Lately, gcloud functions deploy
require authentication by default.
If a cloud function require authentication, it require an authenticated user credential (of Cloud Identity and Access Management / IAM / Service Accounts) which normal utilize Authorization
HTTP headers with Bearer
prefix to send it Id Token. Such example would be Secure Cloud Functions for Cloud Scheduler.
You could allow unauthenticated function invocation.
Google Cloud Console ->
Functions- Click checkbox of a specific functions, where Right Info Panel is shown
- Click
Permission
tab and clickAdd Member
. - Set
allUsers
forNew members
- Select
Cloud Functions -> Cloud Functions Invoker
forSelect a role
. - Click
Save
.
NOTE: You can use gcloud functions deploy FUNCTION_NAME --runtime python37 --trigger-http --allow-unauthenticated
to enable unauthenticated function invocation, thus avoiding the complicated steps above.
Note that
allAuthenticatedUsers
doesn’t refer to Firebase Authentication users. It’s a Google Cloud Platform concept that stands for all service accounts. - Source
You cannot depend on this feature to secure cloud functions with Firebase Authentication, as it only works with Cloud Identity and Access Management / IAM / Service Accounts
.
Refer to Secure Cloud Functions With Firebase Authentication (Python). Things are easier if you are using Node.js.