❗ UPDATE: this request already has a PR, the plan is described in this comment in the PR. Please follow that plan to complete this change.

I've just checked the code and can't really see how it's specific to Auth0. It just looks like a spec-compliant package so it should work with any spec-compliant id server as far as I can see (the main spec here being RFC7517 or JWK). Right?

I'm considering using this package on an open source API server, and I don't want operators to be tied to Auth0, which is why I wanted to check.

Thanks for creating this library! I just added it to my API to verify auth0 tokens and running into an issue with jest:

Jest has detected the following 1 open handle potentially keeping Jest from exiting:

  ●  DNSCHANNEL

      at new CacheableLookup (node_modules/cacheable-lookup/source/index.js:75:14)
      at Object.<anonymous> (node_modules/fastify-auth0-verify/node_modules/got/dist/source/core/index.js:32:24)
      at Object.<anonymous> (node_modules/fastify-auth0-verify/node_modules/got/dist/source/as-promise/types.js:14:16)

Implementation is as described in the readme:

app.register(require('fastify-auth0-verify'), {
  domain: auth0.domain,
  audience: auth0.audience,
  secret: auth0.clientSecret
})

route:

module.exports = function (fastify, opts, next) {
  fastify.route({
    method: 'GET',
    url: '/',
    preValidation: fastify.authenticate,
    schema: {
      query: querySchema,
      response: {
        200: bodySerialization
      }
    },
    handler: async (request, reply) => {})
    next()
}

test.js

const fastify = require('../../../app')
const { agent } = require('../../auth')

let token
beforeAll(async () => {
  token = await agent()
})
afterAll(() => {
  fastify.close()
})

describe('GET /', () => {
  it('should return', async () => {
    const response = await fastify.inject({
      method: 'GET',
      headers: {
        Authorization: `Bearer ${token}`
      },
      url: '/'
    })
    expect(response.statusCode).toEqual(200)
  })
})

Check if it is possible to replace the Node-Cache with the internal caching of fastify-jwt

Pending commits since release v1.0.0

Unreleased commits have been found which are pending release, please publish the changes.

• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Hi! I am working on a Next.js SPA which talks to a backend API written in Fastify. I'm using the nextjs-auth0 library to store the JWT in a cookie which is also sent to the API. However, once the JWT expires, fastify-jwt library causes requests to fail by throwing "Authorization token expired." According to the maintainers of nextjs-auth0, it is safe to ignore the exp value: auth0/nextjs-auth0#538. So my users are logged into the next.js app, and able to retrieve their profiles, but the API endpoint is not able to validate their requests any longer. Is there a way for me to override the rule in fastify-jwt that a jwt must not have expired? I know that sounds kind of crazy, but it would be much more work for me to refresh the token on my own.

You can see how I am using the next.js library to extract the token from the request so this library can pick it up:

import { initAuth0 } from '@auth0/nextjs-auth0';
const auth = initAuth0();

app.register(require('fastify-auth0-verify'), {
  domain: process.env.AUTH0_ISSUER_BASE_URL,
  secret: process.env.AUTH0_SECRET,
  extractToken: (request: any) => {
    const session = auth.getSession(request, {} as any);
    return session?.idToken;
  }
});

Any guidance on how I should be approaching this is helpful. Thanks!

It would be helpful if a Typescript import syntax example and how to use is shown.

Currently this type shows an error since the decode function expects a string as the first param. It should be something like this, which is similar to how fastify-jwt declares it's functions:

import type { DecodeOptions } from "jsonwebtoken"

type JWTDecodedType = Record<string, unknown> | string

# ...
jwtDecode<Decoded extends JWTDecodedType>(options?: DecodeOptions): Decoded

Minor update - the message should contain a tag #fastifyjs and @fastifyjs

Pending commits since release v0.5.1

Unreleased commits have been found which are pending release, please publish the changes.

• 646f3ec chore(deps-dev): Bump tsd from 0.16.0 to 0.17.0 (#136)
• 4de4bee Merge pull request #135 from nearform/fix/notify-release
• 05384c6 fix: notify release

Issue generated by github-actions-notify-release.

import auth0Verify from 'fastify-auth0-verify';
server.register(auth0Verify, {
    domain: "...",
  });

Yields this warning:

FastifyDeprecation: You are decorating Request/Reply with a reference type. This reference is shared amongst all requests. Use onRequest hook instead. Property: auth0Verify

Anyone following the readme and using:

    "fastify": "^3.2.1",

Might encounter this.

