I'm building a SvelteKit, using Passage by 1Password for (auth docs).
On a specific route and all its subroutes, I need to authenticate and ensure that the user is logged in. According to my profiler, this takes 1 second. This is far too slow for the ideal user.
Passage suggests a function - I've instead investigated a little bit and gone deeper, and I finally am using the jose.jwtVerify function. This takes about the same time.
How can I improve this? Is there any way to "cache" the fact that the user is logged in? How do other frameworks make this protection fast?
Some tips: Here is the GH code. As you an see, the key for jwtVerify is this:
createRemoteJWKSet(new URL(`https://auth.passage.id/v1/apps/${this.appID}/.well-known/jwks.json`), {
cacheMaxAge: 1000 * 60 * 60 * 24, // 24 hours
});
Perhaps it's this contact with an API that slows down this process. Anyway, is there anyway to improve on this?
If anybody knows Passage - is it possible for me to download/cache that JWK file? I'm guessing it changes, right? Or does cacheMaxAge cache it after all - or does Svelte SSR on serverless Vercel nullify this caching?