I am currently using Google Cloud Storage to handle storage for my application. While reading the documentation for GCS, I was wondering how could I control who can have access to what when I have my own auth system as opposed to Firebase etc
For example, I have two different roles, admin and user. A user with the role user can upload a file, delete their file but a user cannot see another user's files. An admin can see all users' files.
Is this something that is possible with Google Cloud Storage especially when using your own auth system (sessions with redis)?
Couldn't find any clear examples on Google Cloud Storage docs for what I am looking for, would appreciate some guidance.
CodePudding user response:
The only access management system for Google Cloud Storage is Google OAuth 2.0. You cannot replace that system.
You can, however, add a layer on top of IAM inside your application. I use signed URLs to grant access to users based upon my local authorization system. The users authenticate to my application, request a signed URL, and then directly access Cloud Storage. I use HTTP redirects to transparently request signed URLs. The users see Cloud Storage objects as routes within my application. This might sound complex, but is easy to implement in most frameworks. I use the technique with Laravel for both Google and Azure storage. The actual Cloud Storage requests then happen in the browser coded in JavaScript.