Secret is not cached

[fellmann]

Both guards are redefining the jwt functions on every call. In consequence, every API call leads to a new call to Auth0 - very bad for performance.

Looking at https://github.com/auth0-developer-hub/api_nestjs_typescript_hello-world/blob/main/src/authorization/authorization.guard.ts#L22, I think it should be:

...
export class AuthorizationGuard implements CanActivate {
  private validateAccessToken = promisify(auth());
  
  async canActivate(context: ExecutionContext): Promise<boolean> {
    const request = context.switchToHttp().getRequest<Request>();
    const response = context.switchToHttp().getResponse<Response>();

    try {
      await this.validateAccessToken(request, response);
...

Same for https://github.com/auth0-developer-hub/api_nestjs_typescript_hello-world/blob/main/src/authorization/permissions.guard.ts

Please do not use this repository as is.

[fellmann]

To reproduce, see the result of NODE_DEBUG=http,http2 nest start

[paultannenbaum]

@fellmann what did you end up doing to solve this? Are you caching the response from auth0, or is that handled by auth0 and you only need to no re-create the jwt function itself on every call?

[fellmann]

@fellmann what did you end up doing to solve this? Are you caching the response from auth0, or is that handled by auth0 and you only need to no re-create the jwt function itself on every call?

It is sufficient to make sure auth( [...] ) is only called once like in the example above. Then everything is handled correctly by the library.