jwt icon indicating copy to clipboard operation
jwt copied to clipboard
verified publisher icon nestjs

perf: Allow `secret` and `publicKey` options to be `crypto.KeyObject` (2x to 50x faster calls)

Open dbaty opened this issue 6 months ago • 0 comments

PR Checklist

Please check if your PR fulfills the following requirements:

  • [x] The commit message follows our guidelines: https://github.com/nestjs/nest/blob/master/CONTRIBUTING.md
  • [x] Tests for the changes have been added (for bug fixes / features)
  • [x] Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

  • [x] Feature
  • [x] Performance

Current and new behaviors

When JwtService is initialized with publicKey as a string or Buffer, verify() and verifyAsync() pass it to "jsonwebtoken.verify()", which creates an instance of crypto.KeyObject from it via crypto.createPublicKey(). This is not free. Initializing publicKey with a KeyObject avoids this transformation in "jsonwebtoken". On my laptop, it makes verify twice faster.

The same goes for secret, used in sign(), verify() and their asynchronous variants. Initializing with a KeyObject (built via crypto.createSecretKey) makes these functions ~50 times faster.

See also auth0/node-jsonwebtoken#966, which reports similar gains.

Does this PR introduce a breaking change?

  • [ ] Yes
  • [x] No

Other information

I tentatively updated the README. Suggestions are most welcome! :) (Note that this README links to jsonwebtoken own README, which has yet to be updated (see aforementioned issue).).

dbaty avatar Jun 11 '25 06:06 dbaty