This isn't the biggest accomplishment ever, but it is a necessary step for what we want to do.
I still don't like that I have to use three-legged OAuth2 authentication from my company's Google App Engine site into my company's Google Storage cloud storage account. I should be able to trivially directly connect them (tighter Google Storage integration is high on the GAE team's to-do list).
But instead I'm forced to use three-legged authentication which, by design, protects my Google Storage username and password from my GAE app. Call me crazy, but I'd much rather just store my Google Storage account info in a protected properties file and let my GAE app log in directly. I don't need the level of indirection/protection that three-legged authentication provides.
In fact, it makes me worry more. Instead of a permanent link between my app and my cloud storage, I have a refresh token that I use to ask Google Storage for permission to do anything. If anything goes awry with that refresh token, my app can no longer access its own cloud storage provider. That's a problem. And resetting that connection requires manual intervention on my part--I have to re-initiate the authorization process by hand and approve the connection, then feed the resulting access code to my GAE app so it can then get a new refresh token from Google Storage.
Sound complicated? It is. And for direct internal access, it's way too cumbersome. I'm going to have to build an interface to streamline the process of re-authorizing my site with my storage just in case something goes wrong with the current refresh token.
But the good news is that the code is working and I'm able to make authorized requests into Google Storage.
Up next: Upload a file from a Web browser and push it into the cloud.
After lunch. Maybe.