Using a cloud function with Pub/Sub - google-cloud-functions

I created a simple cloud function from a template and it got assigned a url as a trigger https://us-central1-myapp-dev.cloudfunctions.net/naguib-testing
Then I created a Pub/Sub Topic and tried to subscribe that url to it but I got an INVALID_ARGUMENT error appear on the console screen.
I went through a similar SO question where the solution is to verify that I own the domain I am trying to connect to, but I don't own cloudfunctions.net :/
I can't understand how that's not supposed to work or what should I be doing?

Cloud Functions can be created as HTTP functions (as you did) or as Background functions. The latter is automatically invoked via a message on a Google Cloud Pub/Sub topic for example. I believe this is exactly what you'd need here.
However, if for some reason you do prefer to use your HTTP function as Pub/Sub push endpoint, you may be interested in this SO answer, where the site verification is done via an HTML tag.

Related

unable to test google assistant action on web simulator (Error Cloud function deployment failed. Dismiss)

Hey Respected Community!
I started learning to create google actions.
so i created very basic google action. which invokes by 'hey google talk to Doctor Strange'
and after adding 1 more transition which displays suggestion. I saved it and trying to test it.
but continously getting error.
cloud function deployment failed.
i am continously trying to test it but getting error.
Can anyone help me what i am missing?
thanks in advance
As you surmise in your comments, using the Inline Editor for the webhook fulfillment requires you to have billing enabled for the cloud project it is attached to. (This is because it uses Cloud Functions for Firebase under the hood, and this requires billing to be enabled, even if you limit yourself to the free tier.)
You don't need to use the Inline Editor, or even Google Cloud Functions, for your webhook. All you need is a public HTTPS server that can accept and respond with JSON.

What user data does the Google OAuth2 scope script.external_request give access to?

I'm attempting the verification process for an Apps Script web app that uses the URL Fetch service via class URLFetchApp. Per URLFetchApp documentation, this requires the scope https://www.googleapis.com/auth/script.external_request. I can't find any Google documentation for this scope, and it doesn't appear on this list of OAuth2 scopes. I'm having a hard time demonstrating how my app uses the data provided by the scope when I don't actually know what user data the scope provides. I mean, I don't think I'm using any user data... I'm just calling API executable functions from another Google Apps Script project.
What user data is this scope giving me access to? Or do I just need to explain why/how I'm using URLFetchApp?
If you head over the editor dashboard of your script, you will see further information about this scope stating :
Connect to an external service under project OAuth scopes.
Moreover, when you run your script for the first time, the permissions it is asking for are:
Create a network connection to any external service (e.g., to read or write data)
Therefore, despite not having much more description in the documentation (just in UrlFetchApp), I don't think you are using any user data apart from getting the user to use your script and connect to an external service.
I hope this has helped you. Let me know if you need anything else or if you did not understood something. :)
According the documentation if you wish to use UrlFetchApp Service then external_request is the scope you'll have to add to you manifest. Like it or not.
UrlFetch Service

How to debug server-side `redirect_uri_mismatch` error from Google Signin

I'm attempting to use Google Sign-In with a firebase function following Google's documentation for Google Sign-In for server-side apps, however I'm running into a redirect_uri_mismatch error (unlike the examples in that documentation, I am using Google's nodejs SDK).
The general flow I'm following is to use google's javascript SDK to request an offlineAccessCode() from a user, send that access code to the server (firebase function), use the access code to get an access token and refresh token, and save the refresh token for later use (this is the flow outlined in the documentation).
It might seem like the meaning of the term redirect_uri_mismatch is self-explanatory, but, as stated in the linked documentation, The Authorized redirect URI field does not require a value. Redirect URIs are not used with JavaScript APIs. That line comes from the section "Step 1: Create a client ID and client secret" and is explaining how to configure the OAuth client credentials. This is the only time in the documentation that a redirect uri is mentioned, and there is no indication that a redirect URI is needed when the server uses the authorization code to fetch an access token.
Indeed, the concept of a redirect uri doesn't seem to make sense in the context of a cloud function using an access code obtained from a client. If the server needs to supply a matching redirect_uri as the javascript client (which doesn't seem to be specified anywhere), I'm not sure what redirect_uri the javascript client uses.
So with that background, does anyone have any idea how to solve this redirect_uri_mismatch error?
Or, more generally, any pointers on implementing this auth flow (my cloud function is written in javascript using the google nodejs sdk). I'm finding it very hard to debug this issue.
Update
I realized that the reason why the error message says redirect_uri_mismatch is because I had been testing various values as redirect_uri. When I remove the (optional) redirect_uri param from the request, the response from google's servers is invalid_request: Missing parameter redirect_uri. So google's making it clear that it wants a redirect URI, even as the documentation seems to imply that it isn't necessary for this auth flow. As a larger problem, the documentation doesn't seem to describe how to set up a redirect URI for an auth flow on a single page app.
Ah HA! The answer (as given in this other S.O. answer) is to set the redirect_uri to "postmessage" on the server (firebase function in my case). I have no idea where this answer came from (i.e. I haven't been able to find it in the docs), but it works.

Google HTTP Cloud Function returns 403

I use serverless framework to manage my cloud functions. Some of them are of HTTP type. Recently, all the HTTP functions started to fail with 403 error. No matter if you enter a URL in a browser or trigger it with the cloud scheduler. The only place where it works is the testing tab of the function in the cloud console, when you click the "Test the function" button.
So, I did not find the reason for the error but it fixed with removing the function and redeploying it.
serverless remove
serverless deploy
Is it possible that the Identity Aware Proxy has been enabled for the Cloud Function URLs? If you navigate to Cloud Console and then to "Security" and "Identity-Aware Proxy", you should be able to see the IAP settings and whether the Cloud Function is being protected by IAP.
If that is not the cause, I would advise putting some logging in your function that would make it clear whether the function is getting called and then returning a 403 somewhere within the execution of the function (indicating a problem with the function, itself, rather than the identity infrastructure) or if the function is never getting called (the 403 is being produced outside of the Cloud Function), in which case you may need to reach out to Cloud Support for help with this (if IAP isn't the cause).
Google Cloud Functions added some new IAM functionality, not sure how recently, and now new functions don’t have public access by default.
Incase someone else comes here I thought I'd share this information here.
To allow your function to be invoked you first have to add permissions to the function, you can do this by selecting the function in the functions list and adding allUsers to the Cloud Invokes role, you can see the step by step at:
https://lukestoolkit.blogspot.com/2020/06/google-cloud-functions-error-forbidden.html

"Actions-on-google:error No user object" issue

I have lately been experimenting around (as a noob!) with Webhook. However, I seem to be stuck with an "actions-on-google:error No user object" issue.
Would appreciate if you could reach out and lend a hand please.
firebase log
index.js
The inline editor uses Firebase Cloud Functions and the issue is that Firebase isn't allowing you to make external requests ( EXT_PRAYER_TIME_API_URL = ...) with the current plan (see Cloud Function Pricing). You need to setup a billing account with your project and change your plan to one that allows you to make outbound requests.