0

I am trying to call a google cloud function on the In Contact Studio to fulfill a logic in my IVR Call, but I am unable to do that as I have closed public access to my cloud function, and now I am not getting a way how to authenticate the call. I tried using the command gcloud auth print-identity-token to get a ID_TOKEN But this ID_TOKEN will be refreshed every time and I can't use this again and again, so is there any way that I can generate a ID_TOKEN every time I try to call this function using a simple API Call??

OR

Is there any other way to solve my problem?

Ways I have Tried :-

I have gone through this Documentation:- https://cloud.google.com/functions/docs/securing/authenticating#end-users

and I was using the access style of End-User But it is a way in which the access token was getting generated via login using browser, I want to do everything via code, cause it will be used as a backend code for IVR(call facility for assistance in various tasks), in this method also we get a access token and not a ID_TOKEN, whereas to invoke a function we need a ID_TOKEN and not a access token.

Secondly I tried the gcloud auth print-identity-token command on the google cloud shell where i was logged in with my google account so it generated the JWT token and I used it as a bearer token and the function worked, but how can I generate the token outside GCP or get the on frequent intervals via code.

I want a program way(NodeJS) of doing this and not a UI way, cause I need to attach this with backend of my program, and all the ways I have gone through on the internet have the only way is through UI, and none of them have a program way for outside GCP environment, so i need help on this scenario.

Ravi Kumar Singh
  • 13
  • 4
  • Yes and Google has documentation with examples in several languages. Google search. Stackoverflow has numerous questions with answers. There are also maybe a hundred how-to articles on this topic on the Internet. Show the research that you did. – John Hanley Mar 12 '21 at 21:18
  • In addition, you can also perform what you tried and where you are stuck. There is several options and it could be great also to share your security constraints (if any) – guillaume blaquiere Mar 12 '21 at 21:47
  • Hey, @JohnHanley , I have updated the question with the 2 ways I have tried, can you please help me on this – Ravi Kumar Singh Mar 13 '21 at 07:37
  • Hey, @guillaumeblaquiere , I have updated the question with the 2 ways I have tried, can you please help me on this – Ravi Kumar Singh Mar 13 '21 at 07:37
  • Google has example code: https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_service_account – John Hanley Mar 13 '21 at 07:43

1 Answers1

1

As John said, you can use the Google Doc code example to perform an URL call: The library generate a secure HTTP client to generate request to your endpoint.

If you want to generate the token and use it by yourselve, you can use this piece of code

    const {GoogleAuth} = require('google-auth-library');
    const auth = new GoogleAuth()
    auth.getIdTokenClient("").then(client => {
        client.idTokenProvider.fetchIdToken("audience").then(token => {
            console.log(token)
        })
    })
guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
  • the token generated by this code is not working to invoke the function, I have given the invoker role to the service account which I am using to generate the token, any idea why is it so? – Ravi Kumar Singh Mar 15 '21 at 04:31
  • This token worked for my private cloud functions. Did you change the audience with the cloud function URL? Did you set service account key file path in the `GOOGLE_APPLICATION_CREDENTIALS` environment variable? – guillaume blaquiere Mar 15 '21 at 07:45
  • Will this token be valid even after the GCP resource (e.g. cloud function) which generated the token is deleted? In other words, can this script be considered as a stepping stone to get the token? – kyuden Apr 15 '23 at 16:19