Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Calls to firebase_auth.get_user() can add 100-200ms to request time

See original GitHub issue

Hi,

Just reviewing my web API performance and found high latency whenever firebase_auth.get_user() is called, since it sends a blocking HTTP request to the Firebase Auth API.

I’ve read a few different Python Firebase Auth tutorials and they all just use the decoded JWT to supply user data, they do not make a call out to the Firebase web API. This makes sense since a synchronous HTTP call is bad for performance.

If FIREBASE_CHECK_JWT_REVOKED is enabled, the get_user() call is made twice per request cycle. One of these calls is surely redundant.

Apart from revocation is there a reason to fetch the user rather than using the properties that are already embedded in the JWT?

Thanks!

Issue Analytics

State:
Created 3 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

2reactions

garyburgmanncommented, May 7, 2021

Hey guys this is still on my radar, just need to find time to get my head into it. Thanks for the feedback so far!

If there is some sort of consensus re: best way forward and I haven’t gotten to it yet, feel free to make a pull req.

Have opened a ticket in Trello to track this, feel free to add code snippets/screenshots/more info

https://trello.com/c/RlMcBCmi

2reactions

Longwelwindcommented, May 6, 2021

I’ve looked a bit into this question, here are the result of my investigation, so that if someone is interested in solving this, s.he can have more info on this. At the moment, when a request is received by Django, FirebaseAuthentication:

Decodes the uid out of the JWT token
Fetches the Firebase user data based on the uid (including the email)
Check if a local user already exists with this email
- If no, create a local user associated with this mail
Return the local user (either fetch or created)

The step in bold includes a request to Firebase.

What it truly should be doing is:

Decodes the uid and the email out of the JWT token
Check if a local user already exists with this email
- If no, fetch the Firebase user data, create a local user associated with this mail based on the firebase user data.
Return the local user (either fetch or created)

That way, a trip to Firebase is only needed during local user creation. In case the local user creation doesn’t require data from the firebase user, a request to Firebase is not even needed.

I’ll try to create a PR if I get the time to do this.