I am trying to build a web application where a user log's in and access protected data in cloud storage bucket (firebase authentication used for login). ACL is set for objects in cloud storage. The user should be able to read only the objects that he has access to. I want to get Bearer access token for the user, the access token should have his scopes, when I send a REST request with the bearer token, I should be able to read the objects in bucket for which he has access to, if the user don't have access, I should get access denied message. I cant use service account here as I am getting data specific to a user. How can I do this, suggestions please and Thanks in advance.
Asked
Active
Viewed 541 times
0
-
If you think my answer helped you, please, considering accepting/upvoting it. – gso_gabriel Jul 01 '20 at 10:32
1 Answers
0
For you to be able to use a Bearer token with your application, it will be by using the OAuth 2.0. This is the authentication method used by Cloud Storage to allow access via REST calls to the system. For you to use it, you need to add this below line of code into the headers of every request that you will be doing, that requires authentication - as described in the official documentation here.
Authorization: Bearer <oauth2_token>
This is the way of providing authentication via token in Cloud Storage. In addition to that, for you to generate the token, you can try two different modes.
- One it's to use the OAuth 2.0 Playground, where you can specify the API you want the authorization token to.
- The other one, as specified here, it's to run the command
gcloud auth print-access-token, so you can get an access token for thegclouddefault configuration.
Once you have the token and configure the header for your requests with it, you should be good to use it for the requests.
Let me know if the information helped you!
gso_gabriel
- 4,199
- 1
- 10
- 22
-
Thanks for the information, may I know how to get the access token on the fly from my we application when a user logs in. Is there any way we can generate access token programatically in my application instead of using oauth2.0 playground or gcloud command – Techenthusiast Jun 24 '20 at 07:07
-
Hi @Techenthusiast there is an option that you can try. You can develop your application - either [server](https://developers.google.com/identity/protocols/oauth2#webserver) or [client](https://developers.google.com/identity/protocols/oauth2#clientside) web versions - to redirect it to a Google URL that will generate the tokens for your usage. The parameters can be defined by your application, this way, generating the token per the user. In the linked documentations, you can get more information about it. – gso_gabriel Jun 24 '20 at 08:27