-1

On the Identity Platform section in the Google Cloud Console on the settings page and the triggers tab I added a cloud function named before-signup to the before creation trigger. But I keep getting an error when creating an account

BLOCKING_FUNCTION_ERROR_RESPONSE : HTTP Cloud Function returned an error
403 Forbidden
Your client does not have permission to get URL before-signup from this server

So how do I know which service account is associated with identity platform? And how do I give the identity platform service account permission to call the cloud function?

anonymous-dev
  • 2,897
  • 9
  • 48
  • 112

1 Answers1

0

To resolve the error "HTTP Cloud Function returned an error 403 Forbidden, Your client does not have permission to get URL before-signup from this server", you need to grant the Identity Platform service account access to the Cloud Function. Here are the steps to grant the access:

  • Identify the service account: To identify the service account associated with the Identity Platform, navigate to the "IAM & admin" section of the Google Cloud Console, and then search for "Identity Platform" in the member filter. The service account associated with the Identity Platform will be listed as a member.
  • Grant the access: To grant the service account access to the Cloud Function, add the service account as a member in the Cloud Function IAM section and assign the "Cloud Functions Invoker" role to the service account.
  • Deploy the updated IAM configuration: Once you have granted the access, make sure to deploy the updated IAM configuration by clicking the "Save" button in the IAM section of the Cloud
    Function.

This should resolve the error and allow the Identity Platform to call the Cloud Function. Refer to this Google Cloud Functions Error: Forbidden

Hemanth Kumar
  • 2,728
  • 1
  • 4
  • 19
  • Step one has a problem, the filter never finds anything related to Identity Platform which is what I was experiencing before also. – anonymous-dev Jan 31 '23 at 13:55
  • 1
    Step one works only when you enable [identity Platform API](https://cloud.google.com/identity-platform). can you have a check once and refer to this [doc](https://cloud.google.com/identity-platform/docs) about identity platform. – Hemanth Kumar Feb 01 '23 at 05:14
  • Identity platform was enabled. – anonymous-dev Feb 05 '23 at 19:40
  • A service account for identity platform either does not exist or the filter can't find it. I suspect it's the firebase service account. But granting those accounts access doesn't solve the issue. The only thing that solves the issue is giving all users access. Which is ofcourse a security issue. – anonymous-dev Feb 05 '23 at 19:42
  • 2
    The answer has not helped, because the filter won't pick up on the service account. Have you tried it yourself? – anonymous-dev Feb 17 '23 at 06:45