How to authenticate IOT devices to Google Cloud Services

Question

I have a Raspberry Pi3 device which has Android Things dev preview 0.6.1 installed. On completing certain operations, the device needs to send data to Google Cloud Storage. To do so it must have an API key to authenticate itself.

In Android devices it could be done easily using by integrating Google Sign in Option but since my Android Thing device doesn't have any interface, Google Sign In could not be implemented in it.

I have gone through github project Android Things Weather Station Sample which is using Google Service Account to publish data to PubSub. To do so, it generates and imports a credential.json file into the project and somehow generates credentials from it.

So my question stands is, without user consent, can we use Google Service Accounts to authenticate with Google Cloud Storage? If yes, how can we generate access token from it ? If no, is there any other method to authenticate with GCS?

Answer 1

In case anyone faces the same issue, I found this document which has explained the way to authenticate devices with Google Cloud without the consent of a user.

Answer 2

The simplest and most secure way to authenticate your IoT devices with Google Cloud is using Cloud IoT Core to publish data over MQTT or HTTP into Cloud Pub/Sub. Cloud IoT Core is a bridge designed to securely manage large fleets of devices and authenticate them with your cloud project.

Take a look at the SensorHub sample app on GitHub, which is similar to the weather station, but uses Cloud IoT Core to authenticate and publish instead.

Answer 3

As Shubham stated, using a service account is one way to authenticate devices. Otherwise you'd need to build a mobile companion app which you use to authenticate the user. Then you would have to transfer that token to the IoT device.