Cloud Storage Providers
- Jon Cameron
- ChrisC
If configured, collection staff can authenticate to cloud storage providers and select files for upload in addition to a local filesystem. directly from the Browse Everything interface in Avalon (the modal window that appears when “Open Dropbox” is selected on the Manage Files edit page).
Providers
Google (Drive)
Enabling a connection to Google Drive requires the creation of an OAuth 2.0 Client ID through the Google API dashboard.
Steps to Enable
Follow the steps at https://developers.google.com/identity/protocols/oauth2 to create an OAuth 2.0 Client ID for your Avalon instance
First you need a Google Developer Account
Add an OAuth 2.0 credential, take note of the id and secret
Use the Client ID and secret in your Avalon site's settings.yml (see Upgrading Avalon 7.2 to Avalon 7.3 for config details)
Add these configs to Avalon. You can share a Redis instance with Avalon or use a separate one.
dropbox:
google_drive:
client_id: <oauth id>
client_secret: <oauth secret>
# redis_token_store_url: redis://host:port # if different from Avalon's RedisOnce configured, restart the app
Google Drive will now appear as a source in the "Open Dropbox" file picker in Avalon
For instructions, see Connecting to Google Drive
Batch ingest does not work with Google Drive. Use the filesystem or S3 (AWS, MinIO, HCP) adapters for batch ingest.
Microsoft (Sharepoint and OneDrive)
This provider will allow access to files in Sharepoint and OneDrive. It routes through the /me/joinedTeams and /me/drives Microsoft Graph API endpoints and will list Teams that the user belongs to and the user's personal drives at the top level. Within each Team, it will expand to list any child drives or files that the user has permission to access. For technical details see Get access on behalf of a user - Microsoft Graph.
Steps to Enable
Register in the Entra Admin center to receive client_id, client_secret, and tenant_id.
If using .default endpoint as your scope, you must register API permissions for your application. Minimum permissions:
Files.Read
Files.Read.All
Files.Read.Selected
offline_access
openid
profile
Team.ReadBasic.All
User.Read
Add the Client ID and secret in your Avalon site's settings.yml
Add these values to Avalon’s settings file:
dropbox:
sharepoint:
# Client id and secret generated for the application by Entra Admin Center
# when registering the app
client_id: 5673bf4e-58c2-4ca4-94da-d64456cabf90
client_secret: 7m78Q~PtEHlDCQjNigBJIerMcDOwn1n79xxkEbgM
# Tenant (organization) id found in Entra Admin Center
tenant_id: 1113be34-aed1-4d00-ab4b-cdd02510be91
# Redirect URI assigned in Entra. For Avalon, should be base host name
# with /browse/connect, e.x. 'http://example.com/browse/connect'
redirect_uri: https://avalon-dev.dlib.indiana.edu/browse/connect
# offline_access is needed for refresh tokens to be issued
# .default allows setting permissions through Entra admin dashboard
scope: offline_access https://graph.microsoft.com/.default
# The Sites endpoint returns all sites that a user has access to.
# Provide search/filter terms here to limit the results returned.
filter_terms: ['O365-', '[Sec]', '[Sec-E]']