Should we Switch from Auth0 jsonwebtoken to json-web-token ?

[nelsonic]

Hi @joaquimserafim,

Hope you're having a good weekend.

We are currently using the jsonwebtoken by Auth0: https://github.com/auth0/node-jsonwebtoken - mostly because at the time we were doing our research into JTW: https://github.com/docdis/learn-json-web-tokens - for our Hapi.js JWT Auth plugin: https://github.com/ideaq/hapi-auth-jwt2

Our questions are:

1. what are the advantages of switching to this module over jsonwebtoken (besides the fact that you have 100% Coverage - which is great!) ... have you benchmarked performance?
   and
2. Do you plan to support verification (or decoding) options? see:
   https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback

Thanks! 😸

[joaquimserafim]

Hi @nelsonic, It’s great to hear from you!

1. big advantages, humm, I'm not a sales guy 😜, this should be a very simple module that follows the JWT draft implementation and the node.js behavior (don't throw in this kind of app/module pass the error to a higher level), and works very well :) I don't want to compare with jsonwebtoken since uses another module to implement the draft and the team behind jsonwebtoken are a very fine team and know very well what they are doing but I would say to use due the simplicity of the json-web-token and there is a very large room for manoeuvre to bring new functionality to the module,
   about benchmark never did any kind of but I have been thinking to do it
2. is only providing the decode without options letting the developer playing with the return object and seems to me that is doing almost the same stuff as jsonwebtoken#verify but sure that can be improved and use the options as well

both encode and decode are verifying the algorithm something don't come in the draft

thanks for the interest 👍 if you want to help ping me ;)

take care