search

kreait / firebase-tokens-php

A PHP library to work with Firebase tokens
MIT License
223 stars 33 forks source link

HTTP Overhead for Public Key Retrieval #8

Closed lashae closed 6 years ago

lashae commented 6 years ago

It seems that the library fetches Firebase public keys from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com URL for every request. If I'm missing something please correct me.

If this is the case, wouldn't it be better to cache public keys on the first run and try to re-fetch them only for a cache-miss scenario? This way a huge HTTP overhead would be avoided for the tokens with the known same public keys.

What do you think of this proposal?

jeromegamez commented 6 years ago

Good proposal! I'll come up with something, thank you!

jeromegamez commented 6 years ago

Solved by #9