Authentication with Service Account
An authentication mechanism might be good for Cloud Functions. Pub/Sub for example checks the requests sent by client and return appropriate error message. But for functions, there is no authentication mechanism. Now, we're using the auth barear taken from pub/sub service account and verify the scope and ID of the token. It can be implemented in the service level, not by end-users.