Version: eXtendFiles 1.7.0 and above
Audience: Administrator, User

Introduction

Google Cloud Storage (GCS) provides secure and direct access to objects stored in GCS buckets through signed URLs. These URLs are generated with a specific expiration time, after which they become invalid. This article provides an overview of the behavior of GCS signed links when used with eXtendFiles.

Duration of Signed Links

GCS signed links have a maximum duration of 7 days. This means that the link will remain valid and provide access to the specified object for up to 7 days from the time it was generated. The exact time will depend on the expiration time set in your eXtendFiles private files settings.

Link Expiration

After the specified expiration time, a signed URL becomes invalid. If someone attempts to access the object using an expired link, they will encounter an error. This response indicates that the signed URL is no longer valid and that a new signed URL must be generated to regain access.

<Error>
    <Code>ExpiredToken</Code>
    <Message>Invalid argument.</Message>
</Error>

Resigning Links

Once a signed link has expired, it cannot be used to access the object. However, the object can still be accessed by generating a new signed link.

It’s important to note that the existing link cannot be resigned. Instead, a new link with a new expiration date must be generated. This new link must be used to access the file.

Frequently Asked Questions (FAQs)

1. Can the expiration time of a signed link be changed?
   
   Yes, the expiration time of a Google Cloud Storage signed link can be set at the time of its creation. However, once the link has been created, the expiration time cannot be changed. If you need to extend the access to the object, you will need to create a new signed link with a new expiration time. It’s important to note that the maximum validity of a signed URL is 7 days. This is because the signing key used in signature calculation is valid for up to seven days.
   
2. Is there a limit to the number of signed links I can create for an object?
   
   No, there is no limit to the number of signed links that can be created for an object. Each link will have its own unique expiration time which is set during the creation of the link.
   
3. What happens if a signed link is used after it has expired?
   
   If a signed URL is used after its expiration, access to the object will be denied, and the user will encounter an error. To regain access, a new signed URL must be generated.
   
4. Can I create a signed link with no expiration?
   
   No, all Google Cloud Storage signed links must have an expiration time. The maximum duration of a signed link is 7 days. If continuous access to an object is needed, consider allowing public access to the object.