I came across some outdated and/or incorrect types, creating this issue to link some PRs to it. What's missing is the type definition for cookie and the support for string[] as issuer.

In

You can just attach a statusCode of 500 instead of wrapping the exception. This will not remove the stacktrace.

Hello,

I am unsure how this should be filed. I would like to suggest something for consideration.
In my opinion, It would be awesome if README.md or another document included jest mocking examples. There are mocks included with the sources, yet no good examples for developers writing tests for routes utilizing your library and authenticate.

Thank you.

Hey fastify / nearform team. Just gave this a try from my custom jwt setup and it works great.

The only thing missing is the ability to have multiple issuers or audiences in the verification process. It this open for implementation? Is in place with fastify-jwt

Use case should be clear, but for example I have an API with this verification logic in it, but I have several auth0 clients that speak to it. Or I have an admin api that I use for impersonation that forces the client_id as the audience.

My previous setup was:

const FastifyJWT = require("fastify-jwt");
const JwksRsa = require("./util/jwks.js");

...
fastify.register(FastifyJWT, {
    secret: JwksRsa({
      cache: true,
      rateLimit: false,
      jwksRequestsPerMinute: 100, // Default value
      cacheMaxEntries: 50, // Default value
      cacheMaxAge: Ms("10h"), // Default value
      jwksUri: Config.auth.jwksUri
    }),
    verify: {
      algorithms: ["RS256"],
      audience: Config.auth.audience,
      issuer: [`https://${Config.auth.domain}/`, `https://${Config.auth.domain2}/`]
    },
    decode: {
      complete: true
    }
});

And now:

const FastifyAuth0Verify = require("fastify-auth0-verify")

...
fastify.register(FastifyAuth0Verify, {
    secret: Config.auth.clientSecret,
    domain: `https://${Config.auth.domain}/`,
    audience: Config.auth.audience,
    secretsTtl: 10 * 60 * 60 * 1000 // 10hr
})

So the only real feature missing here is the array of issuers and audiences.

Pending commits since release v1.0.0

Unreleased commits have been found which are pending release, please publish the changes.

• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• This notification will be snoozed and a new issue will be recreated after 7 days have passed.

Issue generated by github-actions-notify-release.

Pending commits since release v0.8.2

Unreleased commits have been found which are pending release, please publish the changes.

• e49d09d chore(deps-dev): Bump tsd from 0.23.0 to 0.24.0 (#239)

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Based on the following commits, a minor release is recommended.

Unreleased commits have been found which are pending release, please publish the changes.

• 1929df5 feat: update notify-release config (#261)
• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Unreleased commits have been found which are pending release, please publish the changes.

• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Unreleased commits have been found which are pending release, please publish the changes.

• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Unreleased commits have been found which are pending release, please publish the changes.

• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Would that be interesting to have a formatUser optional property when registering this plugin to configure @fastify/jwt under the hoods? I could try to provide a PR for such.

Pending commits since release v0.5.0

Unreleased commits have been found which are pending release, please publish the
changes.

