Hey everyone,

I’m trying to invoke a Google Cloud Function via HTTP POST. This function requires authentication, providing a bearer token. For testing, we would generate a token manually and paste it as a header in our HTTP POST module in Make, and it worked.

The problem is these tokens expire after 1 hour. I’m aware that you can generate or refresh tokens programmatically in Python, however, we cannot run any code in Make right now (I think some services allow this, but we don’t have them).

Also, we don’t want to allow public access to the function.

I’d like to know if there is any way I can generate/refresh the necessary token in Make, or if I can invoke the function with a different authentication method that is compatible.

Welcome to the Make community!

How to create an OAuth app in GCP: https://www.make.com/en/help/tutorials/calling-google-apis-via-the--http-make-a-oauth-2-0-request--module ← FOLLOW THIS

1a. Enable the relevant API

Find the relevant API here: Google Cloud console
Go to API page, end click “Enable”

1b. Add the relevant scopes

Direct Link: https://console.cloud.google.com/apis/credentials/consent/edit

Screenshot_2024-04-08_2104501476×1156 182 KB

2. Insert all the known Google Redirect URIs for your app

Direct Link: https://console.cloud.google.com/apis/credentials

Here are some known redirect URIs you need for your Google Cloud Console OAuth app. If you set these up, you can reuse the same GCP app for other Google apps and modules on Make.

488×581 35.4 KB

Once you’ve set these up, you can use/reuse the same Make connection for all the supported Google apps & modules on Make - you’ll only have to enable the APIs for your custom app.

3. Publish your GCP OAuth2 app

Direct Link: https://console.cloud.google.com/apis/credentials/consent

You might need to set your OAuth application to “Production”, otherwise the credentials expire very frequently.

1. To do this, go to menu item “OAuth consent screen”

or click here https://console.cloud.google.com/apis/credentials/consent

575×505 33.6 KB

2. Then click the button below if the Publishing status is not “In production”

1002×683 45.6 KB

4. Set up connection (HTTP OAuth, or respective Google App)

A. HTTP OAuth2

You need a “Authorize parameters” key of redirect_uri with the above Make OAuth2 callback URL.

597×904 61.2 KB

You can find the Client ID and Client Secret in the OAuth2 app you created in GCP, on the right-hand side of where you inserted the 8 callback URLs in step 2:

708×401 44.2 KB

B. Google App

Insert the GCP app client ID and secret here BEFORE clicking “Sign in”
Gmail example:

Screenshot_2024-05-03_120508525×643 65.1 KB

samliew – request private consultation

Join the unofficial Make Discord server to chat with other makers!

Could you please provide the header of the call you made? Did you use de Athorization header, true?

To call google function you need identity token not an access token.
I achieved making authorized calls to a google fucntion by creating custom app in make which creates self signed jwt token and exchanges it for identity token of service account needed to call google function. It uses service account credentials for connection.
samliew solution may be possible with service account impersonation but I’m not sure it’s any easier to implement as i have no idea how to implement it.

Thanks for the info @Mikhail_Oskola. I don´t have enterprise so I can´t generate a self signed JWT (because I can´t run python). I will look how to do it by account impersonation as you said. Thanks in advance.
Another solution should be to use a OAuth call, but as far as I know, calling Google cloud functions is impossible by OAuth.

You do not need enterprize to create cutom app in make. And in custom app you can use jwt() and createJSON() functions.

Here are some resources on how to create custom apps (integrations) on Make:

Partner Training & Custom Apps

• Make Partner Training Portal
• Custom Apps / App Builder

Hope this helps! Let me know if there are any further questions or issues.

— @samliew

Thanks but as I see it doesn´t seem so easy to do (see: JWT RS256 Signing Issue)

• In Make.com documentation does not seems that parameters of jwt() function are well explained. For example the secret. A JSON? A plain text?

I will throw parts of my custom app code that I use to invoke google functions. It’s bad but it is internal tool so nobody cares. You can look how i implemented jwt here.
base.txt (953 Bytes)
base-common_data.txt (25 Bytes)
connection-comm.txt (1.8 KB)
connection-params.txt (609 Bytes)
module1-comm.txt (516 Bytes)
module1-params.txt (125 Bytes)

Thanks so much for your code & your help @samliew

I´ve created my custom app using it.

NOTE: Connection must be OAuth 2 (authorization code) type

NOTE: If this error shows “Function ‘jwt’ finished with error! error:0908F066:PEM routines:get_header_and_data:bad end line” then it has to do with the value provided (in the scenario) in the private_key field and the carriages return.

• Solution 1 (better) in make scenario, in connection popup window, for private_key you must provide a multiline text but with Linux style new lines, not Windows style ones. This means getting rid of all “\n” in the JSON provided by Google and substituting them with new line feeds speacial characters
• Solution 2 (worse) creating a variable in “common” part of CONNECTION and reading the private_key value from there (with appropiate \n"), thus not using parameters.private_key

And, yesss, finally working the call to the cloud function