How to add access token to CCD request to private bucket

Note: I posted this in the Addressables forum first, but this seems a more appropriate place for it.

I’ve set up buckets on CCD and created an Addressables profile using the ‘latest’ badge in the project.
I’ve set the buckets private and created an access token for each of my buckets.
Finally, I’ve used the code from here to try to add the base64 encoded token to the request:
https://docs.unity.com/ccd/UnityCCDWalkthrough.html?TocPath=Unity CCD + Addressables walkthrough|____0#The_Command-line_interface(optional)
Code (CSharp):

  • Addressables.WebRequestOverride = webRequest =>
  • {
  • webRequest.SetRequestHeader(“Authorization”, base64encodedToken);
  • };
  • var downloadHandle = Addressables.DownloadDependenciesAsync(downloadTags, Addressables.MergeMode.Union, true);

I’m getting a 401 Unauthorized response each time.
I’ve tried with both tokens, base64 encoded and not, adding "Bearer: " in front of the token and not.
I’ve also tried adding "Basic " in front of the token, as recommended by this thread (which got a worryingly late reply): Don't know use Access Tokens , private bucket
I’ve set the addressables groups to “Use UnityWebRequest for” as well.
How is it supposed to be done?

Also, when we find out how it’s actually supposed to work, could you please update the example at the bottom here?
https://docs.unity.com/ccd/UnityCCDWalkthrough.html?TocPath=Unity CCD + Addressables walkthrough|____0#The_Command-line_interface(optional)

Also, what is the use for public buckets where anyone can upload and access content without authentication (e.g. “If a bucket is tagged “Open to all”, anyone can modify content in this bucket” from https://blog.unity.com/games/whats-new-in-cloud-content-delivery)? Is it really a bucket where anyone in the world can upload content if they know the URL?

@kaanyalti Did you find out how it’s supposed to work with private buckets and access tokens?

Well, I found out the solution, but I feel like this is either a bug or something is missing in all documentation about this.
I noticed that on the following page there is an example of an access token and its Base64 encoded counterpart, but they don’t match: Unity Content Delivery
However, decoding the Base64 version gives the example token with “:” prepended, so I tried adding a colon in front of my access token before encoding to Base64 and then it started working.
Is this a mistake or is it intended to have a colon in front to work? And if so, why is this not documented anywhere?

Hi @Limewood ,

Yes that is intended, in the documentation Unity Content Delivery, just a few line above the base64 encoded counterpart, it is mentioned that :

To authenticate requests, include a Basic Authentication header as a base64-encoded string 'username:password', using your access token as the password (and empty username).

So you get something like have ‘:access token’ and encode it in base64 afterward.

We will update it to make it clearer,

Hope this helps.

Oh, I see now then, thank you for clarifying.

I am wondering about this too.
I assume only the Unity accounts tied to the project can write to open buckets? According to the Management API

then later under permissions

It’s very unclear.

I’m using Addressables with the CCD and the CCD management package to build and release directly from the editor. I have a Staging environment and bucket with open, so I can write to it, and a production bucket with “promotion only”, to promote to if the staging bucket is correct.

How do I make sure my staging bucket is read only for anyone except my developers?

I know there’s the newer private read access token. I don’t care about people reading the staging bucket, only write access. Do I need to use the private read access to fully protect the staging bucket?

Do I need to get the CLI to properly add permissions to my buckets that aren’t available on the dashboard?

2 Likes

Hi I want to provide some code here, which worked for me to access private buckets with a token setup. I found the Documentations example code

1.CCD and Addressables walkthrough

2.Property WebRequestOverride | Addressables | 1.21.21

a bit contradictory.

Please find the code below:

        void Start()
        {
            //Add private token to addressable web request header
            Addressables.WebRequestOverride = AddPrivateToken;
        }
         

        private void AddPrivateToken(UnityWebRequest request)
        {
            string bucketAccessToken = ""; // Add your bucket token here

            var encodedToken = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes($":{bucketAccessToken}"));

            request.SetRequestHeader("Authorization", $"Basic {encodedToken}");
        }

It works for me in editor and returns 401 in WebGl build. Have any idea?