SupabaseS
Supabase4mo ago
amadeus

getClaims seems quite slow

I just recently ran through the asymmetric JWT migration, following along with the posted video from the blog post. I'm pretty sure I have everything setup correctly however I'm seeing a major difference in performance relative to the video. There it was showing sub 10ms times for the getClaims call, yet I'm seeing times that seem all over the place but more often than not, over 40-50ms (see attached screenshot, i also output the headers to show that the algorithm should be correct).

For reference, literally the code I have for fetching claims looks like this: 
export async function getClientSessionClaims(supabase: SupabaseClient<Database>): Promise<SessionUserResponse> {
  try {
    const start = Date.now();
    const {error, data} = await supabase.auth.getClaims();
    console.log('ZZZZZ - getClaims time', Date.now() - start, data?.header);
    return {claims: data?.claims ?? null, error};
  } catch (e: any) {
    return {claims: null, error: e};
  }
}


However, if i do it all manually (unclear if this is is the right way to do it) I see great performance improvements: 
const SUPABASE_JWT_ISSUER = `${process.env.NEXT_PUBLIC_SUPABASE_URL}/auth/v1`;
const SUPABASE_JWT_KEYS = createRemoteJWKSet(new URL(SUPABASE_JWT_ISSUER + '/.well-known/jwks.json'));

export async function getJWT(accessToken: string) {
  const start = Date.now();
  const result = await jwtVerify(accessToken, SUPABASE_JWT_KEYS, {issuer: SUPABASE_JWT_ISSUER});
  console.log('ZZZZZ - manual jwt time', Date.now() - start, result.protectedHeader);
  return result.payload;
}


This decoding method was mostly cribbed from the announcement blogpost, so unclear if i'm shortcutting some work here or not. But also it has me concerned that I'm missing a step somewhere and getClaims isn't working properly
CleanShot_2025-08-24_at_19.28.02.png
CleanShot_2025-08-24_at_19.34.37.png
Was this page helpful?