mcollina/oauth
Implements OAuth 2.0/2.1 authorization flows in Fastify applications — configures authorization code with PKCE, client credentials, device flow, refresh token rotation, JWT validation, and token introspection/revocation endpoints. Use when setting up authentication, authorization, login flows, access tokens, API security, or securing Fastify routes with OAuth; also applies when troubleshooting token validation errors, mismatched redirect URIs, CSRF issues, scope problems, or RFC 6749/6750/7636/8252/8628 compliance questions.
94
95%
Does it follow best practices?
Impact
93%
1.40xAverage score across 5 eval scenarios
Passed
No known issues
task.mdevals/scenario-3/
Add OAuth Login to a Fastify Web App
Problem/Feature Description
A development team is building a customer portal using Fastify and TypeScript. The portal needs to allow users to log in via an external identity provider (such as Auth0 or Okta). The team lead has decided to use the industry-standard authorization code flow, which the identity provider supports. The auth server is already configured and running; its base URL is available as an environment variable AUTH_SERVER.
The team needs a complete OAuth plugin for Fastify that handles the login redirect, the callback endpoint, and session storage for the received tokens. They want a clean, maintainable plugin structure that fits naturally into a Fastify codebase with multiple plugins.
Output Specification
Produce a TypeScript implementation in the current directory with the following files:
package.jsonlisting all required dependenciesplugins/oauth.ts— the OAuth plugin registrationroutes/auth.ts— login callback and logout routes
Read the following environment variables from process.env:
CLIENT_ID,CLIENT_SECRET— OAuth app credentialsAUTH_SERVER— base URL of the authorization serverCALLBACK_URI— the callback URL registered with the identity provider
No need to start a server or connect to a live identity provider. Produce only the source files.