为什么授予“allAuthenticatedUsers"成员“云函数调用者"角色不适用于谷歌云函数? [英] Why doesn't granting 'allAuthenticatedUsers' member the 'Cloud Functions Invoker' role work for google cloud functions?
问题描述
根据 Google 文档,allAuthenticatedUsers"成员将包括任何经过身份验证的普通 gmail 帐户.所以我给了那个成员云函数调用者"角色,认为任何经过身份验证的用户都应该能够调用我的谷歌云函数.那是行不通的.我得到以下结果:
According to the Google documentation, The 'allAuthenticatedUsers' member would include anybody that is authenticated included regular gmail accounts. So I gave that member the 'Cloud Functions Invoker' role, thinking that any authenticated user should be able to invoke my google cloud function. That is not working. I get the following results:
错误:禁止您的客户端无权从此服务器获取 URL/function-1.
Error: Forbidden Your client does not have permission to get URL /function-1 from this server.
我已经证明,如果我将云函数调用者"角色授予allUsers",则可以调用该函数.所以我知道这个函数有效(它是谷歌云创建的默认函数).
I have proven that if I grant the 'Cloud Functions Invoker' role to 'allUsers', then the function can be invoked. So I know the function works (it is the default function that google cloud creates).
那么为什么不授予allAuthenticatedUsers"成员云函数调用者"角色适用于谷歌云函数?我错过了什么?
So why doesn't granting 'allAuthenticatedUsers' member the 'Cloud Functions Invoker' role work for google cloud functions? What am I missing?
谢谢
推荐答案
正确答案
归功于约翰汉利.我需要在不记名令牌授权标头中使用 id_token 而不是我的 access_token.
Credit goes to John Hanley. I needed to use the id_token instead of my access_token in the bearer token authorization header.
我不确定如何将此问题标记为已回答.我不能接受评论,也不能接受我自己的答案.我的目的是通过将此问题标记为已回答来帮助其他有同样问题的人,但我不能这样做.奇怪!
I'm not sure how to mark this question as answered. I couldn't accept the comment, nor could I accept my own answer. My object is to help others who are having the same question by Marking this question as answered but I cannot do it. Weird!
如果可以,请将答案标记为正确.
Please Mark the answer as correct if you can.
这篇关于为什么授予“allAuthenticatedUsers"成员“云函数调用者"角色不适用于谷歌云函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!