Hi community, I’m currently trying to integrate a Google Cloud Function with my Bubble.io application, but I’m encountering a 401 Unauthorized error when attempting to invoke the Cloud Function.
Current Setup:
Cloud Function:
Deployed via Google Cloud Functions.
The function is accessible via the URL: https://us-central1-esghgprototype.cloudfunctions.net/function-1.
I have set the function’s permissions to allow all users (using the Cloud Functions Invoker role) to call the function.
Permissions:
The service account used to call the Cloud Function has the Cloud Functions Invoker role attached.
The function is set to be publicly accessible, and permissions have been verified for the service account as well.
Authentication:
The API call is being made from a Bubble.io API Connector using the Google service account’s JSON key for authentication.
The key has been correctly configured in the API Connector, and I’m using the appropriate Authorization header with the Bearer token.
I’ve ensured that the function’s permissions are configured correctly, and the service account has the correct roles.
Current Behavior:
The API call returns a 401 Unauthorized error with the message: “Your client does not have permission to the requested URL /function-1”.
When manually visiting the Cloud Function URL in the browser, I see the error: “Error: Forbidden. Your client does not have permission to get URL /function-1 from this server.”
What I’ve Tried:
Ensured the Cloud Function is publicly accessible with correct permissions (Cloud Functions Invoker).
Don’t add authorization to your call. This create a duplicate of the authorization automatically added by Bubble with the JWT
Take note that the JWT token you get from the google cloud console may need to be modified (I don’t remember exactly what you need to do… but I can check later. It was related to new line characters)
I removed the header “Authorization” and it still return the same error
The JWT generated from Google Cloud will need to have no extra spaces, line breaks, or \n characters in the key. It should be a clean, multi-line string; it is modified already in this case
Try first to do a easy get call. Often, this is easier to test.
You can also try to send the call to a requestbin (or similar) tool just to see if you was able to get the token as it should. If not, the problem is in the JWT part or settings in google cloud console
I am having the same issue. I can make the calls from my local system but Bubble can’t reach the endpoint. I have replaced \n in the private key - what else needs to be done to it?
For me, I think that this may have to do with the issue of needing an ID token vs. access token. I don’t need a scope - instead I need to specify the audience. I am not sure if there is a plugin to do this or if something else is needed.
This is for a cloud run service. I need an ID token, not access token. I don’t see a plugin for this I am writing one which is analagous to the “JWT AccessToken for Google” plugin, but for ID tokens instead of access ones. It’s private and I’m testing it…
For Cloud Run you use a service account to invoke the endpoint. I am not sure I am using the words quire right, but you have an IAM identity and the service account has privileges to invoke cloud run services. Then you generate the JSON key file for the account, but you need an ID token - and to pass the service’s URL to get it. There is no ‘scope’.
This isn’t to access an account. It’s to trigger a service which can do almost anything you define
