Chromium Code Reviews Chromium Code Reviews
Issue 10630021:
Modify experimental identity flow to display scope descriptions and details. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/identity/identity_api.h" | 5 #include "chrome/browser/extensions/api/identity/identity_api.h" |
| 6 | 6 |
| 7 #include "base/values.h" | 7 #include "base/values.h" |
| 8 #include "chrome/browser/extensions/extension_function_dispatcher.h" | 8 #include "chrome/browser/extensions/extension_function_dispatcher.h" |
| 9 #include "chrome/browser/extensions/extension_service.h" | |
| 9 #include "chrome/browser/signin/token_service.h" | 10 #include "chrome/browser/signin/token_service.h" |
| 10 #include "chrome/browser/signin/token_service_factory.h" | 11 #include "chrome/browser/signin/token_service_factory.h" |
| 11 #include "chrome/browser/ui/browser.h" | 12 #include "chrome/browser/ui/browser.h" |
| 12 #include "chrome/browser/ui/tab_contents/tab_contents.h" | 13 #include "chrome/browser/ui/tab_contents/tab_contents.h" |
| 13 #include "chrome/common/extensions/extension.h" | 14 #include "chrome/common/extensions/extension.h" |
| 14 #include "googleurl/src/gurl.h" | 15 #include "googleurl/src/gurl.h" |
| 15 | 16 |
| 16 namespace extensions { | 17 namespace extensions { |
| 17 | 18 |
| 18 namespace { | 19 namespace { |
| 19 | 20 |
| 20 const char kInvalidClientId[] = "Invalid OAuth2 Client ID."; | 21 const char kInvalidClientId[] = "Invalid OAuth2 Client ID."; |
| 21 const char kInvalidScopes[] = "Invalid OAuth2 scopes."; | 22 const char kInvalidScopes[] = "Invalid OAuth2 scopes."; |
| 22 const char kInvalidRedirect[] = "Did not redirect to the right URL."; | 23 const char kInvalidRedirect[] = "Did not redirect to the right URL."; |
| 24 const char kAuthFailure[] = "OAuth2 request failed: "; | |
| 25 const char kGrantRevoked[] = "OAuth2 not granted or revoked."; | |
| 23 | 26 |
| 24 } // namespace | 27 } // namespace |
| 25 | 28 |
| 26 GetAuthTokenFunction::GetAuthTokenFunction() {} | 29 GetAuthTokenFunction::GetAuthTokenFunction() {} |
| 27 GetAuthTokenFunction::~GetAuthTokenFunction() {} | 30 GetAuthTokenFunction::~GetAuthTokenFunction() {} |
| 28 | 31 |
| 29 bool GetAuthTokenFunction::RunImpl() { | 32 bool GetAuthTokenFunction::RunImpl() { |
| 30 const Extension* extension = GetExtension(); | 33 const Extension* extension = GetExtension(); |
| 31 Extension::OAuth2Info oauth2_info = extension->oauth2_info(); | 34 Extension::OAuth2Info oauth2_info = extension->oauth2_info(); |
| 32 | 35 |
| 33 if (oauth2_info.client_id.empty()) { | 36 if (oauth2_info.client_id.empty()) { |
| 34 error_ = kInvalidClientId; | 37 error_ = kInvalidClientId; |
| 35 return false; | 38 return false; |
| 36 } | 39 } |
| 37 | 40 |
| 38 if (oauth2_info.scopes.size() == 0) { | 41 if (oauth2_info.scopes.size() == 0) { |
| 39 error_ = kInvalidScopes; | 42 error_ = kInvalidScopes; |
| 40 return false; | 43 return false; |
| 41 } | 44 } |
| 42 | 45 |
| 43 AddRef(); // Balanced in OnMintTokenSuccess|Failure. | 46 AddRef(); // Balanced in OnMintTokenSuccess|Failure. |
| 44 | 47 |
| 45 TokenService* token_service = TokenServiceFactory::GetForProfile(profile()); | 48 TokenService* token_service = TokenServiceFactory::GetForProfile(profile()); |
| 46 | 49 |
| 47 flow_.reset(new OAuth2MintTokenFlow( | 50 flow_ = new OAuth2MintTokenFlow( |
| 48 profile()->GetRequestContext(), | 51 profile()->GetRequestContext(), |
| 49 this, | 52 this, |
| 50 OAuth2MintTokenFlow::Parameters( | 53 OAuth2MintTokenFlow::Parameters( |
| 51 token_service->GetOAuth2LoginRefreshToken(), | 54 token_service->GetOAuth2LoginRefreshToken(), |
| 52 extension->id(), | 55 extension->id(), |
| 53 oauth2_info.client_id, | 56 oauth2_info.client_id, |
| 54 oauth2_info.scopes, | 57 oauth2_info.scopes, |
| 55 OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE))); | 58 #if defined(TOOLKIT_GTK) |