• c88a274
  chore(deps): Bump fastify/github-action-merge-dependabot (#134)
• a14616f
  Merge pull request #130 from nearform/dependabot/npm_and_yarn/jest-27.0.3
• 9889362
  fix: async test to comply with jest 27
• 60721a3
  chore(deps-dev): Bump jest from 26.6.3 to 27.0.3
• b6aa4c3
  Merge pull request #132 from nearform/dependabot/npm_and_yarn/fastify-jwt-3.0.0
• 7f4cfe1
  chore(deps): Bump fastify-jwt from 2.5.0 to 3.0.0
• 9bf6801
  chore(deps-dev): Bump tsd from 0.15.1 to 0.16.0 (#131)
• 6a1c6fa
  chore(deps-dev): Bump fastify from 3.16.2 to 3.17.0 (#129)
• d26f86d
  chore(deps-dev): Bump eslint-plugin-import from 2.23.3 to 2.23.4 (#128)
• 3826a20
  chore(deps): Bump ws from 7.4.0 to 7.4.6 (#127)
• 2aa203e
  chore(deps): Bump actions/cache from 2.1.5 to 2.1.6 (#124)
• ce93ac0
  chore(deps): Bump nearform/github-action-notify-release (#125)
• 9b8b1cf
  chore(deps): Bump fastify/github-action-merge-dependabot (#123)
• cf93ddd
  chore(deps-dev): Bump typescript from 4.2.4 to 4.3.2 (#122)
• 97c0131
  chore(deps-dev): Bump fastify from 3.16.1 to 3.16.2 (#121)
• 8c8f44f
  Merge pull request #120 from nearform/ci/github-actions-release-notify
• b5610b6
  ci: add github-actions-release-notify
• 8e57b0d
  chore(deps-dev): Bump eslint-plugin-promise from 4.3.1 to 5.1.0 (#119)
• d56c7ca
  chore(deps-dev): Bump fastify from 3.15.1 to 3.16.1 (#118)
• cb38bc2
  chore(deps-dev): Bump eslint-config-standard from 16.0.2 to 16.0.3 (#116)
• 9f7f370
  chore(deps-dev): Bump eslint from 7.26.0 to 7.27.0 (#115)
• 2ff6ae7
  chore(deps): Bump fastify-jwt from 2.4.0 to 2.5.0 (#114)
• ac53419
  chore(deps-dev): Bump eslint-plugin-import from 2.23.2 to 2.23.3 (#113)
• 526599c
  chore(deps-dev): Bump eslint-plugin-import from 2.22.1 to 2.23.2 (#112)
• b9b08ac
  chore(deps-dev): Bump tsd from 0.15.0 to 0.15.1 (#111)
• 2ad19d6
  chore(deps-dev): Bump tsd from 0.14.0 to 0.15.0 (#110)
• 62a75d7
  chore(deps): Bump lodash from 4.17.19 to 4.17.21 (#109)
• 0d34df7
  chore(deps): Bump hosted-git-info from 2.8.5 to 2.8.9 (#108)
• c6832b5
  Merge pull request #106 from nearform/dependabot/npm_and_yarn/prettier-2.3.0
• f21f151
  chore(deps-dev): Bump eslint from 7.25.0 to 7.26.0 (#107)

Issue generated by
github-actions-notify-release.

Pending commits since release v0.7.0

Unreleased commits have been found which are pending release, please publish the changes.

• ca3b17d Revert "Release v0.7.1 (#203)"
• 4b0830c Release v0.7.1 (#203)
• e6284ea chore(deps-dev): Bump tsd from 0.19.1 to 0.20.0 (#195)
• 08a7735 Revert "Release v0.7.1 (#202)"
• 4ab1a06 Release v0.7.1 (#202)
• bf9bd3c chore: reverted the version back to 0.7.0
• 6409942 Release v0.7.2 (#201)
• ea91f28 Merge pull request #197 from wilkmaia/master
• 6e6973a Release v0.7.1 (#200)
• dbe4619 chore: updated twitter message (#198)
• ae00401 chore: set setup-node action version to v3
• 5d420d7 chore(deps): Bump actions/setup-node from 3.0.0 to 3.1.0 (#196)
• 4fe2e11 feat: added notify twitter workflow (#194)
• b6ba3c0 chore(deps): Bump actions/checkout from 2 to 3 (#192)
• f94af9d chore(deps): Bump actions/setup-node from 2 to 3.0.0 (#191)
• 14d26c9 Merge pull request #190 from nearform/check_linked_issue_v1.2
• 4cf8b91 fix: updating pull request event
• e345cef chore: create .github/workflows/check-linked-issues.yml
• 1b17e53 chore: use major version of notify release action
• 9597962 chore(deps): Bump nearform/github-action-notify-release (#188)
• f97ccee Merge pull request #182 from nearform/dependabot/github_actions/fastify/github-action-merge-dependabot-3.0.2
• 471cc75 chore(deps): Bump http-errors from 1.8.1 to 2.0.0 (#187)
• a88fec9 chore: use major version of release action
• 481b401 chore(deps): Bump nearform/optic-release-automation-action (#185)
• 33f5786 chore: Updated release.yml to use the new token naming convention (#183)
• a9398b1 chore: update merge action
• c39b451 chore(deps): Bump fastify/github-action-merge-dependabot
• 7b0471f chore(deps-dev): Bump tsd from 0.18.0 to 0.19.0 (#167)
• 71eb57b Merge pull request #181 from nearform/dependabot/github_actions/fastify/github-action-merge-dependabot-2.7.1
• ea0e891 chore(deps): Bump fastify/github-action-merge-dependabot

Issue generated by github-actions-notify-release.

