I’ve got my client side app up and running with Okta, everything works as expected.
I’ve now started to integrate the backend, using the authenticationRequired example for NodeJS + Express.
This works, but there is a huge performance penalty when doing so.
As in 1-3 seconds overhead per call to my backend.
What can I do about this? what would be the recommended way forward?
Sessions, caching, other? I really don’t want to cook up some homegrown hack for this jeopardizing the security of the app.
If so, all the caching should already be handled for you. The Okta JWT verifier for Node will cache the keys endpoint response after the first call. If you want to sanity check, you could add in some timing to see how long it’s taking. Here’s a modification of that sample code which will print out how long it took:
function authenticationRequired(req, res, next) {
const a = new Date().getTime();
const authHeader = req.headers.authorization || '';
const match = authHeader.match(/Bearer (.+)/);
if (!match) {
res.status(401);
return next('Unauthorized');
}
const accessToken = match[1];
return oktaJwtVerifier.verifyAccessToken(accessToken)
.then((jwt) => {
const b = new Date().getTime();
req.jwt = jwt;
console.log('Verification in', b-a, 'ms');
next();
})
.catch((err) => {
res.status(401).send(err.message);
});
}
You should see a longer request on the first hit, but then others should return within 1ms. Let me know if this isn’t the case?
Another question to consider: are you seeing these long times in a test environment, where you’re starting/stopping the Express server often? The cache will have to be rebuilt on every server start.