Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

isValidCognitoToken - Performance impacted by not caching JWKS files #13706

Open
3 tasks done
smozely opened this issue Aug 13, 2024 · 1 comment
Open
3 tasks done

isValidCognitoToken - Performance impacted by not caching JWKS files #13706

smozely opened this issue Aug 13, 2024 · 1 comment
Labels
Auth Related to Auth components/category feature-request Request a new feature

Comments

@smozely
Copy link

smozely commented Aug 13, 2024
edited
Loading

Before opening, please confirm:

JavaScript Framework

Next.js

Amplify APIs

Authentication

Amplify Version

@aws-amplify/adapter-nextjs: 1.2.1

Introduced by this commit: 125c690

Amplify Categories

auth

Backend

None

Environment information

# Put output below this line

Describe the bug

The changes to validate the cognito tokens as part of fetchSession in packages/adapter-nextjs/src/utils/isValidCognitoToken.ts call CognitoJwtVerifier.create on every request (@see 125c690#r145308092).

CognitoJwtVerifier creates a cache of the downloaded jwks files. Creating a new instance on every request negates the cache. Which means many calls to get the JWKS file, slowing down each requets.

Prior to this release we were manually verifying the token in our NextJS middleware, since updating noticed a massive increase in the requests to the JWKS file, and a slow down in our test suites.

Expected behavior

That there would be some caching of JWKS file requests, i.e. 1 per application startup

Reproduction steps

In an application that is calling fetchAuthSession.

Something like ...

return await runWithAmplifyServerContext({
    nextServerContext: { request, response },
    operation: async (contextSpec) => {
      try {
        await fetchAuthSession(contextSpec)
        const session = await fetchAuthSession(contextSpec);
        if (session) {
            return true;
        }
        return false;
      } catch (error) {
        console.log(error);
        return false;
      }
    },
  });

Will make 2 requests to the JWKS file, and will take 100ms at least longer than if its only there once.

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response
@smozely smozely added the pending-triage Issue is pending triage label Aug 13, 2024
@cwomack cwomack added the Auth Related to Auth components/category label Aug 13, 2024
@cwomack cwomack self-assigned this Aug 13, 2024
@cwomack cwomack added feature-request Request a new feature and removed pending-triage Issue is pending triage labels Aug 13, 2024
@HuiSF
Copy link
Member

HuiSF commented Aug 13, 2024

Thanks for pointing this out @smozely, we are currently exploring a better approach to perform the token validation on the server side, and we will include this performance improvement in the consideration.

@cwomack cwomack removed their assignment Aug 13, 2024
@erinleigh90 erinleigh90 mentioned this issue Sep 18, 2024
Draft
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Auth Related to Auth components/category feature-request Request a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@smozely @HuiSF @cwomack