Does Fastify Work With Lucia?

Fully CompatibleLast verified: 2026-02-26

Fastify and Lucia integrate seamlessly for session-based authentication with minimal boilerplate and excellent performance.

Quick Facts

Compatibility

full

Setup Difficulty

Easy

Official Integration

No — community maintained

Confidence

high

Minimum Versions

Fastify: 4.0.0

Lucia: 2.0.0

How Fastify Works With Lucia

Fastify and Lucia work together naturally because Lucia is framework-agnostic and provides middleware-compatible session handling. You register Lucia's session middleware as a Fastify plugin, typically using `@lucia-auth/lucia` with adapter-specific session storage (PostgreSQL, MongoDB, etc.). The integration points are clean: Fastify's request context receives the session object and user data automatically, allowing you to access `request.user` and `request.session` throughout your routes. Lucia handles session validation, renewal, and cleanup, while Fastify handles HTTP lifecycle management. The developer experience is smooth—you define authentication flows once and Fastify's dependency injection pattern keeps your route handlers clean. Performance is excellent since both frameworks prioritize low overhead; Lucia's lightweight session validation doesn't bottleneck Fastify's request processing.

Best Use Cases

→Building REST APIs with cookie-based session authentication

→Server-rendered applications with form-based login flows

→Microservices requiring lightweight session management across multiple instances with shared database

→Real-time applications using Fastify WebSockets with authenticated session context

Quick Setup

bash

npm install fastify @lucia-auth/lucia @lucia-auth/adapter-postgresql

typescript

import Fastify from 'fastify';
import { Lucia } from 'lucia';
import { PostgresqlAdapter } from '@lucia-auth/adapter-postgresql';
import pool from './db';

const adapter = new PostgresqlAdapter(pool, {
  user: 'auth_user',
  session: 'user_session'
});

const lucia = new Lucia(adapter, {
  sessionCookie: {
    attributes: {
      secure: process.env.NODE_ENV === 'production',
      httpOnly: true,
      sameSite: 'lax'
    }
  }
});

const app = Fastify();

app.get('/login', async (req, reply) => {
  const session = await lucia.createSession(userId, {});
  const sessionCookie = lucia.createSessionCookie(session.id);
  reply.setCookie(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
  reply.send({ ok: true });
});

app.listen({ port: 3000 });

Known Issues & Gotchas

critical

Session cookie SameSite and Secure flags need explicit Fastify configuration

Fix: Configure Fastify's cookie plugin with proper sameSite and secure settings matching your Lucia cookie config

warning

Lucia requires explicit session adapter setup (not included by default)

Fix: Install the appropriate adapter for your database (e.g., @lucia-auth/adapter-postgresql) and initialize it before creating the Lucia instance

warning

Cross-origin requests lose session cookies without proper CORS configuration

Fix: Register @fastify/cors with credentials: true and ensure your Lucia cookie domain/path matches your frontend domain

Alternatives

•Express.js with Passport.js—more established but heavier than Fastify/Lucia
•Next.js with NextAuth.js—full-stack framework with built-in auth, better for server-rendered apps
•Remix with remix-auth—opinionated framework coupling with session management

Resources

docsLucia Authentication Documentation docsFastify Official Documentation githubLucia Fastify Integration Example

Related Compatibility Guides

Ruby on Rails + Lucia NestJS + Lucia Fastify + PostgreSQL Fastify + UploadThing Fastify + Paddle Fastify + Prisma

Explore more compatibility guides

All Fastify combos All Lucia combos