a proposal to use MACs(message authentication codes) to verify users messages instead of jwt tokens

[rami3sam]

we already have a public-private keys associated with each user and we already have methods for signing and verifying messages so instead of issuing each user a token to verify his subsequent requests how about we sign every request with his private key and verify it on the server using the public key since the signing is done on a hash(digest) of the message it's really reasonable to sign them in a a few milliseconds and verify them on the server( verfications are order of magnitude faster than signing) which is good since signing happens on the client where we can except to sign few messages in a certain time frame and verification happens on the server where it can verify thousands of messages per second i'll try to include some benchmarks below to let you measure the feasability of this proposal