firebase是否对每个admin.auth()。verifyIdToken(idToken)发出网络请求?
[英]Does firebase make a network request for every admin.auth().verifyIdToken(idToken)?
问题描述
I have a firebase client(browser). 
我有一个Firebase客户端(浏览器)。 I also have a backend server that I identify the user is signed in using the firebase token. 我还有一个后端服务器,可以识别用户是否使用Firebase令牌登录。
With following Firebase's docs Verify ID tokens using the Firebase Admin SDK , I am successfully using admin.auth().verifyIdToken(idToken) to verify the token on my node server. 遵循以下Firebase的文档(使用Firebase Admin SDK验证ID令牌) ,我成功使用admin.auth().verifyIdToken(idToken)来验证节点服务器上的令牌。
However, one thing concerns me. 但是,有一件事与我有关。 I know that firebase uses a cert to verify the tokens. 我知道firebase使用证书来验证令牌。 Does this mean that everytime I invoke admin.auth().verifyIdToken(idToken) a outgoing network request/network transaction is made from my node server? 这是否意味着每次我调用admin.auth().verifyIdToken(idToken)都会从节点服务器进行传出网络请求/网络事务? I am concerned because I would consider this expensive if so. 我很担心,因为如果这样我会认为这很昂贵。
I tried to use tcpdump but traffic is to much and to cryptic to tell. 我尝试使用tcpdump,但是流量很大,而且难以理解。
1 个解决方案
解决方案1
4 2017-11-05 06:50:40
I had a quick look at the Node.js implementation of verifyIdToken on Github . 我快速浏览了Github上的verifyIdToken的Node.js实现 。
As far as I can see the only roundtrip it does is to fetch the public keys for the certs, which it only does if they're expired. 据我所知,它唯一的往返就是获取证书的公钥 ,只有在证书过期时才这样做。 Most of the other work are parameter checks and of course the actual verification of the token . 其他大多数工作是参数检查,当然还有令牌的实际验证 。
So from what I can tell there should not be a 1:1 relation between the number of incoming verification requests and the number of outgoing network requests. 因此,据我所知,传入验证请求的数量与传出网络请求的数量之间不应存在1:1的关系。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.