Json Web Token JWT have performance overhead?

I wanted to find out if using jwt token during authentication of a web application creates any performance issue.

But what are Jwt Tokens you may ask?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA.
jwt.io

Additionally Jwt tokens are:

  1. Compact: Small size means transmission is fast, JWT can be sent through a URL, POST parameter, or inside an HTTP header. Note usually JWT have a size limit of 7k to 8k in size.
  2. Self-contained: The payload contains all the required information about the user, and avoids the need to query the database more than once

Task with this I wrote a sample C# console application to find out if different size of keys made any significant performance issue when validating a jwt token.
Below is the sample code I wrote to test this out.

Here are some results of the first test run

jwt-test-run1

jwt-test-run1

Test Run 2

jwt-test-run2

jwt-test-run2

Test Run 3

jwt-test-run3

jwt-test-run3

Conclusion

As expected the larger key generated does create a slightly larger time to verify the JWT Token but using C# and .NET 4.6, I found the time to verify was insignificant for a web application, when using a small key size of 2048 key size and 256 Sha algorithm. Having Jwt verification to secure your web application outpays the time it takes to verify it, I have not put in any network latency in this application, but probably those would be more significant than JWT verification.