style
content

White Adobe logo on a red square.

How to use Google Drive with a custom user

Setting up the custom user involves the following steps:

  1. Create a folder within Google Drive that will be the website root
  2. Create or define the (technical) user that will access the Google Drive content
  3. Share the website root folder with that user
  4. Configure the fstab.yaml with the respective folder
  5. Register the user with the service

1. Create a folder within Google Drive

Please follow the respective steps of the tutorial.

2. Create or define the (technical) user

It is best practice to use a generic (or technical) user to access the content on behalf of the service. This is better than using an employee user account because the exact scope of the files the user can access can be defined. Furthermore, there is no risk losing access to the files, should that employee leave the company.

Every company has different procedures to create technical users, so ask your IT department on how to do this.

3. Share the website root folder with that user

Please follow the steps of the tutorial but instead of sharing the content with the default user, share it with your custom user. The example below uses helixdocumentation@gmail.com as the example user:

4. Configure the fstab.yaml with the respective folder

Please follow the respective steps of the tutorial

5. Register the user

Overview

In order for the AEM service to access the authored content it needs a couple of information and setup. The AEM service (a cloud function) accesses the Google Drive API on behalf of a configured user. In order to do so, it needs to authenticate first in the context of a Google Cloud Application. This is important because the scopes given to the application define what permission the service has on the Google Drive API. For example, it should be allowed to read and write documents, but not to alter access control.

Access the Service Setup UI

To get started, open the Admin Service Setup UI and enter the GitHub URL of your project:

Then you need to “Sign In” with a user that has access to the website root. This is to verify that only people with sufficient credentials can manage the user registration. This can be your own personal user or the technical user you selected above.

The first time you login, you probably see the “Google hasn’t verified this app” screen. This shows up because the verification process is still pending:
Click on Advanced and then on Go to admin.hlx.page (unsafe):

Next, you see the permission grant screen that informs you about which permissions the “Franklin Service” application will have.

Connect the technical user

With the permission properly granted, you should be able to login properly to the Franklin Service Setup UI:

Click on “Connect User” and you should see a new login window, where you want to login with your technical user. After the login process (and permission granting), the UI should show the connected user information:

Once the user is registered, you should be able to preview a page.

Important

Changing the user's password will invalidate the grant that is established when connecting the user. This will eventually cause an error in the sidekick. In order to prevent this, you need to reconnect the user, by clicking the disconnect button then connect it again.