On the Auth0 website it says:

API to accept RS256 signed tokens

and I have my app configured to use RS256 and see the alg as RS256 in the well known keys response; however, when I send a request with token to the endpoint /verify from the sample.

I see the Authorization header such as: Authorization: Bearer YxEyRxe6DtnO_9FWVP_sTkATVFyyXI91
This YxEyRxe6DtnO_9FWVP_sTkATVFyyXI91 doesn't look correct to me, I expected something like eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Is this token in the correct expected format for this plugin to verify it?
I'm thinking it is not in RS256 which is why it keeps returning 401 invalid.

I do see the proper format of id_token when fetching from the /token endpoint but the access_token seems wrong.

I'm assuming Auth0 is configured by default to be correct and somehow I have fastify-auth0-verify plugin misconfigured. I have the domain and audience configured and thought it whould work by default with the types of tokens Auth0 issues.

Any ideas?

The dependabot tried to update the library to use the latest version of fastify-jwt v4 but was unsuccessful. The main issue is that the token verification process is not compatible with the fast-jwt verify method.

This issue needs to be investigated if it is possible to solve within this library or the fix needs to be done on fast-jwt.

If the issue is fixed in fast-jwt library that will require release of fastify-jwt as well.

Pending commits since release v0.8.0

Unreleased commits have been found which are pending release, please publish the changes.

• 841df5e remove optional github token (#233)
• 91efeb8 chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.1 (#230)
• 1bc8e8e chore(deps-dev): Bump tsd from 0.22.0 to 0.23.0 (#232)
• db49987 chore(deps-dev): Bump jest from 28.1.3 to 29.0.0 (#231)
• 076e1d1 chore(deps): Bump @fastify/cookie from 7.4.0 to 8.0.0 (#227)
• 93944d3 fix unit tests after @fastify/jwt are of @fastify/error with code (#228)
• df43876 chore(deps): Bump fastify-plugin from 3.0.1 to 4.0.0 (#225)
• f57bba7 chore(deps-dev): Bump tsd from 0.21.0 to 0.22.0 (#222)
• 37962e4 chore(deps): Bump nearform/optic-release-automation-action from 2 to 3 (#221)

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Unreleased commits have been found which are pending release, please publish the changes.

• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Pending commits since release v1.1.0

Based on the following commits, a patch release is recommended.

Unreleased commits have been found which are pending release, please publish the changes.

• b498007 fix: Allow `issuer` to be a regex (#279)
• c64c04e switch the org for github-action-notify-release (#280)
• 972babd switch the org and fix permissions for github-action-notify-release (#278)
• a687675 ci: update check-linked-issues job permissions (#276)
• 3eb6546 switch the org for optic-release-automation-action (#275)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Hi Team,
Thank you for your contribution on creating the plugin for Auth0.
I was able to add plugin to verify but is there any method to implement custom login using the plugin?

The current code is asking the remote secret for every request: this is going to be expensive for production systems, and possibly unneeded.

Do we know how much time it is valid for?
Can we cache it?

Pending commits since release v1.0.0

Based on the following commits, a minor release is recommended.

Unreleased commits have been found which are pending release, please publish the changes.

• 1929df5 feat: update notify-release config (#261)
• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Based on the following commits, a minor release is recommended.

Unreleased commits have been found which are pending release, please publish the changes.

• 1929df5 feat: update notify-release config (#261)
• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Does this library suffer from not handling timeouts like the web browser version (whatwg/fetch#20)? Might it be better to use a Node native module like got?

This options is not defined in the example. Shouldn't the example be copy and paste-able as-is?

Pending commits since release v1.1.0

Based on the following commits, a patch release is recommended.

Unreleased commits have been found which are pending release, please publish the changes.

• c64c04e switch the org for github-action-notify-release (#280)
• 972babd switch the org and fix permissions for github-action-notify-release (#278)
• a687675 ci: update check-linked-issues job permissions (#276)
• 3eb6546 switch the org for optic-release-automation-action (#275)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

We have a pending release to do which, among other things, includes the v2 major of fast-jwt.

Let's figure out what impact that has on this package and plan the next release accordingly.

See #243

As titled

Hi!

v0.4.1 is available on GitHub releases(/git tag), but only 0.4.0 is available via npm.

Can you please push 0.4.1 to npm?

Thanks!

