so I have a bunch of endpoints that I use JWTs for to verify that the person invoking the function is who they say they are.
I noticed it takes 0.3-0.4s to verify the JWT each time though and thought this could be reduced. It seems the reason is because the JWKS is fetched from my auth0 web server. The JWKS are never rotated, so I want to store my JWKS as a environment variable and use that value to decode/verify the JWT tokens.
I'm currently using PyJWT but there doesn't seem to be an option to supply JWKS directly.
Does anyone know how to do this? Also is there any risk with doing this other than JWKS being rotated and not being subsequently updated in each endpoint?
I figured it out
So all I need to do is generate the public key for the JWT. Which can be done like this:
then decoding is done with
jwt.decodeand you simply inputkeyas the "key" param