JWT Auth Bundle is slow. Requests to local server take over 3 seconds after installing.

I am using the JWT Auth Bundle with Symfony. It takes over 3 seconds for just one request.
I used Xdebug to do some profiling and the culprit is Auth0\SDK\Helpers\JWKFetcher->fetchKeys

Before using Auth0 I was using my own in-house JWT solution which was very fast. Is there a way to improve the performance of this bundle? It is unusable for me unless I can get sub-second response time, and I would of course prefer that it not make a call to auth0 servers if possible.

The delay is happening due to the fact that the call will fetch the public key in order to validate it, the SDK should cache this therefore any subsequent requests will not take this long. Alternatively, you can fetch the public key and store it in a file and use that file.

Thanks Abhishek.

the SDK should cache this

Unfortunately it is not caching it. Is there a setting to change to make this happen?

therefore any subsequent requests will not take this long. Alternatively, you can fetch the public key and store it in a file and use that file.

Would this mean writing my own version of the bundle? Or is there a setting or config that already implements this behavior?

I’m unfortunately at the point where I can’t wait much longer on this. My app was working without auth0 with my own code for handling JWT, and now it is not working due to the delay in fetching the public key. I can give this another couple of business days to resolve, but after that I have to consider auth0 to not be a viable solution. Any help is appreciated.

Hi tc1 my apologies the comment was added as an answer so I didn’t recieve notifications for it GitHub - auth0/auth0-PHP: PHP SDK for Auth0 Authentication and Management APIs. as mentioned on the SDK docs you can pass the cache parameter to the JWTVerifier, the SDK provides a FileSystem Cache out of the box.

Thanks for pointing me in the right direction. But I didn’t write the code that creates the JWTVerifier. Auth0 wrote that code in the jwt-auth-bundle. Here is the code https://github.com/auth0/jwt-auth-bundle/blob/master/src/Security/Auth0Service.php#L55

I’ll open an issue on that repo to have the bundle changed so it allows using cache.

Here is the issue I opened https://github.com/auth0/jwt-auth-bundle/issues/50

1 Like

I escalated it internally.