How to generate a Signed URL of file in google cloud storage with just OAuth 2.0 bearer token and bucket name? (php code)

Question

I have tried the code below and it is working fine. However, it would be ideal if I could get the Signed URL with just using the OAuth 2.0 access token and the bucket name.

I tried a lot of things and still no where to go.

function getSignedURL($file, $expiryMinutes = 30)
{

    $privateKeyFileContent = '{
     // service account generated key
    }';

    $storage = new StorageClient([
        'keyFile' => json_decode($privateKeyFileContent, true)
    ]);
    $bucket = $storage->bucket("as-portal");
    $object = $bucket->object($file);
    $url = $object->signedUrl(
    # This URL is valid for 15 minutes
        new \DateTime("$expiryMinutes min"),
        [
            'version' => 'v4',
        ]
    );
}

Any help would be appreciated!

Answer 1

Currently all methods available for signing a URL require the private key of a Service Account, as described in the Options for generating a signed URL . Therefore it is not possible to sign a URL locally without having the private key of a service account.

You can, however, sign it remotely like explained in this example . I would suggest having an App Engine service sign the urls for you, like explained in the Signing strings with Google Cloud tools section of the documentation.