| 59 // Do not force on Linux. We will re-prompt for authorization. | |
| 60 OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE)); | |
| 61 #else | |
| 62 // For now, silently force the token. The user will never see the | |
| 63 // scopes they are granting. | |
| 64 OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE)); | |
| 65 #endif | |
| 56 flow_->Start(); | 66 flow_->Start(); |
| 57 | 67 |
| 58 return true; | 68 return true; |
| 59 } | 69 } |
| 60 | 70 |
| 61 void GetAuthTokenFunction::OnMintTokenSuccess(const std::string& access_token) { | 71 void GetAuthTokenFunction::OnMintTokenSuccess(const std::string& access_token) { |
| 62 result_.reset(Value::CreateStringValue(access_token)); | 72 result_.reset(Value::CreateStringValue(access_token)); |
| 63 SendResponse(true); | 73 SendResponse(true); |
| 64 Release(); // Balanced in RunImpl. | 74 Release(); // Balanced in RunImpl. |
| 65 } | 75 } |
| 66 | 76 |
| 67 void GetAuthTokenFunction::OnMintTokenFailure( | 77 void GetAuthTokenFunction::OnMintTokenFailure( |
| 68 const GoogleServiceAuthError& error) { | 78 const GoogleServiceAuthError& error) { |
| 69 error_ = error.ToString(); | 79 error_ = std::string(kAuthFailure) + error.ToString(); |
| 70 SendResponse(false); | 80 SendResponse(false); |
| 71 Release(); // Balanced in RunImpl. | 81 Release(); // Balanced in RunImpl. |
| 72 } | 82 } |
| 83 | |
| 84 void GetAuthTokenFunction::OnIssueAdviceSuccess(const IssueAdviceInfo& issues) { | |
| 85 // Existing grant was revoked, so we got info back instead. | |
|
jstritar
2012/06/25 15:10:35
Are you sure OnIssueAdviceSuccess is called when t
Evan Stade
2012/06/25 20:31:42
from my testing, that seems to be the case (althou
Munjal (Google)
2012/06/25 20:40:09
I think this is fine. If the grant is revoked out
| |
| 86 error_ = kGrantRevoked; | |
| 87 | |
| 88 // Remove the oauth2 scopes from the extension's granted permissions, if | |
| 89 // revoked server-side. | |
| 90 scoped_refptr<ExtensionPermissionSet> scopes = | |
| 91 new ExtensionPermissionSet( | |
| 92 GetExtension()->GetActivePermissions()->scopes()); | |
| 93 profile()->GetExtensionService()->extension_prefs()->RemoveGrantedPermissions( | |
| 94 GetExtension()->id(), scopes); | |
| 95 | |
| 96 // TODO(estade): need to prompt the user for scope permissions. | |
| 97 | |
| 98 SendResponse(false); | |
| 99 Release(); // Balanced in RunImpl. | |
| 100 } | |
| 73 | 101 |
| 74 LaunchWebAuthFlowFunction::LaunchWebAuthFlowFunction() {} | 102 LaunchWebAuthFlowFunction::LaunchWebAuthFlowFunction() {} |
| 75 LaunchWebAuthFlowFunction::~LaunchWebAuthFlowFunction() {} | 103 LaunchWebAuthFlowFunction::~LaunchWebAuthFlowFunction() {} |
| 76 | 104 |
| 77 bool LaunchWebAuthFlowFunction::RunImpl() { | 105 bool LaunchWebAuthFlowFunction::RunImpl() { |
| 78 DictionaryValue* arg = NULL; | 106 DictionaryValue* arg = NULL; |
| 79 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(0, &arg)); | 107 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(0, &arg)); |
| 80 | 108 |
| 81 std::string url; | 109 std::string url; |
| 82 EXTENSION_FUNCTION_VALIDATE(arg->GetString("url", &url)); | 110 EXTENSION_FUNCTION_VALIDATE(arg->GetString("url", &url)); |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 102 Release(); // Balanced in RunImpl. | 130 Release(); // Balanced in RunImpl. |
| 103 } | 131 } |
| 104 | 132 |
| 105 void LaunchWebAuthFlowFunction::OnAuthFlowFailure() { | 133 void LaunchWebAuthFlowFunction::OnAuthFlowFailure() { |
| 106 error_ = kInvalidRedirect; | 134 error_ = kInvalidRedirect; |
| 107 SendResponse(false); | 135 SendResponse(false); |
| 108 Release(); // Balanced in RunImpl. | 136 Release(); // Balanced in RunImpl. |
| 109 } | 137 } |
| 110 | 138 |
| 111 } // namespace extensions | 139 } // namespace extensions |
| OLD | NEW |
