diff --git a/go.mod b/go.mod
index eab496b5bb5..37197ddb391 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	google.golang.org/api v0.58.0
-	google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178
+	google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4
 	google.golang.org/grpc v1.40.0
 	google.golang.org/protobuf v1.27.1
 )
diff --git a/go.sum b/go.sum
index 5c9902de142..a40a9b4b998 100644
--- a/go.sum
+++ b/go.sum
@@ -492,8 +492,8 @@ google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178 h1:sjksfRCbEowdKjfEEAUtbT/Ji7rS6z/Rr/075r57JLQ=
-google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 h1:NBxB1XxiWpGqkPUiJ9PoBXkHV5A9+GohMOA+EmWoPbU=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
diff --git a/internal/generated/snippets/go.mod b/internal/generated/snippets/go.mod
index bf7c70f4289..5c47285a30c 100644
--- a/internal/generated/snippets/go.mod
+++ b/internal/generated/snippets/go.mod
@@ -125,7 +125,7 @@ require (
 	cloud.google.com/go/websecurityscanner v0.1.0
 	cloud.google.com/go/workflows v0.1.0
 	google.golang.org/api v0.58.0
-	google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178
+	google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4
 )
 
 replace cloud.google.com/go/storagetransfer => ../../../storagetransfer
diff --git a/internal/generated/snippets/go.sum b/internal/generated/snippets/go.sum
index ef737218610..f4ddda5ece0 100644
--- a/internal/generated/snippets/go.sum
+++ b/internal/generated/snippets/go.sum
@@ -162,8 +162,9 @@ google.golang.org/genproto v0.0.0-20210927142257-433400c27d05/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20210930144712-2e2e1008e8a3/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211001223012-bfb93cce50d9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178 h1:sjksfRCbEowdKjfEEAUtbT/Ji7rS6z/Rr/075r57JLQ=
 google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 h1:NBxB1XxiWpGqkPUiJ9PoBXkHV5A9+GohMOA+EmWoPbU=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
diff --git a/internal/godocfx/go.sum b/internal/godocfx/go.sum
index b8f936a19e6..8099747671c 100644
--- a/internal/godocfx/go.sum
+++ b/internal/godocfx/go.sum
@@ -314,8 +314,8 @@ google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178 h1:sjksfRCbEowdKjfEEAUtbT/Ji7rS6z/Rr/075r57JLQ=
-google.golang.org/genproto v0.0.0-20211012143446-e1d23e1da178/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 h1:NBxB1XxiWpGqkPUiJ9PoBXkHV5A9+GohMOA+EmWoPbU=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
diff --git a/storage/bucket.go b/storage/bucket.go
index d8747e58c95..ec7dcb5c322 100644
--- a/storage/bucket.go
+++ b/storage/bucket.go
@@ -239,6 +239,9 @@ func (b *BucketHandle) newPatchCall(uattrs *BucketAttrsToUpdate) (*raw.BucketsPa
 // This method only requires the Method and Expires fields in the specified
 // SignedURLOptions opts to be non-nil. If not provided, it attempts to fill the
 // GoogleAccessID and PrivateKey from the GOOGLE_APPLICATION_CREDENTIALS environment variable.
+// If you are authenticating with a custom HTTP client, Service Account based
+// auto-detection will be hindered.
+//
 // If no private key is found, it attempts to use the GoogleAccessID to sign the URL.
 // This requires the IAM Service Account Credentials API to be enabled
 // (https://console.developers.google.com/apis/api/iamcredentials.googleapis.com/overview)
@@ -260,7 +263,7 @@ func (b *BucketHandle) SignedURL(object string, opts *SignedURLOptions) (string,
 		newopts.GoogleAccessID = id
 	}
 	if newopts.SignBytes == nil && len(newopts.PrivateKey) == 0 {
-		if len(b.c.creds.JSON) > 0 {
+		if b.c.creds != nil && len(b.c.creds.JSON) > 0 {
 			var sa struct {
 				PrivateKey string `json:"private_key"`
 			}
@@ -285,7 +288,7 @@ func (b *BucketHandle) SignedURL(object string, opts *SignedURLOptions) (string,
 func (b *BucketHandle) detectDefaultGoogleAccessID() (string, error) {
 	returnErr := errors.New("no credentials found on client and not on GCE (Google Compute Engine)")
 
-	if len(b.c.creds.JSON) > 0 {
+	if b.c.creds != nil && len(b.c.creds.JSON) > 0 {
 		var sa struct {
 			ClientEmail string `json:"client_email"`
 		}
diff --git a/storage/go.mod b/storage/go.mod
index f39fda95821..380a54ce949 100644
--- a/storage/go.mod
+++ b/storage/go.mod
@@ -10,7 +10,7 @@ require (
 	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	google.golang.org/api v0.58.0
-	google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0
+	google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4
 	google.golang.org/grpc v1.40.0
 	google.golang.org/protobuf v1.27.1
 )
diff --git a/storage/go.sum b/storage/go.sum
index 181c5ef033a..ee376ea36ef 100644
--- a/storage/go.sum
+++ b/storage/go.sum
@@ -496,8 +496,9 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0 h1:5Tbluzus3QxoAJx4IefGt1W0HQZW4nuMrVk684jI74Q=
 google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 h1:NBxB1XxiWpGqkPUiJ9PoBXkHV5A9+GohMOA+EmWoPbU=
+google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
diff --git a/storage/storage.go b/storage/storage.go
index 98a0389d0fc..81ff43c6d60 100644
--- a/storage/storage.go
+++ b/storage/storage.go
@@ -100,7 +100,8 @@ type Client struct {
 	scheme string
 	// ReadHost is the default host used on the reader.
 	readHost string
-	creds    *google.Credentials
+	// May be nil.
+	creds *google.Credentials
 
 	// gc is an optional gRPC-based, GAPIC client.
 	//
@@ -131,14 +132,13 @@ func NewClient(ctx context.Context, opts ...option.ClientOption) (*Client, error
 		opts = append(opts, internaloption.WithDefaultEndpoint("https://storage.googleapis.com/storage/v1/"))
 		opts = append(opts, internaloption.WithDefaultMTLSEndpoint("https://storage.mtls.googleapis.com/storage/v1/"))
 
+		// Don't error out here. The user may have passed in their own HTTP
+		// client which does not auth with ADC or other common conventions.
 		c, err := transport.Creds(ctx, opts...)
-		if err != nil {
-			return nil, err
+		if err == nil {
+			creds = c
+			opts = append(opts, internaloption.WithCredentials(creds))
 		}
-		creds = c
-
-		opts = append(opts, internaloption.WithCredentials(creds))
-
 	} else {
 		var hostURL *url.URL