firebase-admin
python package is 100MB.
I am only using it to verify idToken
server-side in HTTP requests.
This means i am using only 1 method of this package.
I would like to remove the Firestore
and the Cloud Storage
dependencies from the package to reduce the size if possible.
Can I simply install the firebase_admin.auth
package with only its dependencies with a pip install firebase-admin --only auth
looking-like command ?
If not, how can i filter easily the packages inside to only keep the needed for firebase_admin.auth
module ? (=not spending time to understand manually all of the dependencies for each required file)
Thanks in advance
CodePudding user response:
You can use any third party library like PyJWT instead of using Firebase Admin SDK to decode Firebase ID Tokens if you need it for verifying tokens only.
Once the token is decoded you can verify the headers and constraints mentioned in Verify ID Tokens using third party JWT library section of the documentation:
Finally, ensure that the ID token was signed by the private key corresponding to the token's
kid
claim. Grab the public key from https://www.googleapis.com/robot/v1/metadata/x509/[email protected] and use a JWT library to verify the signature. Use the value ofmax-age
in theCache-Control
header of the response from that endpoint to know when to refresh the public keys.