Hello jaimescose,
According to your question, what permissions or token validation is used for a WebHook reporting with Cloud Function. I'd like to share with you some information with Google documentation to try to clarify it.
Existing documentation seems to indicate that IAM can be used to manage authorization without supplying a token to the request, "Unauthenticated access without an ID token is possible, but must be enabled. See Using IAM to Authorize Access for more information."
- Create a function, select "Require authentication. Manage authorized users with Cloud IAM".
- Click the link to execute the function.
In case that you can not obtain the access using IAM to Authorize Access, you can try with several solutions based on your use case for the Cloud Function:
1.Allow public (unauthenticated) access to all users for the specific function.
2.Assign the caller the Cloud Functions Invoker Cloud IAM role for all functions.
With the advent of Cloud Functions 2nd gen, there are few notes to take note of Cloud Functions 2nd generation is based on Cloud Run service , as such, certain Cloud Run permissions are required for deploying and invoking 2nd Gen Cloud Functions, if the function was configured to "require authentication". I can confirm that you are using Cloud Functions 2nd gen, hence kindly try to add the Cloud Run Invoker (roles/run.invoker) role to the account that is invoking Cloud Function.
I hope you find this information helpful.
LinkedIn
Twitter
