Reputation: 178
How to call a Firebase Function from Cloud Tasks in a secure manner?
I followed the Google sample code in Using Cloud Tasks to Trigger Cloud Functions. I can add the task to the queue as a HTTP request using an OIDC token config with a working service account email and audience (Cloud Tasks library doesn't allow you to post invalid configs), but when the task is being processed it fails with authentication error.
First of all, I had to modify the sample code so that the audience is the Firebase project id, as that was the first thing Firebase complained about. Once I fixed that I started getting errors about invalid issuer. You cannot set the issuer in the oidcToken config, so it's a dead end.
Has anybody been able to make Cloud Tasks work with Firebase Functions?
Upvotes: 3
Views: 629
Answers (1)
Reputation: 178
Was able to resolve this.
First of all, I was using onCall in my Firebase Function, when the correct function to use is onRequest. I would assume the former uses Firebase SDK access tokens to authorize the caller, when the latter uses service tokens.
The second issue I had was that the audience needs to be the complete function URL, not the origin of the URL as the docs say. After this all is well.
Upvotes: 3
Related Questions
- how to increase the security of my callable cloud function?
- creating Google Cloud Task in a firebase function
- Permission Denied when calling a Firebase Cloud Function from Cloud Tasks
- Protect Firebase callable functions from man in the middle
- Pass data from cloud task to a firebase cloud function - currently getting an error
- how to Invoke a firebase callable function from firebase https function with authentication?
- passing sensitive information to Firebase Cloud Functions using parameters
- Secure HTTP trigger for Cloud Functions for Firebase
- Make HTTPS call within Firebase Function
- Securing Firebase HTTP onCall-Functions