It seems that the library fetches Firebase public keys from https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com URL for every request. If I'm missing something please correct me.
If this is the case, wouldn't it be better to cache public keys on the first run and try to re-fetch them only for a cache-miss scenario? This way a huge HTTP overhead would be avoided for the tokens with the known same public keys.
It seems that the library fetches Firebase public keys from
https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com
URL for every request. If I'm missing something please correct me.If this is the case, wouldn't it be better to cache public keys on the first run and try to re-fetch them only for a cache-miss scenario? This way a huge HTTP overhead would be avoided for the tokens with the known same public keys.
What do you think of this proposal?