diff --git a/apps/backend/src/routes/auth.ts b/apps/backend/src/routes/auth.ts
index 3340021b..c14949e1 100644
--- a/apps/backend/src/routes/auth.ts
+++ b/apps/backend/src/routes/auth.ts
@@ -57,8 +57,7 @@ export async function authRoutes(app: FastifyInstance) {
   // GitHub OAuth callback
   app.get('/github/callback', async (request: FastifyRequest<{ Querystring: OAuthCallbackQuery }>, reply: FastifyReply) => {
     const { code, state } = request.query;
-    const storedState = (request.cookies as any)?.oauth_state;
-
+    const storedState = request.cookies?.oauth_state;
     if (!state || !storedState || state !== storedState) {
       return reply.status(400).send({ error: 'Invalid or missing OAuth state — possible CSRF attack' });
     }
@@ -183,7 +182,8 @@ export async function authRoutes(app: FastifyInstance) {
   // Google callback
   app.get('/google/callback', async (request: FastifyRequest<{ Querystring: OAuthCallbackQuery }>, reply: FastifyReply) => {
     const { code, state } = request.query;
-    const storedState = (request.cookies as any)?.oauth_state;
+
+    const storedState = request.cookies?.oauth_state;
     if (!state || !storedState || state !== storedState) {
       return reply.status(400).send({ error: 'Invalid or missing OAuth state — possible CSRF attack' });
     }
diff --git a/apps/backend/src/types/fastify.d.ts b/apps/backend/src/types/fastify.d.ts
new file mode 100644
index 00000000..8e7aee95
--- /dev/null
+++ b/apps/backend/src/types/fastify.d.ts
@@ -0,0 +1,8 @@
+import '@fastify/cookie';
+import { FastifyRequest } from 'fastify';
+
+declare module 'fastify' {
+  interface FastifyRequest {
+    cookies: Record<string, string | undefined>;
+  }
+}