Avoid network authentication calls if unnecessary.

If a token is invalid locally, it will also be invalid on a network call. Network calls only detect if a valid token has since been revoked.
Get-Your-GreenBack-Tompkins · Aug 25, 2020 · 784534f · 784534f
1 parent 4a81876
commit 784534f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/middleware/auth/middleware.ts b/src/middleware/auth/middleware.ts
@@ -23,7 +23,9 @@ export function initializeAuth(auth: auth.Auth) {
     const [, idToken] = parts;
 
     auth
-      .verifyIdToken(idToken, true)
+      .verifyIdToken(idToken) 
+      // Only confirm that a token hasn't been revoked _after_ we are sure it is a valid token. 
+      .then(() => auth.verifyIdToken(idToken, true))
       .then(claims => {
         return claims.admin === true;
       })