jmreyes
commented
6 years ago Hi, I'm so sorry for such a late reply! Thank you for taking the time to suggest some improvements!
I took a look at this library you mention, and while it's possible that it could be used for certificate checks, I would prefer to keep the library as simple as possible and avoid adding that dependency (which seems quite big).
In principle, I'd rather keep the simple (non-efficient) default mechanism while giving users the possibility of customization via the getGoogleCerts option, which should enable them to integrate different possibilities, maybe even using google-auth-library, easily.
mifi
I'm not using your project but I did consider it (I decided to simply use react-google-login and google-auth-library). I noticed that you seem to fetch the google certs every time by default? Would it not be simpler to use google-auth-library and let them decide how often to fetch certs?