
How can i set scope authorization for a route in fastify and check user has access to that route or not with Node.js

i want to put some paramter in authenticate method like this

onRequest: [fastify.authenticate('scope')]

but i dont know how can i implement that

this is my code

      onRequest: [fastify.authenticate],
    async (req, reply) => {
      sem.take(async () => {
        let _news = createNews(req.body);
        if (_news) await generate(_news);

and this is my jwt class

import fjwt from "@fastify/jwt";
import buildGetJwks from "get-jwks";

export default function register(fastify) {
  const getJwks = buildGetJwks({
    providerDiscovery: false,
    jwksPath: ".well-known/openid-configuration/jwks",

  fastify.register(fjwt, {
    decode: { complete: true },
    secret: (request, token) => {
      const {
        header: { kid, alg },
        payload: { iss },
      } = token;
      return getJwks.getPublicKey({ kid, domain: iss, alg });
    formatUser: function (user) {
      return {
        scope: user.scope,

  fastify.decorate("authenticate", async function (request, reply) {
    try {
      const token = await request.jwtDecode();
      await request.jwtVerify();
    } catch (err) {

this is working now and validate accesstoken with my identity server but i want to authorization user


  • This is a pure JavaScript question.

    Let's break the code:

    In the following code, fastify.authenticate returns a function that is a onRequest hook
          onRequest: [fastify.authenticate],
        async (req, reply) => { }

    Now, let's examine the fastify.authenticate getter. It has a value equal to the async function, so you may execute it, but the request and reply objects are not present.

      fastify.decorate("authenticate", async function (request, reply) {
        // ...

    But, if you change the authenticate decorator to a factory function:

      fastify.decorate("authenticate", function (scope) {
        return scopedHook;
        async function scopedHook (request, reply) {
          const token = await request.jwtDecode();
          if (!token.payload.scope.includes(scope)) {
            throw new Error("Unauthorized");
          await request.jwtVerify();

          onRequest: [fastify.authenticate('my-scope')],
        async (req, reply) => { }