Auth issue when Cloud task invoke cloud function

maninder · 09-12-2023 03:39 AM

Hi,

I tried to execute cloud task to invoke cloud function, but failing at authentication issue. My cloud looks like this:

url = `https://${location}-${projectId}.cloudfunctions.net/agentSendActivationMessages`;

// TASK code:

const task: protos.google.cloud.tasks.v2.ITask = {

httpRequest: {

httpMethod: protos.google.cloud.tasks.v2.HttpMethod.POST,

headers: {

"Content-Type": "application/json",

},

url,

oidcToken: {

serviceAccountEmail:

"cloud-tasker@<project-id>.iam.gserviceaccount.com",

audience: projectId,

},

body: Buffer.from(

JSON.stringify({

data: payload,

}),

).toString("base64"),

},

scheduleTime: {

seconds: 30 + Math.ceil(Date.now() / 1000),

},

};

In IAM, the service account "cloud-tasker@<project-id>.iam.gserviceaccount.com" have following permissions/roles:

- Cloud Functions Invoker

- Cloud Tasks Enqueuer

- Service Account Token Creator

- Service Account User

In functions, "agentSendActivationMessages" have following principle:

- allAuthenticatedUsers

Could you please guide me, how can I fix this service to service communication authentication issue on the GCP ? After reading the documentation and others view over the internet, I'm really confused about the "audience".

Thank you in advance.

robertcarlos

Hi @maninder,

Welcome to Google Cloud Community!

Can you provide the specific error message that you're getting? Also, can you check if the following links address your concern?