unrelated credentials are requested.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system changes. It's a documentation/instruction skill and does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install auth0-fastify - 安装完成后,直接呼叫该 Skill 的名称或使用
/auth0-fastify触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release.
- Adds step-by-step instructions for integrating Auth0 authentication into Fastify web applications using @auth0/auth0-fastify.
- Details setup, environment variables, route configuration, and protected route patterns.
- Lists common mistakes with solutions for easier troubleshooting.
- Provides quick reference for plugin options, client methods, and related skills.
- Includes links to official documentation and repositories for further reference.
元数据
常见问题
Auth0 Fastify 是什么?
Use when adding authentication (login, logout, protected routes) to Fastify web applications - integrates @auth0/auth0-fastify for session-based auth. For st... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 Auth0 Fastify?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install auth0-fastify」即可一键安装,无需额外配置。
Auth0 Fastify 是免费的吗?
是的,Auth0 Fastify 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Auth0 Fastify 支持哪些平台?
Auth0 Fastify 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Auth0 Fastify?
由 Auth0(@auth0)开发并维护,当前版本 v1.0.0。
推荐 Skills