google-auth-library-python icon indicating copy to clipboard operation
google-auth-library-python copied to clipboard

Published 20 hours ago verified publisher icon googleapis

verify_oauth2_token takes a minute to complete

Open bemineni opened this issue 5 years ago • 4 comments

Thanks for stopping by to let us know something could be better!

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

Please run down the following list and make sure you've tried the usual "quick fixes":

  • Search the issues already opened: https://github.com/googleapis/google-api-python-client/issues
  • Search StackOverflow: https://stackoverflow.com/questions/tagged/google-cloud-platform+python

If you are still having issues, please be sure to include as much information as possible:

Environment details

  • OS type and version: Linux Mint running on Virtual box
  • Python version: 3.6.9
  • pip version: 9.0.1
  • google-api-python-client version: google-api-core (1.21.0) google-api-python-client (1.9.3) google-auth (1.19.0) google-auth-httplib2 (0.0.4) googleapis-common-protos (1.52.0)

Steps to reproduce

  1. The first call to verify_oauth2_token takes almost a minute to complete. All successive calls complete fast if the session has cachecontrol.

Code example

from google.oauth2 import id_token
from google.auth.transport import requests as googlerequests
from google.auth.exceptions import GoogleAuthError
import cachecontrol
import requests

gsession = requests.session()
gcached_session = cachecontrol.CacheControl(gsession)
grequest = googlerequests.Request(session=gcached_session)

CLIENT_ID = 'xxxxxxx.apps.googleusercontent.com'

 idinfo = id_token.verify_oauth2_token(
                    <id_token_from_client>, grequest, CLIENT_ID)

Stack trace

# example

Making sure to follow these steps will guarantee the quickest resolution possible.

Thanks!

bemineni avatar Jul 21 '20 16:07 bemineni

Hi @bemineni,

Was this faster in previous versions of the library?

busunkim96 avatar Jul 21 '20 16:07 busunkim96

I started to use this library for the first time recently for new project development. I see a delay only in the very first call. Is there any way I can debug and provide you more logs.

bemineni avatar Jul 21 '20 18:07 bemineni

Hmm, the only network call that's being made is to fetch the certificates, and I wouldn't expect it to take that long.

https://github.com/googleapis/google-auth-library-python/blob/c05b8b52e3bbc096cf32e2d4bb5bd45986d3cd04/google/oauth2/id_token.py#L86-L108

Could you try increasing the logging level and verifying that the HTTP request is the bottleneck?

import logging

logging.basicConfig(level=logging.DEBUG)

busunkim96 avatar Jul 25 '20 03:07 busunkim96

@busunkim96 For me it's also taking long, depends on environment.

I have noticed that usually this function gives additional 0,5 - 1s of overhead while token is verified from a header on the each call.

I would like to use cert request cache like it's described in the comments but the explanation is not giving the idea of a fallback when certs are expired.

Could you please give more explicit description what to expect when cert is expired and how yo request new certs in this fallback case?

Thanks in advance!

ievgennaida avatar Jan 27 '21 07:01 ievgennaida