Does Fastify Work With Auth.js?
Auth.js can work with Fastify, but it requires manual integration since there's no official Fastify adapter—you'll need to handle session management and callbacks yourself.
Quick Facts
How Fastify Works With Auth.js
Auth.js was built with Next.js in mind and ships with official adapters for Next.js, SvelteKit, and other frameworks. Fastify isn't officially supported, meaning you won't get the convenience of a pre-built integration. However, you can absolutely use Auth.js with Fastify by leveraging its core libraries—specifically `@auth/core` and session adapters. You'll need to manually create route handlers for `/api/auth/signin`, `/api/auth/callback`, and other auth endpoints, then wire them into Fastify using plugins or standard route registration. The approach involves instantiating Auth.js's handler function directly and adapting its request/response handling to Fastify's API. Session persistence works through adapter libraries (like Prisma or Drizzle adapters), which are framework-agnostic. The developer experience is less seamless than Next.js but completely viable for production applications. Most of the complexity stems from setting up the plumbing rather than Auth.js itself being incompatible.
Best Use Cases
Quick Setup
npm install fastify @auth/core @auth/prisma-adapter prisma @prisma/clientimport Fastify from 'fastify';
import { initAuthHandler } from '@auth/core';
import { PrismaAdapter } from '@auth/prisma-adapter';
import { PrismaClient } from '@prisma/client';
import GitHub from '@auth/core/providers/github';
const fastify = Fastify();
const prisma = new PrismaClient();
const authConfig = {
adapter: PrismaAdapter(prisma),
providers: [
GitHub({
clientId: process.env.GITHUB_ID,
clientSecret: process.env.GITHUB_SECRET,
}),
],
secret: process.env.NEXTAUTH_SECRET,
};
fastify.post('/api/auth/:action', async (request, reply) => {
const response = await initAuthHandler({
req: request.raw,
res: reply.raw,
...authConfig,
});
return response;
});
fastify.listen({ port: 3000 }, (err) => {
if (err) throw err;
console.log('Server running on http://localhost:3000');
});Known Issues & Gotchas
Auth.js expects web-standard Request/Response objects, but Fastify uses its own request/reply objects
Fix: Use @auth/core directly and wrap Fastify's request/reply into Web API Request/Response using libraries like `@fastify/request-response` or manual adaptation via NodeJS ReadableStream conversions
No official session serialization for Fastify—@fastify/session exists but isn't tested with Auth.js
Fix: Use a database-backed adapter (Prisma, Drizzle, TypeORM) instead of relying on Fastify's built-in session plugin
Auth.js callback routes must be manually registered; missing any will cause authentication to fail silently
Fix: Document all required routes (`/auth/signin`, `/auth/callback/[provider]`, `/auth/signout`) and test each provider flow end-to-end
CSRF protection differs between Next.js and Fastify; Auth.js token validation may not work automatically
Fix: Manually implement CSRF checks using Fastify plugins like `@fastify/csrf-protection` and align token handling with Auth.js expectations
Alternatives
- •Fastify + Passport.js: More mature Fastify integration, but requires manual session management and provider configuration
- •Express + Auth.js: Official support via NextAuth.js adapter ecosystem and similar setup to Fastify
- •Fastify + jsonwebtoken: Lightweight JWT-based auth without a full framework, lower-level control but more boilerplate
Resources
Related Compatibility Guides
Explore more compatibility guides