The current implementation of the Google Cloud Storage connector seems to require me to grant complete access to my storage account via OAuth, to an external server (duplicati-oauth-handler.appspot.com). This seems a little excessive.
Is there a way to generate an auth token directly in the Google Cloud Console and provide it to my local Duplicati instance, without going through a third-party server?
Not in a simple way. The way the OAuth works, the server has a “secret” that needs to be used with the user token before access is allowed. Those two secrets are a “pair”, and I cannot disclose the server secret, hence there is no way to achieve this without a server.
To use OAuth without the helper service, you need to run your own OAuth server.
There is a discussion about how/if that should be done from Duplicati:
If you prefer to have control, you can always deploy your own OAuth server, using the same code as the version we host: