How to Add Authentication to Your Fastify REST API Using Auth0

Use Node.js, Fastify, and Auth0 to protect your REST API with OAuth 2.0

Photo by chris panas on Unsplash

The central part of my side project, Mini Video Encoder, is the workflow engine. The workflow engine is a REST API implemented using Node.js, Fastify, and MongoDB. I didn’t protect the API of the workflow engine. Currently, clients can call it anonymously. You will agree with me that every online API needs security. So I want to add authentication to the REST API.

There are a lot of options for adding authentication to your Fastify REST API. If possible, I prefer to use methods based on open standards. Thus, I’ll protect the API using OAuth 2.0. OAuth 2.0 is an industry-standard protocol for authorization. If you’re going to use OAuth 2.0 for your API, you have to install an OAuth 2.0 provider. I will use Auth0, a platform that provides authentication and authorization as a service.

OAuth 2.0 authentication using Auth0

With authentication, calling the API has to follow these steps:

1. Before the workflow client can access the API of the workflow engine, it has to have an access token. If Auth0 authenticates the…