I have a fairly simple task... I have a GCS bucket I created that I want to be private.
I programmatically put files into it, and use it in my (personal use only) web app.
I want to create an <img src=""> tag which links directly to the URL but only if I'm logged into the proper Google account.
I've tried adding "Legacy object reader" as well as "object reader" permissions for the particular Google email in question.
The authentication works when using this URL but ONLY if I add ?authuser=X:
https://storage.cloud.google.com/<BUCKET_NAME>/<PATH>
If I don't add that then it shows 403 forbidden error.
Is there a way I can do this without having to specify the # of user signed in (I change them and the order frequently), and without the headache of signed URLs?
You can use the default service account to grant access to your bucket and files through your web app and if your app is hosted in App Engine, you can use Identity-Aware proxy to allow access only to your account.