Does anyone have their (node) api service protected by FusionAuth using fastify? I have a simple POC that works with auth0 and the api is protected fairly easily with the below code:
// get variables from environment / enable auth0
fastify.register(require('fastify-auth0-verify'), {
domain: process.env.AUTH0_DOMAIN,
secret: process.env.AUTH0_SECRET
});
// Actually turns on auth0
fastify.addHook("onRequest", async (request, reply) => {
try {
await request.jwtVerify()
} catch (err) {
reply.send(err)
}
});
With the above code I can fairly easily grab the bearer token and pass that into curl (curl -H "Authorization: Bearer ${TOKEN}" ${SRV}/apiV1/users) for both production/testing purposes. If the bearer token is not valid it fails at the request level.
We're not that far along that I couldn't recode this into express to test the differences between the systems, but as it's working with fastify...