Firebase Authentication with Cloud Functions Fails: "The request was not authenticated"

Question

I am developing a React application that needs to call a python Google Cloud Function get2 secured by Firebase Authentication. However, when I try to invoke the Cloud Function, I receive an error stating: "The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header." If I allow unauthenticated invocations, everything works fine, but I would like to allow only authenticated users to be able to invoke the cloud function. The cloud function has the role Cloud Functions Invoker assigned to allAuthenticatedUsers, and in cloud run (because it is gen2) in the security tab I selected Require authentication. Here is the snippet from my react component:

const callCloudFunction = async () => {
    try {
      if (!auth.currentUser) {
        throw new Error("User not authenticated");
      }
      const helloWorld = httpsCallable(functions, 'hello_world');
      const response = await helloWorld();
      console.log(response.data);
      setResult(response.data);
    } catch (error) {
      console.error("Error calling Cloud Function:", error);
      setError(error.message || error.toString());
    }
  };

I have also tried to add a token id as follows:

// Get the ID token
            const token = await auth.currentUser.getIdToken();

            const helloWorld = httpsCallable(functions, 'hello_world', {
                // Include the Authorization header with the bearer token
                headers: {
                    Authorization: `Bearer ${token}`
                }
            });

But with no success. Thank you in advance.

EDIT: Here is some additional information on the configuration of the cloud function/cloud run and firebase:

Cloud run permissions: (Cloud Run -> select the service -> Permissions)

Cloud run security Authentication: (Cloud Run -> click on the service -> Security tab)

Cloud function permissions: (Cloud Functions -> select the cloud function -> Permissions)

From this, if I change the Cloud run security Authentication to "Allow unauthenticated invocations", everything goes fine, but it is probably because there is no authentication and the cloud function is public. However, on the other hand if I keep it to "Require authentication", I see this in the cloud run logs:

In Firebase, the authentication method enabled is Email/Password, and currently there is one created user. I am able to log in with firebase authentication just fine, but I am not able to make authenticated calls the cloud functions.

Answer 1

Cloud Run services are deployed privately by default, which means that they can't be accessed without providing authentication credentials in the request. These services are secured by IAM. By default, services are only callable by Project Owners, Project Editors, and Cloud Run Admins and Cloud Run Invokers. You can configure IAM on Cloud Run services to grant access to additional users.

Common use cases for authentication include:

Allowing public (unauthenticated) access: unauthenticated service invocations are allowed, making the service publicly accessible.

To integrate Firebase, you should set up Cloud Run to allow public (unauthenticated) access. Afterward, manage security and authentication within Cloud Run/Cloud Functions using callable functions