Hi there, just getting set up with "enhanced security mode".

I've implemented token signing as per the docs:

const before = performance.now()

const knockToken = Knock.signUserToken(
  userId,
  { expiresInSeconds: 60 * 60 * 24 * 7 },
)

const after = performance.now()
console.log(`Knock.signUserToken took ${after - before}ms`)

The original idea was to put this token directly in our pre-existing GET user endpoint, so that frontend applications could consume it without any new endpoints to fetch.

However, I am seeing signUserToken take 20-30ms consistently.

I see that your implementation is a pretty basic jsonwebtoken flow. I was able to reduce the computation time to sign a JWT to by 50%+ with fast-jwt.

I'd recommend you implement the same, as it should be trivial to do so.