How to get Bearer access token for a user account to access protected data in cloud storage bucket

Question

I am trying to build a web application where a user log's in and access protected data in cloud storage bucket (firebase authentication used for login). ACL is set for objects in cloud storage. The user should be able to read only the objects that he has access to. I want to get Bearer access token for the user, the access token should have his scopes, when I send a REST request with the bearer token, I should be able to read the objects in bucket for which he has access to, if the user don't have access, I should get access denied message. I cant use service account here as I am getting data specific to a user. How can I do this, suggestions please and Thanks in advance.

Answer 1

For you to be able to use a Bearer token with your application, it will be by using the OAuth 2.0. This is the authentication method used by Cloud Storage to allow access via REST calls to the system. For you to use it, you need to add this below line of code into the headers of every request that you will be doing, that requires authentication - as described in the official documentation here.

Authorization: Bearer <oauth2_token>

This is the way of providing authentication via token in Cloud Storage. In addition to that, for you to generate the token, you can try two different modes.

• One it's to use the OAuth 2.0 Playground, where you can specify the API you want the authorization token to.
• The other one, as specified here, it's to run the command gcloud auth print-access-token, so you can get an access token for the gcloud default configuration.

Once you have the token and configure the header for your requests with it, you should be good to use it for the requests.

Let me know if the information helped you!