0

so I have a bunch of endpoints that I use JWTs for to verify that the person invoking the function is who they say they are.

I noticed it takes 0.3-0.4s to verify the JWT each time though and thought this could be reduced. It seems the reason is because the JWKS is fetched from my auth0 web server. The JWKS are never rotated, so I want to store my JWKS as a environment variable and use that value to decode/verify the JWT tokens.

I'm currently using PyJWT but there doesn't seem to be an option to supply JWKS directly.

Does anyone know how to do this? Also is there any risk with doing this other than JWKS being rotated and not being subsequently updated in each endpoint?

Quantitative
  • 51
  • 2
  • 6

1 Answers1

0

I figured it out

So all I need to do is generate the public key for the JWT. Which can be done like this:

jwks = {} #JWK set
key = jwt.algorithms.RSAAlgorithm.from_jwk(jwks["keys"][0])

then decoding is done with jwt.decode and you simply input key as the "key" param

Quantitative
  • 51
  • 2
  • 6
  • 1
    JWKs rotate, so make sure you have a logic / cronjob that checks their expiration and refetches them if needed. – xecute Mar 05 '23 at 03:23