Comments (8)
Most of the time VerifyGitkitToken is a local method, and the latency should be far less than 1 seconds. Could you give more details?
- Is your server running in local development, or a cloud service (e.g. Google App Engine), or others?
- Do you observer any pattern when the method is very slow?
- Is possible to run your app under python profiler?
from identity-toolkit-python-client.
The code is on the dedicated server at soyoustart (ovh).
For only purpose testing, I write a simple python code with a simple call to this (rpc)method and the result is this:
server$ python test_gitkit.py eyJhbGci[...]3GIQ
start
VerifyGitkitToken time = 1.359633
server$ python test_gitkit.py eyJhbGci[...]3GIQ
start
VerifyGitkitToken time = 128.519584
from identity-toolkit-python-client.
this is the script
import os
import sys
import datetime
# Import the helper functions
from identitytoolkit import gitkitclient
# Import the configuration file you downloaded from Google Developer Console
server_config_json = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'gitkit-server-config.json')
gitkit_instance = gitkitclient.GitkitClient.FromConfigFile(
server_config_json)
if __name__ == "__main__":
idToken = sys.argv[1]
start = datetime.datetime.now()
print("start")
gitkit_user = gitkit_instance.VerifyGitkitToken(idToken)
end = datetime.datetime.now()
print("VerifyGitkitToken time = %f"% ((end-start).total_seconds()))
from identity-toolkit-python-client.
Now, the same script with the same input give good result (50 successful execution under 2.5 seconds)!
What worries me is that this method does not have a timeout.
PS: honestly I have not tested the script outside dedicated server (there are no firewall rules inside this my debian dedicated server).
from identity-toolkit-python-client.
VerifyGitkitToken() requires the Gitkit public X509 certs to validate a token string. The GitkitClient object has a build-in cache of current X509 certs, so that most of the time the certs are read from memory and the token signature is verified without any RPC. Only when the cached certs expire (normally in several hours) will the method download a new one from Gitkit server.
Every time when you run $python test_gitkit.py, a new GitkitClient is created and the cache has to be initialized by downloading the certs first. If your test script makes multiple calls to VerifyGitkitToken() using the same GitkitClient, the delay should be greatly decreased. That is the similar scenario for long-running tasks such as web servers.
from identity-toolkit-python-client.
Ok, in my production code I already use this approach, The other day the problem (128seconds) is happened for the first time in production code (an average of 1 long waiting on 4 method calls)
from identity-toolkit-python-client.
Looking at the call to GetPublicCert in VerifyGitkitToken there are potentially two HTTP calls made but only one which is cached. If you don't specify a "Server API key" then, I'm assuming by design, uncached calls are made to fetch the public certs via the service account. This is maybe what you're experiencing in production @alexodus, You can get a key via the credentials page in Google Developer Console, "Add credentials" then "API key" (when writing this).
Wouldn't a better strategy be to cache the result of GetPublicCerts in GitkitClient? And if the signature check fails then refresh the cache and retry?
from identity-toolkit-python-client.
Good point Magnus. We are making a change to the GetPublicCert HTTP API that neither Server API Key nor service account is needed. Caching the public certs in GitkitClient is also a reasonable approach.
from identity-toolkit-python-client.
Related Issues (11)
- pyOpenSSL version in setup.py HOT 3
- ApplicationDefaultCredentialsError on AWS HOT 9
- Provide identity-toolkit on app engine HOT 7
- PKCS12 format is not supported by the PyCrypto library HOT 4
- Google app engine cannot access key HOT 1
- base64 decode error with unicode password hash
- UnicodeDecodeError
- Deprecation and migration to Firebase HOT 2
- Missing verifyEmail Action HOT 2
- Not Python3 compatible HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identity-toolkit-python-client.