When implementing and testing the package in our project an unexpected error response & statuscode was observed.

I tried a few different use cases to observe what the application would be returning.

Basic JWT Token

When sending a basic dummy jwt token taken from jwt.io looking like this.

// Header
{
  "alg": "HS256",
  "typ": "JWT"
}

// Payload
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

It responds with the object below which is a perfectly valid response. (note no kid is present in the request token header here)

{
    "statusCode": 401,
    "error": "Unauthorized",
    "message": "Authorization token is invalid: secret or public key must be provided"
}

Invalid Issuer

I then sent a token that contained my regular auth0 domain as the issuer while the app was registered with my custom domain as the issuer.
The token looked like this

// Header
{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "<kid>"
}

// Payload
{
  "iss": "https://<tenant>.eu.auth0.com/",
  "sub": "<subject>",
  "aud": "<api audience>,
  "iat": 1618481452,
  "exp": 1618567852,
  "azp": "<party>",
  "gty": "client-credentials"
}

The response was the object below, again a valid response (a bit more info as to why the token was invalid might've been nice but was pretty easily found by adding some log statements to the file)

{
    "statusCode": 401,
    "error": "Unauthorized",
    "message": "Invalid token."
}

Token from a different tenant

However this is the part where it get's weird. When sending a request to the API using a token granted by a different tenant like the one posted below.

// Header
{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "<kid>"
}

// Payload

{

  "iss": "<other tennant>",
  "sub": "<subject>",
  "aud": "<other api audience>,
  "iat": 1618230875,
  "exp": 1618317275,
  "azp": "<party>",
  "gty": "client-credentials"
}

The response given is

{
    "statusCode": 500,
    "error": "Internal Server Error",
    "message": "Something went wrong"
}

and the log saying No matching key found in the set. Error: No matching key found in the set.

From looking at what's happening it seems like it goes and searches the domain specified in the app.register(fastifyAuth0Verify, {}) for a key with the kid from the token header.

However as this kid will not be present in the <domain>/.well-known/jwks.json it is unable to find a key.

in the index.js file this snippet can be found

 if (!key) {
      // Mark the key as missing
      cache.set(cacheKey, null)
      throw new Error(errorMessages.missingKey)
    } 

key will in fact be undefined as the jwks.json does not contain a key with the specified kid. The throw error causes it to go into the error handling. Which in turn sets the status to 500 and throws the InternalServerError

catch (e) {
    if (e.response) {
      throw InternalServerError(`${errorMessages.jwksHttpError}: [HTTP ${e.response.status}] ${JSON.stringify(e.body)}`)
    }

    e.statusCode = 500
    throw e
  }

InternalServerError does not seem fitting here as it is not unclear as to why the request can't be fulfilled as there is no private or public key available.

A more appropriate response here would be a 401 as the request itself was valid, just the token used is not authorized for this API.

When testing the same flow against the express-jwt package used in a different project it returns a 401 with the following message: UnauthorizedError: secret or public key must be provided.

This is the behaviour I would expect from this flow as well.

Is there a chance of this being improved upon as a more appropriate response would be appreciated.

The fastify-jwt library, which is used in this project, has an option to define the name of the JWT cookie (see https://github.com/fastify/fastify-jwt#example-using-cookie). This cookie is used to get the JWT, if no Authorization header is provided.
I would like to have this option in fastify-auth0-verify as well. I think would be easy to implement - I could create a PR for this. WDYT?

Pending commits since release v0.8.3

Unreleased commits have been found which are pending release, please publish the changes.

• c2f5214 fix: filter ci executions against pushes to master only
• 2a3ae96 chore: nvmrc content to lts/* (#245)
• 32408f7 chore(deps-dev): Bump fast-jwt from 1.7.2 to 2.0.0 (#249)
• ca5937b chore(deps): Bump nearform/optic-release-automation-action from 3 to 4 (#248)
• c36ed9e chore: release trigger added to notify-release workflow (#246)
• c6135eb Update github-action-merge-dependabot back to master
• 15da9cd Update github-action-merge-dependabot to pre release (#240)

If you close the issue as Not Planned

• This notification will be snoozed and a new issue will be recreated after stale-days have passed.

Issue generated by github-actions-notify-release.

Pending commits since release v0.6.0

Unreleased commits have been found which are pending release, please publish the changes.

