Accessing the signed url of firebase storage from browser says " Access denied"

Question

I have a cloud function which will generate signed url for the uploaded image into the firebase storage and was able to generate the signed url.

And when I tried to access the image from that url via browser, below is the error message i was getting.

url : https://storage.googleapis.com/mango-b715d.appspot.com/thumb_ESP_014033_1910_desktop.jpg?GoogleAccessId=firebase-adminsdk-lar4y@mango-b715d.iam.gserviceaccount.com

Error message :

<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>
Anonymous caller does not have storage.objects.get access to mango-b715d.appspot.com/thumb_ESP_014033_1910_desktop.jpg.
</Details>
</Error>

Somebody can explain me, how to solve this error and my main intention was to download that image into android app to external card.

can somebody guide me .

Want to add some more information.

Complete signed url

https://storage.googleapis.com/mango-b715d.appspot.com/ESP_014033_1910_desktop.jpg?GoogleAccessId=firebase-adminsdk-lar4y@mango-b715d.iam.gserviceaccount.com&Expires=13575340800&Signature=ayF424C3Fd04XLF82GeREn72wvl0Cox9cB%2BrSPK6wohEP1taXb7yMeW%2Fe6QRirpn%2BSM3HaU2CGRhi6Ae5RmJL8lYKPa%2BGOUhiWG6MxVsInoE0SbvkZeW0fIVdsVyGFIcQkFQeeiaBBm5E239TfAPP8P%2F%2BemcVQ8oiOCKac8uOIb4S4aIQfFBhkuWHNf2U8g4%2B9VxWTrAkRbYN5wuVc78mZmmuKi6q%2BT1IMB5nWnO3z4x893%2FyalzBEtT3uWRibesBspKLEJkoBn1dU7bYi0XuyZ6GByJesJMmGjZvq99hcI%2FgQ7kutGHcLS5HJ%2Bw9UZwwgNqMFlF%2BoS7WQg7Eu68tQ%3D%3D

Error message when accessed above url.

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.
</Message>
<StringToSign>
GET 13575340800 /mango-b715d.appspot.com/ESP_014033_1910_desktop.jpg
</StringToSign>

Answer 1

I faced this issue too despite my Firebase Storage rule for read being

allow read: if true;

Strangely, Cloud Storage console still showed the bucket as "not public". Changing that to give public access solved my problem.

1. Open the Cloud Storage browser in the Google Cloud Platform Console.
2. In the list of buckets, click on the name of the bucket that you want to make public. Select the Permissions tab near the top of the page.
3. Click the Add members button.
4. The Add members dialog box appears.
5. In the New members field, enter allUsers.
6. In the Roles drop down, select the Storage sub-menu, and click the Storage Object Viewer option.

Steps copied from - https://cloud.google.com/storage/docs/access-control/making-data-public

Answer 2

Chances are your current storage rules have this:

service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

You can look at them at your firebase console under Storage > Rules.

This means your users should be authenticated to read or write in the storage.

If you want to allow everyone access to resources without authentication you can enable this in Authentication > Sign-In Method and enable Anonymous.

Before doing that, considering this:

"my main intention was to download that image into android app to external card."

Maybe you should just use the Google sign-in method and make your users authenticate within the app. See https://firebase.google.com/docs/auth/android/google-signin?hl=es-419