{"id":15285689,"url":"https://github.com/graybrace/fastify-aws-jwt-verify","last_synced_at":"2025-09-12T10:40:48.347Z","repository":{"id":213752431,"uuid":"733724975","full_name":"graybrace/fastify-aws-jwt-verify","owner":"graybrace","description":"Fastify plugin wrapper around aws-jwt-verify for JWT authorization with AWS Cognito","archived":false,"fork":false,"pushed_at":"2025-03-01T11:13:26.000Z","size":591,"stargazers_count":4,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-26T20:05:32.844Z","etag":null,"topics":["aws-cognito","fastify","fastify-plugin"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graybrace.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-20T01:33:15.000Z","updated_at":"2025-01-07T06:27:23.000Z","dependencies_parsed_at":"2024-02-08T15:54:37.570Z","dependency_job_id":"0d661874-1c15-4dec-a940-0907563f3d24","html_url":"https://github.com/graybrace/fastify-aws-jwt-verify","commit_stats":null,"previous_names":["graybrace/fastify-aws-jwt-verify"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graybrace%2Ffastify-aws-jwt-verify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graybrace%2Ffastify-aws-jwt-verify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graybrace%2Ffastify-aws-jwt-verify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graybrace%2Ffastify-aws-jwt-verify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graybrace","download_url":"https://codeload.github.com/graybrace/fastify-aws-jwt-verify/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248657854,"owners_count":21140843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-cognito","fastify","fastify-plugin"],"created_at":"2024-09-30T15:07:09.966Z","updated_at":"2025-04-13T02:37:11.223Z","avatar_url":"https://github.com/graybrace.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# fastify-aws-jwt-verify\nFastify plugin wrapper around [aws-jwt-verify](https://github.com/awslabs/aws-jwt-verify) for JWT authentication/authorization with AWS Cognito\n\nThe options provided to the plugin registration are passed directly to `CognitoJwtVerifier.create` with helpers for ease of reuse.\n\n## Install\n```\nnpm i fastify-aws-jwt-verify\n```\n\n## Usage\nRegister as a plugin, providing the following options:\n\n### `tokenProvider`\nEither use a built-in method for extracting the JWT token from a request or provide your own\n\n#### Built-in method(~~s~~)\n- **`Bearer`**: Follow the Bearer Authorization scheme, where the token is provided via the `Authorization` header with value `Bearer \u003cTOKEN\u003e`\n\n#### Custom token provider\nAccept the `FastifyRequest` object and return the extracted `string` token, e.g.\n\n```typescript\nawait fastify.register(FastifyAwsJwtVerify, {\n  tokenProvider: req =\u003e {\n    if ('X-Auth-Token' in req.headers) {\n      return req.headers['X-Auth-Token']\n    } else {\n      throw new Unauthorized(\"Missing 'X-Auth-Token' header\")\n    }\n  },\n  userPoolId: 'user-pool-id'\n})\n```\n\n### User pool options\nPlugin configuration supports scenarios for both a single user pool or multiple potential user pools.\n\n#### Single user pool\nFor a single user pool, set verifier fields in the top-level plugin configuration object, e.g.\n\n```typescript\nawait fastify.register(FastifyAwsJwtVerify, {\n  clientId: 'app-client-id',\n  tokenProvider: 'Bearer',\n  tokenUse: 'access',\n  userPoolId: 'user-pool-id'\n})\n```\n\nFor complete set of options, see the [aws-jwt-verify package documentation](https://github.com/awslabs/aws-jwt-verify/tree/main?tab=readme-ov-file#cognitojwtverifier-verify-parameters)\n\n#### Multiple user pools\nFor multiple user pools, set verifier fields in the `pools` field of the plugin configuration, e.g.\n\n```typescript\nawait fastify.register(FastifyAwsJwtVerify, {\n  pools: [\n    {\n      clientId: 'app-client-id-1',\n      tokenUse: 'access',\n      userPoolId: 'user-pool-1'\n    },\n    {\n      clientId: 'app-client-id-2',\n      tokenUse: 'access',\n      userPoolId: 'user-pool-2'\n    }\n  ],\n  tokenProvider: 'Bearer'\n})\n```\n\nFor complete set of options, see the [aws-jwt-verify package documentation](https://github.com/awslabs/aws-jwt-verify/tree/main?tab=readme-ov-file#cognitojwtverifier-verify-parameters)\n\n### Request handlers\nRegistering the plugin on its own does not require authentication/authorization on any route. Three decorators are provided to simplify attaching handlers.\n\n#### `auth.require(options?: FastifyAwsJwtVerifyOptions)`\nIf no options provided, requires authorization based on the options provided at plugin registration time. This is the simplest usage.\n```typescript\nfastify.addHook('onRequest', fastify.auth.require())\n```\nIf any option is provided, it overrides the corresponding option in the base plugin configuration options. (*Note: Providing the `pools` field here overrides the entire `pools` field in the base options.*)\n```typescript\nfastify.addHook('onRequest', fastify.auth.require({\n  groups: [ 'Administrators', 'Moderators' ]\n}))\n```\n\n#### `auth.client(...clientIds: string[])`\nSpecify allowed client IDs in place of the base configuration options, e.g.\n```typescript\nfastify.addHook('onRequest', fastify.auth.client( 'app-client-1', 'app-client-2' ))\n```\nThis is semantically equivalent to\n```typescript\nfastify.addHook('onRequest', fastify.auth.require({\n  clientId: [ 'app-client-1', 'app-client-2' ]\n}))\n```\n\n#### `auth.groups(...groups: string[])`\nSpecify allowed groups in place of the base configuration options, e.g.\n```typescript\nfastify.addHook('onRequest', fastify.auth.groups( 'Administrators', 'Moderators' ))\n```\nThis is semantically equivalent to\n```typescript\nfastify.addHook('onRequest', fastify.auth.require({\n  groups: [ 'Administrators', 'Moderators' ]\n}))\n```\n\n### User payload\nUpon successful JWT verification, the request is decorated with the decoded user payload in the `user` field.\n```typescript\nfastify.post('/item', {\n  onRequest: fastify.auth.groups('Administrators')\n}, req =\u003e {\n  fastify.log.info(`User: ${req.user}`)\n  // Add item\n})\n```\n\n## Example\n```typescript\nconst fastify = Fastify()\n\nawait fastify.register(fp(fastifyAwsJwtVerifyPlugin), {\n    clientId: 'app-client-1',\n    tokenProvider: 'Bearer',\n    tokenUse: 'access',\n    userPoolId: 'user-pool-1'\n})\n\n// No authorization required\nawait fastify.get('/', req =\u003e { /** Handle request **/ })\n\n// Require authorization based on registration options\nawait fastify.get('/account', {\n  onRequest: fastify.auth.require()\n}, req =\u003e { /** Handle request **/ })\n\n// Administrators group membership required\nawait fastify.post('/item', {\n  onRequest: fastify.auth.groups('Administrators')\n}, req =\u003e { /** Handle request **/ })\n```\n\n## License\nLicensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraybrace%2Ffastify-aws-jwt-verify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraybrace%2Ffastify-aws-jwt-verify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraybrace%2Ffastify-aws-jwt-verify/lists"}