• df3645c chore(deps): Bump fastify/github-action-merge-dependabot (#174)
• 9f8f03f chore(deps): Bump actions/setup-node from 2.4.1 to 2.5.0 (#173)
• ef98fb7 Merge pull request #169 from nearform/dependabot/github_actions/actions/cache-2.1.7
• f98f80e chore(deps): Bump actions/cache from 2.1.6 to 2.1.7
• 7efebea chore(deps): Bump fastify/github-action-merge-dependabot (#168)
• ac204c9 chore(deps-dev): Bump eslint from 7.32.0 to 8.2.0 (#166)
• c916433 chore(deps): Bump actions/checkout from 2.3.5 to 2.4.0 (#165)
• 9ca44fc chore(deps): Bump actions/checkout from 2.3.4 to 2.3.5 (#161)
• 1d0e6a1 chore(deps-dev): Bump tsd from 0.17.0 to 0.18.0 (#159)
• 9e0feaf Merge pull request #158 from ruanmartinelli/patch-1
• 71d6429 fix: add missing end of code block on readme

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Based on the following commits, a minor release is recommended.

Unreleased commits have been found which are pending release, please publish the changes.

• 1929df5 feat: update notify-release config (#261)
• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

Add Notify Twitter workflow that will push a tweet to @NearFormOSS upon successful release.

Pending commits since release v0.7.4

Unreleased commits have been found which are pending release, please publish the changes.

• b981acf chore(deps-dev): Bump tsd from 0.20.0 to 0.21.0 (#219)
• 6a3b032 chore: deleted 'notify-twitter' workflow

Issue generated by github-actions-notify-release.

Pending commits since release v0.5.2

Unreleased commits have been found which are pending release, please publish the changes.

• 508db1a Merge pull request #155 from nearform/jwtDecode_type-fix
• 0329481 Added string to the return types
• a59883e Added 'tsd' execution to the 'ci' script
• 18d4c9e Removed unnecessary type
• 105285b Fixing type definition for jwtDecode (#144)
• bf7a3da chore(deps): Bump actions/setup-node from 2.4.0 to 2.4.1 (#154)
• b4763c6 chore(deps): Bump fastify/github-action-merge-dependabot (#153)
• 9451414 chore(deps-dev): Bump eslint-plugin-prettier from 3.4.1 to 4.0.0 (#151)
• 08f69ce chore(deps): Bump fastify/github-action-merge-dependabot (#150)
• 5d0bbfc chore(deps): Bump fastify/github-action-merge-dependabot (#149)
• b07bc00 chore(deps): Bump actions/setup-node from 2.3.2 to 2.4.0 (#148)
• 453b759 chore(deps): Bump actions/setup-node from 2.3.1 to 2.3.2 (#147)
• 70cd8cd chore(deps): Bump actions/setup-node from 2.2.0 to 2.3.1 (#146)
• 60752d5 chore(deps): Bump fastify/github-action-merge-dependabot (#142)
• 72650fb chore(deps): Bump actions/setup-node from 2.1.5 to 2.2.0 (#141)
• 15bccdb chore(deps): Bump nearform/github-action-notify-release (#138)

Issue generated by github-actions-notify-release.

Pending commits since release v1.0.0

Based on the following commits, a minor release is recommended.

Unreleased commits have been found which are pending release, please publish the changes.

• 1929df5 feat: update notify-release config (#261)
• fa5c796 chore(deps-dev): Bump tsd from 0.24.1 to 0.25.0 (#254)

If you close the issue as Not Planned

• The notification will be snoozed for 7 days, starting when the issue is closed. After this period has passed, a new notification issue will be created the next time this action is run.

Issue generated by github-actions-notify-release.

The release fails with the following error:

Error: Unable to publish to npm: npm publish --otp 720449 --tag latest returned code 127 and signal null
STDOUT: 
> [email protected] prepublishOnly
> npm run ci


> [email protected] ci
> npm run lint && jest --coverage --ci --coverageReporters=json && tsd


> [email protected] lint
> eslint index.js test.js


STDERR: sh: 1: eslint: not found
npm ERR! code 127
npm ERR! path /home/runner/work/fastify-auth0-verify/fastify-auth0-verify
npm ERR! command failed
npm ERR! command sh -c npm run ci

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2022-04-07T15_14_25_952Z-debug-0.log

The reason is that npm install is not run before running npm run ci step. To solve this issue a custom build step needs to be added to the release workflow.