What Authorization token is required for Google Cloud Storage JSON API?

7
votes

I am learning Google Cloud Storage, the JSON api, simple upload:

https://cloud.google.com/storage/docs/json_api/v1/how-tos/simple-upload

The example says to send a post looking like this:

POST https://www.googleapis.com/upload/storage/v1/b/myBucket/o?uploadType=media&name=myObject HTTP/1.1
Content-Type: image/jpeg
Content-Length: [NUMBER_OF_BYTES_IN_FILE]
Authorization: Bearer [YOUR_AUTH_TOKEN]

[JPEG_DATA]

And then I created a "Service accounts" API.

But how do I figure out the [YOUR_AUTH_TOKEN] to use from my newly created Service account?

1
google-cloud-storage

1 Answers

9
votes

Google Cloud uses OAuth 2.0 to handle authentication. There are a variety of techniques for generating a token depending on your needs. If you're writing a program using one of Google's client libraries, the details are mostly taken care of for you. Google has a lengthy guide on the nitty-gritty: https://developers.google.com/identity/protocols/OAuth2

You are looking to authenticate as a service account. Service accounts generally authenticate by creating a token request document called a JWT, signing it with a private key associated with the service account, then exchanging the JWT with Google for a token. This process is described over here: https://developers.google.com/identity/protocols/OAuth2#serviceaccount

From your desktop, if you want to auth as a service account, one easy way is to use gcloud to authenticate as a service account and then ask it for a token:

$> gcloud auth activate-service-account [email protected] --key-file=creds.json
$> gcloud auth print-access-token