Authentication with Service Account
An authentication mechanism might be good for Cloud Functions. Pub/Sub for example checks the requests sent by client and return appropriate error message. But for functions, there is no authentication mechanism. Now, we're using the auth barear taken from pub/sub service account and verify the scope and ID of the token. It can be implemented in the service level, not by end-users.
Andrew Harding commented
Totally agree - microservice architecture using CF is a common design pattern & authentication using IAM more difficult than needed. Be great to have simple library to invoke functions securely e.g cf.invoke(function_name)