I built a sample container(sample of Go, https://cloud.google.com/run/docs/quickstarts/build-and-deploy) and deployed to cloud run (I unchecked "allow unauthenticated invocations").
However, when I open the endpoint URL of my service, I get a 401 page,
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>401 Unauthorized</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Unauthorized</h1>
<h2>Your client does not have permission to the requested URL <code>/</code>.</h2>
<h2></h2>
</body></html>
- According to the official document (https://cloud.google.com/run/docs/securing/authenticating#developers), I used this command.
curl -H "Authorization: Bearer $(gcloud config config-helper --format 'value(credential.id_token)')" [SERVICE_URL]
- My user account has "roles/run.invoker"
- When I checked "allow unauthenticated invocations", I got an expected result.
Is there anything to open the endpoint?
gcloud auth list? The account with the asterisk must be authorized in Cloud Run. You can also rungcloud config config-helperand double check thecore/accountproperty. – John Hanleycurl -vto see the headers? One of the headers is supposed to tell you what went wrong. – Ahmet Alp Balkangcloud auth listandgcloud config config-helper– shino