how is possible to use Google bearer token to authorize Google cloud storage?

Question

Is it possible to use bearer token from Google API Client Javascript Library to authorize Google cloud storage bucket without requesting https://www.googleapis.com/auth/devstorage scope from user. The bucket has read and write access to all Google account.

Answer 1

No. If the data is scoped to AllUsers, you could make the request anonymously, but you can't make requests to Google Cloud Storage on behalf of a user who hasn't granted you READ scope or better.

One possible alternative, depending on your use case: if the user happens to be signed in to their Google account, you could let them access the object directly using Cookie Authentication, for example by having them request the object via the URL pattern https://storage.cloud.google.com/bucket/object.