Adobe documentation article explains configuring OpenAPI based content access from AEM very well. This post is just a collection of some quick screenshots and how to restrict access to some folders using the AEM permission model
1) To modernize AEM cloud envs (adding more product profiles) add yourself to the Business Owner - Cloud Service profile of product Cloud Manager in https://adminconsole.adobe.com/. Later in cloud manager you can click Add product profiles for the env to get the new product files like AEM Assets Collaborator Users needed for OpenAPI integration
2) Once you have the profiles available in admin console for the env to access them click Manage Access -> Author Profiles and add AEM Assets API Users Service to AEM Assets Collaborator Users product profile
3) Create a Adobe IO Project (https://developer.adobe.com/console) to enable Oauth Server to Server Integration add the API AEM Assets Author API
4) In your AEM maven project add file ./config/api.yaml and copy the Client Id from integration created above
kind: "API"
version: "1.0"
metadata:
envTypes: ["dev", "rde"]
data:
allowedClientIDs:
author:
- "1252dexxxxxxxxxxxxxxxxxe6670"
5) Run the pipeline to deploy or if its RDE using the following command...
aio aem:rde:install -t env-config ./config
6) You can now access AEM assets using server to server integration providing the Bearer (access) token and x-api-key (client id)
Request:
curl --location "https://author-p10961-e1322140.adobeaemcloud.com/adobe/folders" ^
--header "Content-Type: application/vnd.adobe.asset-operation+json" ^
--header "x-api-key: 1252de.........5bbe6670" ^
--header "Authorization: Bearer eyJhbGciOiJSUzI......"
Response:
{
"self":
{
"folderId": "urn:aaid:aem:/content/dam",
"name": "dam",
"path": "/content/dam",
"title": "Assets",
},
"children":
[
{
"folderId": "urn:aaid:aem:/content/dam/eaem-redirects",
"name": "eaem-redirects",
"path": "/content/dam/eaem-redirects",
"title": "eaem-redirects",
},
{
"folderId": "urn:aaid:aem:/content/dam/experience-rde",
"name": "experience-rde",
"path": "/content/dam/experience-rde",
"title": "Experience RDE",
},
],
}
7) To restrict access to some folders you can apply the regular AEM permissions by adding the profile group created in AEM, a member of group you can assign permissions to, for eg. here the profile group created in AEM AEM Assets Collaborator Users - author - Program 10961 - Environment 1322140 is made part of AEM group eaem-collab-users and permissions assigned to the group eaem-collab-users...
8) Similar restrictions can be applied for showing assets in Asset Selector
<html>
<head>
<title>Dynamic Media Open API Asset Selector</title>
</head>
<body>
<div style="width: 100%; height: 100%">
<h1 style="text-align: center; color: red"> Dynamic Media Open API Asset Selector with IMS Token </h1>
<div id='asset-selector'></div>
</div>
<script src="https://experience.adobe.com/solutions/CQ-assets-selectors/static-assets/resources/assets-selectors.js"></script>
<script>
function registerAssetSelector(){
const apiToken = queryParameters().imsToken;
if(!apiToken) {
alert("IMS Token is required");
return;
}
function handleSelection(selection) {
console.log("Selected asset: ", selection);
}
function renderAssetSelectorInline() {
console.log("initializing Asset Selector");
const props = {
"repositoryId": "author-p10961-e1322140.adobeaemcloud.com",
"apiKey": "1252dexxxxxxxxxxxxxxe6670",
"imsOrg": "2FBC7BxxxxxxxxxxBB@AdobeOrg",
"imsToken": apiToken,
handleSelection,
hideTreeNav: true
}
const container = document.getElementById('asset-selector');
PureJSSelectors.renderAssetSelector(container, props);
}
window.addEventListener("load", (event) => {
renderAssetSelectorInline();
});
}
function queryParameters() {
let result = {}, param,
params = document.location.search.split(/\?|\&/);
params.forEach( function(it) {
param = it.split("=");
result[param[0]] = param[1];
});
return result;
}
registerAssetSelector();
</script>
</body>
</html>
9) To deny read access for all folders in /content/dam and only allow specific folders eg. /content/dam/experience-rde
No comments:
Post a Comment