Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
757 views
in Technique[技术] by (71.8m points)

oauth - Securely calling a Google Cloud Function via a Google Apps Script

How can I securely call a Google Cloud Function via a Google Apps Script?

? I have a Google Cloud Function, which I can access at https://MY_REGION-MY_PROJECT.cloudfunctions.net/MY_FUNCTION, and which I would like to allow certain users to invoke via an Apps Script.

? To secure the Cloud Function, I have set Cloud Function Invoker to only include known email (e.g. USER@COMPANY.com, where this is a valid Google email).

? I am able to successfully invoke the Cloud Function via curl, while logged into gcloud with this email, by running: curl https://MY_REGION-MY_PROJECT.cloudfunctions.net/MY_FUNCTION -H "Authorization: Bearer $(gcloud auth print-identity-token)".

? I have granted the following oauthScopes in my Apps Script's manifest:

  • "https://www.googleapis.com/auth/script.external_request"
  • "https://www.googleapis.com/auth/userinfo.email"
  • "https://www.googleapis.com/auth/cloud-platform"

?? However, when I attempt to invoke the Cloud Function via a Google Apps Script, while logged in with the email USER@COMPANY.com, I am unable to invoke it and instead returned a 401. Here is how I have attempted to invoke the Cloud Function:

const token = ScriptApp.getIdentityToken();
const options = {
  headers: {'Authorization': 'Bearer ' + token}
}
UrlFetchApp.fetch("https://MY_REGION-MY_PROJECT.cloudfunctions.net/MY_FUNCTION", options);

?? I have also tried the following:

  • Using ScriptApp.getOAuthToken()
  • Adding additional oauthScopes, e.g. openid.
  • Creating an OAuth Client ID with https://script.google.com set as an Authorized Javascript origin.
  • Deploying the Apps Script.
  • Crying out to the sky in utter, abject despair
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...