I have written a cloud function which adds some data into firestore using nodejs. In order to secure this function, I have changed the permission of this cloud function from allUsers to a service account. I would call this function from console side say on a click of a button. Now in order to authenticate it through a service account I have written another cloud function which accepts the requests coming from the console of a loggedin user with the url(sent as request body) of the actual cloud function to be called. This middleware cloud function, will internally call the actual cloud function with the help of Google client libraries. The following link contains how to authenticate a cloud function through service account. I have taken this code and put it in the middle ware cloud function

https://cloud.google.com/functions/docs/securing/authenticating#generating_tokens_programmatically

Now the problem is this Middleware cloud function will have permission set to allUsers as it is getting called from console. This defeats the purpose of using service account. I have tried changing the allUsers permission to allAuthenticatedUsers. Doing this shows the same message shown for allUsers- "Are you sure you want to make this resource public?"

Is there a way to solve this problem by changing the permissions set to that google cloud function (middle ware) or is there any work around solution or any other solution?

I have been searching for it but I am not able to find anything. Any thoughts or solutions for this problem would be appreciated!

Is there any problem with using allUsers permissions? I mean does Google (gcp) mention that it is okay?

Can we call the Google client library code from the link pasted above from console side rather than creating a cloud function on server side? But the service account json file should not be used directly.