I have been struggling for a couple of days working with Google Cloud Scheduler and Cloud functions for a project I’m working on. I’ve been working with functions for a while now. It’s a good idea to secure all your functions so that only other cloud services can access them. This can be done using a service account and OIDC tokens. Following the guide, Use Cloud Scheduler to invoke private Cloud Functions with OIDC, I built the same demo function as the article and everything worked fine.

The error – status: Unauthenticated

As soon as I followed the exact same steps for my own function, nothing I tried, no matter which troubleshooting guide I followed. All I got was the following.

status: "UNAUTHENTICATED"

The difference

There was a difference between my function and the example functions. Every example uses POST methods on their cloud functions. For my purpose, I’m using GET. When you create the scheduler job, you have various fields you need to fill out. You provide the URL, auth header, service account and Audience. The audience note says if not specified, it’ll use the URL.

The Fix

If you don’t specify the audience field at creation without any parameters, it’ll take your get parameters and put them into the audience field. This is the problem. Remove all parameters from your audience URL, update the function, and you’ll no longer get the error.