Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Use a standard JWT verification lib on the BE

Status

This is just a proposal so far, it hasn't been accepted and needs further discussion.

Status:
proposed
Deciders:
rishabhpoddar, porcellus
Proposed by:
porcellus
Created:
2022-12-06

Context and Problem Statement#

Since our access tokens will match standard JWTs, we can switch to using a jwt verification library with key caching instead of our own implementation.

Considered Options#

  • Keep using our own implementation
  • Switch to an external library

Decision Outcome#

We should switch to an external library

  • Our code gets smaller
  • We use the same method we will recommend to people if they aren't using our SDKs
  • The JWKs endpoint we use is the one exposed by the Core, since the one provided by the backend SDK could be disabled.