👀 Views: 53 💬 Answers: 1 📅 Created: 2025-08-30

google-cloud-storage signed-urls 403-forbidden Python

I'm building a feature where I'm working on a project and hit a roadblock. I'm currently working with an scenario with generating signed URLs for my GCP Cloud Storage objects. I set up the signed URL to allow access for 10 minutes, but when I try to access the URL after a few minutes, I'm getting a `403 Forbidden` behavior. Here’s the code I'm using to generate the signed URL: ```python from google.cloud import storage from datetime import timedelta client = storage.Client() bucket = client.get_bucket('my-bucket') blob = bucket.blob('path/to/my-object') url = blob.generate_signed_url( version='v4', expiration=timedelta(minutes=10), method='GET', content_type='application/octet-stream' ) print(url) ``` I've confirmed that the URL is being generated correctly and is valid for 10 minutes. However, when I try to access it after 5-6 minutes, I consistently get the `403 Forbidden` behavior. I’ve also checked the IAM permissions, and they seem correct; the service account has `Storage Object Viewer` rights. Additionally, I verified the system time on the machine generating the signed URL and ensured it’s accurately synced with NTP. I even tried extending the expiration time to an hour, but the scenario continues. Is there something I might be missing here? Any insights on the possible causes or solutions would be greatly appreciated. This is part of a larger CLI tool I'm building. I'd really appreciate any guidance on this. I'm working in a macOS environment. Any ideas what could be causing this? Has anyone else encountered this?