google cloud storage access denied with allAuthenticatedUsers

0
votes

I use Reactjs to create a website and host it on Firebase, and set serviceAccount.json with firebase-admin and @google-cloud/storage on Google Cloud Functions to handle functions. Website has a <iframe> element, it will load aaa.html link url from bucket in Google Cloud Storage. Bucket of GCS is set to allAuthenticatedUsers. Upload aaa.html using predefinedAcl:'authenticatedRead'. Website could login with firebaseui-web-react. I only got access denied when I load aaa.html.

<Error>
    <Code>AccessDenied</Code>
    <Message>Access denied.</Message>
    <Details>
        Anonymous caller does not have storage.objects.get access to 
        bucket/path/aaa.html.
</Details>
</Error>

How can I access correctly?

1
reactjsgoogle-cloud-functionsgoogle-cloud-storage
How are you accessing the URL? With those permissions only authenticated Google account holders can access the file. - Corinne White
I tried fetch in front, but I have no idea how to connect GCS with authentication. - Las Te

1 Answers

0
votes

Your request is not authenticated, you are anonymous. Be sure that you have a Google account (email, service account,..)

Your user have to be known be Google (or Cloud Identity) for being considered as known/authenticated. With firebase auth, your user can be known, and authenticated by external service (Facebook, Github,...) but GCS only trust Google authenticated account.

A solution is to create a service account for your backend. To provide GCS Bucket access to this service service account and to serve file to your user through your backend.