authia

English | 日本語

High-performance JWT verification library for Ed25519 using WebAssembly.

Features

• 🚀 Fast Ed25519 JWT verification using Rust + WebAssembly
• 🔒 Secure by design - algorithm fixed to Ed25519
• 🌐 Universal runtime support (Node.js, Browser, Cloudflare Workers)
• 📦 Zero runtime dependencies
• 🎯 TypeScript type definitions included
• ⚡ Automatic Wasm initialization

📊 Benchmarks

In comparison with jose (standard library in Node.js), authia provides faster execution and lower overhead by leveraging Rust's efficiency and aggressive caching.

Tested in Node.js v24 environment with 2,000 iterations. Verification includes Ed25519 signature check, claim validation (iss, aud, exp, iat), and payload decoding.

Installation

npm install authia

Usage

The library automatically detects the environment (Node.js or Bundler/Workers) and handles WebAssembly loading.

Access Token Verification

import { verifyAccessToken } from "authia";

try {
  // Cloudflare Workers: verification is asynchronous on first call
  // Node.js: verification is synchronous
  const payload = await verifyAccessToken(token, {
    publicKeyJwk: process.env.JWT_PUBLIC_KEY,
    audience: "kapock-app",
    issuer: "https://auth.kapock.com",
  });

  console.log(`User ID: ${payload.sub}, Email: ${payload.email}`);
} catch (error) {
  console.error("Token verification failed:", error);
}

Refresh Token Verification

import { verifyRefreshToken } from "authia";

const payload = await verifyRefreshToken(token, {
  publicKeyJwk: process.env.JWT_PUBLIC_KEY,
  audience: "kapock-app",
  issuer: "https://auth.kapock.com",
});

console.log(`JTI: ${payload.jti}`);

Runtime Behavior

Node.js

Verification is synchronous. The WebAssembly module is loaded using fs.readFileSync at startup.

Cloudflare Workers / Bundlers

Verification is asynchronous (returns a Promise) to allow for asynchronous WebAssembly compilation. Wasm is automatically initialized on the first function call.

API

See API Documentation for detailed information.

License

MIT