All of Drastic's version 6 or greater software supports authenticating via OAuth 2.0 across an https transport. This is most useful for Net-X-Code's partial file restore system, but can also be used from videoQC or MediaReactor.  Accessing these resources requires a second level of setup beyond the basic software setup, and this article provides an overview on that process.

Cloud file access - Direct

Drastic software supports direct access to cloud resources using http, http2, ftp and other file sharing methods.  For cloud providers like Google, an authentication system is also required to access the stored files. 

The simplest way to set up access to a cloud is to use a file system redirector (If this is not possible in your scenario, please see the next section of this article).  In the case of Google, the easiest way to do this is with their FUSE file system add on.  For more information on setting this up, please see:

https://cloud.google.com/storage/docs/gcs-fuse

Cloud file access - https

As an example, this section will go over the steps required to set up access to a Google cloud 'bucket' from Drastic software. The steps are operating system independent, other than the directories in which the access files are stored.  With the access file, they should be set up to be read only by the Drastic software, as they will contain sensitive information that could be used to access your cloud files.  For the purposes of this article, you will need to use one of the following directories:

Windows:

C:\ProgramData\Drastic\
Alt - C:\Documents and Settings\<username>\Drastic\

Linux:

/etc/Drastic/
Alt - /Home/<username>/Drastic/

macOS:

/Library/Applications Support/Drastic/
Alt - /Home/<username>/Drastic/

In order to set up OAuth 2.0, you will need to get information and data from your cloud account.  In this case, we will use Google's cloud service as an example.

First you need to authorize and get the application credentials json.  Using the gcloud command from the Google cloud SDK is the easiest way to do this.  Run this command on your server:

gcloud auth application-default login

Alternately, you can create this json file from Googles developer API at:

https://console.developers.google.com/apis/credentials

This will let you log into the Google OAuth server, and then save an 'application_default_credentials.json' on your system.  It should have data similar to this in it:

{
 "client_id": "dasdsa850-6qr4p6gpi6hnwe654yrtjuq83di341hur.apps.googleusercontent.com",
 "client_secret": "mgfei9jgf19q7MsssTy",
 "refresh_token": "fw98jsduTmScuUjavQzchmf8wssssu5y5f85mAmcvaa",
 "type": "authorized_user"
}

This file needs to be copied to the correct directory above, and renamed:

www.googleapis.com.json

Once you have the correct json file, you will also need to specify which OAuth 2.0 authentication server to use.  This is done in the config.xml, normally with the DDRConfig utility.  For each json file, there should be a matching folder under \MediaReactor\OAuth2\.  Within that folder should be an oauth2server entry with the URL of the server you want to use. 

For Google cloud, this would normally be

\MediaReactor\OAuth2\www.googleapis.com\oauth2server = "https://www.googleapis.com/oauth2/v4/token"

Drastic software will use this config to create and refresh the access as needed so that it can access your OAuth 2.0 protected files.  To access them, simply specify them as URLs.  For a bitbucket on Google called 'netxcode-pfr' with a file called 'sourceABR.mp4', the file URL to send would look like:

https://www.googleapis.com/storage/v1/b/netxcode-pfr/o/sourceABR.mp4?alt=media

The alt=media is recommended but optional in most cases.  Not including it will cause a secondary request to be sent, based on the JSON return from google.  Other cloud systems' URLs will vary, but the basic structure will be similar to this.

Please note, if the URL for the access starts with numbers, they must be removed from the /MediaReactor/OAuth2/ folder name and the JSON name on the disk. So,

https://534a7xn2qkh8.eu-west-1.amazonaws.com

would have the keyname in the Config.xml of

a7xn2qkh8.eu-west-1.amazonaws.com

and the file name in C:\ProgramData\Drastic\ of

a7xn2qkh8.eu-west-1.amazonaws.com.json

You would still access the api via the normal url

https://534a7xn2qkh8.eu-west-1.amazonaws.com

and we would match it under the hood to a7xn2qkh8.eu-west-1.amazonaws.com

Also, if you are in Google's web browser page for cloud storage, the links will resolve to something like:

https://storage.cloud.google.com/netxcode-pfr/sourceABR.ack?_ga=3432432.-13132.2321 

To use these in Net-X-Code, you will need to replace the storage.cloud.google.com with www.googleapis.com for them to work.  Google cloud does not allow application access to the files in the same way at both addresses.