为什么不向'allAuthenticatedUsers'成员授予'Cloud Functions Invoker'角色才能为Google云功能工作? [英] Why doesn't granting 'allAuthenticatedUsers' member the 'Cloud Functions Invoker' role work for google cloud functions?
问题描述
根据Google文档,"allAuthenticatedUsers"成员将包括经过身份验证的任何人,包括常规gmail帐户.因此,我为该成员指定了云功能调用者"角色,以为任何经过身份验证的用户都应该能够调用我的Google云功能.那是行不通的.我得到以下结果:
According to the Google documentation, The 'allAuthenticatedUsers' member would include anybody that is authenticated included regular gmail accounts. So I gave that member the 'Cloud Functions Invoker' role, thinking that any authenticated user should be able to invoke my google cloud function. That is not working. I get the following results:
错误:禁止.您的客户端无权从此服务器获取URL/function-1.
Error: Forbidden Your client does not have permission to get URL /function-1 from this server.
我已经证明,如果我将"Cloud Functions Invoker"角色授予"allUsers",则可以调用该功能.因此,我知道该功能有效(这是Google Cloud创建的默认功能).
I have proven that if I grant the 'Cloud Functions Invoker' role to 'allUsers', then the function can be invoked. So I know the function works (it is the default function that google cloud creates).
那么,为什么不授予"allAuthenticatedUsers"成员"Google Cloud Functions Invoker"角色对Google Cloud函数的作用呢?我想念什么?
So why doesn't granting 'allAuthenticatedUsers' member the 'Cloud Functions Invoker' role work for google cloud functions? What am I missing?
谢谢
推荐答案
正确答案
信用归约翰·汉利(John Hanley)所有.我需要在承载令牌授权标头中使用id_token而不是我的access_token.
Credit goes to John Hanley. I needed to use the id_token instead of my access_token in the bearer token authorization header.
我不确定如何将此问题标记为已回答.我不能接受评论,也不能接受自己的回答.我的目的是通过将此问题标记为已回答但我无法解决,以帮助其他有相同问题的人.奇怪!
I'm not sure how to mark this question as answered. I couldn't accept the comment, nor could I accept my own answer. My object is to help others who are having the same question by Marking this question as answered but I cannot do it. Weird!
请尽可能将答案标记为正确.
Please Mark the answer as correct if you can.
这篇关于为什么不向'allAuthenticatedUsers'成员授予'Cloud Functions Invoker'角色才能为Google云功能工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
