GCP: Why can't my Backend Bucket find my public files?

Question

Short Version: I have configured a backend bucket on my load balancer and mapped it to /__/auth/, that bucket contains a publicly acessable file named handler, but when I hit /__/auth/handler I get an error XML with The specified key does not exist.

UPDATE: I think this issue is probably caused by this other issue: GCP load balancer url re-writing and backend-mapping not happening the way I'd expect

Long Version

In GCP I am trying to publicly host some files on my domain using a backend bucket as one of the backends for my classic application load balancer. Specifically, I'm trying to host some of Firebase's auth files on my domain so that I can use them for a same-origin oauth redirect per Google's recommended option 4 here. (Google's sample server implementation just statically serves these, so I figure I can get away with letting a storage bucket do that for me for now.)

Bucket Backend: I have configured a bucket backend, with this "equivalent code"

PUT https://compute.googleapis.com/compute/v1/projects/<My Project>/global/backendBuckets/<My Backend Bucket Name>
{
  "bucketName": "<My Bucket Name>",
  "cdnPolicy": {
    "cacheMode": "CACHE_ALL_STATIC",
    "clientTtl": 3600,
    "defaultTtl": 3600,
    "maxTtl": 86400,
    "negativeCaching": false,
    "requestCoalescing": true,
    "serveWhileStale": 0
  },
  "compressionMode": "DISABLED",
  "description": "Per option 3 here: \nhttps://cloud.google.com/identity-platform/docs/web/redirect-best-practices",
  "enableCdn": true,
  "name": "<My Backend Bucket Name>",
  "usedBy": [
    {
      "reference": "https://www.googleapis.com/compute/beta/projects/<My Project>/global/urlMaps/<My URL MAP>"
    }
  ]
}

Url Map: I have configured a mapping to the bucket backend on my load balancer:

pathMatchers:
- defaultService: https://www.googleapis.com/compute/v1/projects/<My Project>/global/backendServices/<My Main Backend>
  name: path-matcher-1
  pathRules:
  - paths:
    - /__/auth/*
    service: https://www.googleapis.com/compute/v1/projects/<My Project>/global/backendBuckets/<My Bucket Backend Name>

Permissions: I have also granted the principal allUsers the Storage Object Viewer role on the bucket, and the cloud console UI shows the "Public to internet" warnings.

My bucket has Permissions/Access control set to Uniform, so allUsers should be granted that role on the objects in the bucket as well.

Objects: One of the objects in the bucket is named handler. It has type application/octet-stream and under "Public Access" also shows the "Public to internet" warning. It's gs link is gs://<Bucket Name>/handler

Problem: The problem is that when I try any of these urls __/auth/handler, __/auth/<Bucket Name>/handler, and a few other variations, I get back the same error XML:

<Error>
     <Code>NoSuchKey</Code>
     <Message>The specified key does not exist.</Message>
</Error>

Clearly my Bucket Backend is being hit, since this is a cloud storage error and I can see in my load balancer's monitoring page that traffic is being routed to the backend bucket.

Questions

• Why can't the bucket backend find the files in my bucket? (Highest Priority)
• Is there anything wrong with my approach to handling oauth redirects here? (Nice to have)