Gathering detailed insights and metrics for fastify-aws-jwt-verify
Gathering detailed insights and metrics for fastify-aws-jwt-verify
Fastify plugin wrapper around aws-jwt-verify for JWT authorization with AWS Cognito
1.0.7
6
NOASSERTION
TypeScript
21.56 kB
Installations
npm install fastify-aws-jwt-verifyDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
20.18.1
NPM Version
10.8.2
Releases
8
Languages
2
TypeScript
JavaScript
TypeScript (96.5%)
JavaScript (3.5%)
Developer
graybrace
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
NOASSERTION License
6 Stars
21 Commits
1 Forks
1 Watchers
7 Branches
1 Contributors
Updated on May 26, 2025
Maintainers
1
Package Meta Information
Latest Version
1.0.7
Package Id
fastify-aws-jwt-verify@1.0.7
Unpacked Size
21.56 kB
Size
5.79 kB
File Count
19
NPM Version
10.8.2
Node Version
20.18.1
Published on
Dec 27, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
fastify-aws-jwt-verify
Fastify plugin wrapper around aws-jwt-verify for JWT authentication/authorization with AWS Cognito
The options provided to the plugin registration are passed directly to CognitoJwtVerifier.create with helpers for ease of reuse.
Install
npm i fastify-aws-jwt-verify
Usage
Register as a plugin, providing the following options:
tokenProvider
Either use a built-in method for extracting the JWT token from a request or provide your own
Built-in method(s)
Bearer: Follow the Bearer Authorization scheme, where the token is provided via theAuthorizationheader with valueBearer <TOKEN>
Custom token provider
Accept the FastifyRequest object and return the extracted string token, e.g.
1await fastify.register(FastifyAwsJwtVerify, { 2 tokenProvider: req => { 3 if ('X-Auth-Token' in req.headers) { 4 return req.headers['X-Auth-Token'] 5 } else { 6 throw new Unauthorized("Missing 'X-Auth-Token' header") 7 } 8 }, 9 userPoolId: 'user-pool-id' 10})
User pool options
Plugin configuration supports scenarios for both a single user pool or multiple potential user pools.
Single user pool
For a single user pool, set verifier fields in the top-level plugin configuration object, e.g.
1await fastify.register(FastifyAwsJwtVerify, { 2 clientId: 'app-client-id', 3 tokenProvider: 'Bearer', 4 tokenUse: 'access', 5 userPoolId: 'user-pool-id' 6})
For complete set of options, see the aws-jwt-verify package documentation
Multiple user pools
For multiple user pools, set verifier fields in the pools field of the plugin configuration, e.g.
1await fastify.register(FastifyAwsJwtVerify, { 2 pools: [ 3 { 4 clientId: 'app-client-id-1', 5 tokenUse: 'access', 6 userPoolId: 'user-pool-1' 7 }, 8 { 9 clientId: 'app-client-id-2', 10 tokenUse: 'access', 11 userPoolId: 'user-pool-2' 12 } 13 ], 14 tokenProvider: 'Bearer' 15})
For complete set of options, see the aws-jwt-verify package documentation
Request handlers
Registering the plugin on its own does not require authentication/authorization on any route. Three decorators are provided to simplify attaching handlers.
auth.require(options?: FastifyAwsJwtVerifyOptions)
If no options provided, requires authorization based on the options provided at plugin registration time. This is the simplest usage.
1fastify.addHook('onRequest', fastify.auth.require())
If any option is provided, it overrides the corresponding option in the base plugin configuration options. (Note: Providing the pools field here overrides the entire pools field in the base options.)
1fastify.addHook('onRequest', fastify.auth.require({ 2 groups: [ 'Administrators', 'Moderators' ] 3}))
auth.client(...clientIds: string[])
Specify allowed client IDs in place of the base configuration options, e.g.
1fastify.addHook('onRequest', fastify.auth.client( 'app-client-1', 'app-client-2' ))
This is semantically equivalent to
1fastify.addHook('onRequest', fastify.auth.require({ 2 clientId: [ 'app-client-1', 'app-client-2' ] 3}))
auth.groups(...groups: string[])
Specify allowed groups in place of the base configuration options, e.g.
1fastify.addHook('onRequest', fastify.auth.groups( 'Administrators', 'Moderators' ))
This is semantically equivalent to
1fastify.addHook('onRequest', fastify.auth.require({ 2 groups: [ 'Administrators', 'Moderators' ] 3}))
User payload
Upon successful JWT verification, the request is decorated with the decoded user payload in the user field.
1fastify.post('/item', { 2 onRequest: fastify.auth.groups('Administrators') 3}, req => { 4 fastify.log.info(`User: ${req.user}`) 5 // Add item 6})
Example
1const fastify = Fastify() 2 3await fastify.register(fp(fastifyAwsJwtVerifyPlugin), { 4 clientId: 'app-client-1', 5 tokenProvider: 'Bearer', 6 tokenUse: 'access', 7 userPoolId: 'user-pool-1' 8}) 9 10// No authorization required 11await fastify.get('/', req => { /** Handle request **/ }) 12 13// Require authorization based on registration options 14await fastify.get('/account', { 15 onRequest: fastify.auth.require() 16}, req => { /** Handle request **/ }) 17 18// Administrators group membership required 19await fastify.post('/item', { 20 onRequest: fastify.auth.groups('Administrators') 21}, req => { /** Handle request **/ })
License
Licensed under Apache 2.0
No vulnerabilities found.
No security vulnerabilities found.