What's the right authentication setup for a transform Cloud Function endpoint?

[derFunk]

Hi there,

maybe I'm missing something, but currently it seems that the transform Cloud Function endpoint is called by Algolia without any authentication: See transform.js.

I tried giving ext-firestore-algolia-search@{project}.iam.gserviceaccount.com Cloud Functions Invoker permissions, but that did not help.

The result was a 403 with reason: Unexpected token < in JSON at position 0 at ... as in https://github.com/algolia/firestore-algolia-search/issues/132, due to Firebase returning HTML for the error message ERROR 403 (FORBIDDEN): Your client does not have permission to get URL /transform-function-name.

Only giving Cloud Functions Invoker role to the allUsers principal on my transform cloud function worked eventually, but that's pretty insecure since the endpoint is now public.

Any pointers?

[smomin]

The Transform Firebase Function should be set up to unauthenticated users.

[smomin]

Closing this issue since the question has been answered.