问题描述
根据 Google 文档,allAuthenticatedUsers"成员将包括经过身份验证的任何人,包括常规 gmail 帐户.所以我给了那个成员云函数调用者"角色,认为任何经过身份验证的用户都应该能够调用我的谷歌云函数.那是行不通的.我得到以下结果:
According to the Google documentation, The 'allAuthenticatedUsers' member would include anybody that is authenticated included regular gmail accounts. So I gave that member the 'Cloud Functions Invoker' role, thinking that any authenticated user should be able to invoke my google cloud function. That is not working. I get the following results:
错误:禁止您的客户端无权从此服务器获取 URL/function-1.
Error: Forbidden Your client does not have permission to get URL /function-1 from this server.
我已经证明,如果我将Cloud Functions Invoker"角色授予allUsers",则可以调用该函数.所以我知道该功能有效(它是谷歌云创建的默认功能).
I have proven that if I grant the 'Cloud Functions Invoker' role to 'allUsers', then the function can be invoked. So I know the function works (it is the default function that google cloud creates).
那么为什么不授予allAuthenticatedUsers"成员Cloud Functions Invoker"角色对谷歌云功能起作用?我错过了什么?
So why doesn't granting 'allAuthenticatedUsers' member the 'Cloud Functions Invoker' role work for google cloud functions? What am I missing?
谢谢
推荐答案
正确答案
这要归功于约翰·汉利.我需要在不记名令牌授权标头中使用 id_token 而不是我的 access_token.
Credit goes to John Hanley. I needed to use the id_token instead of my access_token in the bearer token authorization header.
我不确定如何将此问题标记为已回答.我无法接受评论,也无法接受自己的回答.我的目的是通过将此问题标记为已回答来帮助有相同问题的其他人,但我不能这样做.奇怪!
I'm not sure how to mark this question as answered. I couldn't accept the comment, nor could I accept my own answer. My object is to help others who are having the same question by Marking this question as answered but I cannot do it. Weird!
如果可以,请将答案标记为正确.
Please Mark the answer as correct if you can.
这篇关于为什么授予“allAuthenticatedUsers"成员“Cloud Functions Invoker"角色不适用于谷歌云功能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!