authia 0.1.0

High-performance JWT verification library for Ed25519 using WebAssembly
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

# authia


[English](./README.md) | [日本語](./README.ja.md)

High-performance JWT verification library for Ed25519 using WebAssembly.

## Features


- 🚀 Fast Ed25519 JWT verification using Rust + WebAssembly
- 🔒 Secure by design - algorithm fixed to Ed25519
- 🌐 Universal runtime support (Node.js, Browser, Cloudflare Workers)
- 📦 Zero runtime dependencies
- 🎯 TypeScript type definitions included
- ⚡ Automatic Wasm initialization

## 📊 Benchmarks


In comparison with `jose` (standard library in Node.js), **authia** provides faster execution and lower overhead by leveraging Rust's efficiency and aggressive caching.

| Library           | Avg (ms)   | p50 (ms)   | p95 (ms)   | Speedup   |
| :---------------- | :--------- | :--------- | :--------- | :-------- |
| **authia (WASM)** | **0.29ms** | **0.26ms** | **0.48ms** | **1.11x** |
| jose (JS Native)  | 0.32ms     | 0.29ms     | 0.48ms     | 1.00x     |

_Tested in Node.js v24 environment with 2,000 iterations. Verification includes Ed25519 signature check, claim validation (iss, aud, exp, iat), and payload decoding._

## Installation


```bash
npm install authia
```

## Usage


The library automatically detects the environment (Node.js or Bundler/Workers) and handles WebAssembly loading.

### Access Token Verification


```typescript
import { verifyAccessToken } from "authia";

try {
  // Cloudflare Workers: verification is asynchronous on first call
  // Node.js: verification is synchronous
  const payload = await verifyAccessToken(token, {
    publicKeyJwk: process.env.JWT_PUBLIC_KEY,
    audience: "kapock-app",
    issuer: "https://auth.kapock.com",
  });

  console.log(`User ID: ${payload.sub}, Email: ${payload.email}`);
} catch (error) {
  console.error("Token verification failed:", error);
}
```

### Refresh Token Verification


```typescript
import { verifyRefreshToken } from "authia";

const payload = await verifyRefreshToken(token, {
  publicKeyJwk: process.env.JWT_PUBLIC_KEY,
  audience: "kapock-app",
  issuer: "https://auth.kapock.com",
});

console.log(`JTI: ${payload.jti}`);
```

## Runtime Behavior


### Node.js


Verification is **synchronous**. The WebAssembly module is loaded using `fs.readFileSync` at startup.

### Cloudflare Workers / Bundlers


Verification is **asynchronous** (returns a Promise) to allow for asynchronous WebAssembly compilation. Wasm is automatically initialized on the first function call.

## API


See [API Documentation](./docs/api.md) for detailed information.

## License


MIT