-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
App Engine can't call Cloud Functions with Example code #1508
Comments
Hey @mheripsos, Thanks for your patience and details - let's get this resolved for you. First thing: Cloud Run and Cloud Functions require OpenID Connect (OIDC) tokens (ID tokens) (ref: https://cloud.google.com/docs/authentication/use-cases#run-functions). This is likely why your Second: |
Hi @danielbankhead, thanks for the response. You'll have to bear with me a little as my understanding of auth stuff isn't totally solid here. I think I had misunderstood what the The rest of my understanding of your post and links (again, a little shaky here), is that there is actually no class/method in the library that will let me do a It's also been a while, so I don't really remember how I got to the point I did, but it was after trying a bunch of stuff and ending up with a sort of hacked together solution above. I guess what I wanted to get out of this was "Is there some sort of documented (intended) way I could do this to cover both cases?" The solution I ended up with gives me strong "I'm doing something wrong" vibes. In any case if you want to respond with more information, you can and I would appreciate it. But it's not a big deal and you can close the ticket. |
That's correct - nothing local at the moment until #876 is resolved (unless you're interested in the service account impersonation, which then For now, it might be easiest to use the IDTokenClient sample on the server-side, while falling-back to your |
I'll close this issue as #876 is the root feature request. Please follow along there! |
Is this a client library issue or a product issue?
Definitely seems like a client library issue.
Did someone already solve this?
Not this specific issue it doesn't seem like it.
Do you have a support contract?
Yes, but I already have a work around anyway, and don't need a timely response., and it definitely seems like an issue with this library from what I can tell.
If the support paths suggested above still do not result in a resolution, please provide the following details.
Environment details
google-auth-library
version: 8.7.0I am trying to make a call from App Engine to an http Cloud Function using the example code in this library.
There actually two separate issues which are that the example code for using Application Default Credentials does not appear to work for me neither in 1. a local environment nor in 2. App Engine in the cloud itself.
I could not get any of the client library
request
methods to work correctly locally and have to use afetch
like method directly. Because afetch
works, but therequest
methods don't, it seems highly likely that this is an issue in this library itself.Steps to reproduce
Set up Cloud Function:
plain index.js:
Deploy Cloud Function:
gcloud functions deploy repro --region=us-central1 --runtime=nodejs16 --source=./function --entry-point=respond --trigger-http --vpc-connector=projects/<MY_PROJECT_ID>/locations/us-central1/connectors/<MY_VPC_CONNECTOR> --ingress-settings all --egress-settings all
Run Express Server Locally:
Visiting the page results in the following response from the call:
The workaround:
I tried almost every possible example case given in the README but could not get any of them to work (usually getting a 401 like above with the same "The access token could not be verified" message. The only way I could get it to work was to make an HTTP call directly outside of the client library and stuff the token into the headers. I mean that I had to use a
fetch
equivalent to (I'm guessing) bypass the over-riding logic in the client libraryrequest
calls.However, neither the example code nor the above workaround works in deployed-to-App-Engine code. There, in the deployed code, I had to do two things:
The example in (1) does not work locally, but does work on deployed-to-App-Engine
I am kind of confused with (2) above, but deploying with the following in the app.yaml will prevent this from working:
If anything, I imagined that that setting would be necessary, but it actually prevents the fix.
In any case, because I have fixes for both cases, things are ok. But either the documentation is unclear on how to use these classes/methods, or there is some sort of bug in the
request
methods that does not work for Cloud Function urls.This may also be related to issue #1432.
The text was updated successfully, but these errors were encountered: