I did grossly miss something.

I needed to disable the function-level authorization. The errors I got came from the missing function key which I didn't provide. Once I switched to Anonymous but activated the OpenID-authorization, the Function call was successfully executed when the correct bearer token was set.

I cannot explain where the EasyAuth warnings came from but I've experimented a lot, so maybe they were a legacy from some earlier experiment. Question closed.