Basic OAuth2 support using the native app flow.

remoting/webapp/me2mom/background.js

Index: remoting/webapp/me2mom/background.js
diff --git a/remoting/webapp/me2mom/background.js b/remoting/webapp/me2mom/background.js
index 8a59d19597e973ca33688520e8761a1fc05450d8..1cb54ad5c9e499ca83382c2704ebb761c9fca61f 100644
--- a/remoting/webapp/me2mom/background.js
+++ b/remoting/webapp/me2mom/background.js
@@ -21,12 +21,141 @@ function clearAll() {
   window.localStorage.clear();
 }
 

[Jamie, 2011/05/19 21:01:04]

Does this belong in this file? It doesn't seem to have anything to do with the
background page. Perhaps it should have a file to itself?

[awong, 2011/05/19 21:33:06]

Moved out.

-var oauth = ChromeExOAuth.initBackgroundPage({
-    'request_url': 'https://www.google.com/accounts/OAuthGetRequestToken',
-    'authorize_url': 'https://www.google.com/accounts/OAuthAuthorizeToken',
-    'access_url': 'https://www.google.com/accounts/OAuthGetAccessToken',
-    'consumer_key': 'anonymous',
-    'consumer_secret': 'anonymous',
-    'scope': 'https://www.googleapis.com/auth/chromoting',
-    'app_name': 'Remoting WebApp'
-});
+// Declare an OAuth2 class to handle retrieval/storage of an OAuth2 token.
+//
+// Ideally, this should impelment the OAuth2 PostMessage flow to avoid needing

[Jamie, 2011/05/19 21:01:04]

Nit: implement.

[awong, 2011/05/19 21:33:06]

Done.

+// to copy and paste a code, but that does not support extension URL schemes
+// quite yet. Instead, we currently use the native app flow with an
+// authorization code that the user must cut/paste.
+function OAuth2() {
+  this.OAUTH2_REFRESH_TOKEN_NAME = 'oauth2_refresh_token';
+
+  this.client_id = encodeURIComponent(
+      '440925447803-m890isgsr23kdkcu2erd4mirnrjalf98.' +
+      'apps.googleusercontent.com');
+  this.client_secret = encodeURIComponent('TgKrL73H2kJe6Ir0ufp7bf6e');
+  this.scope = encodeURIComponent(
+      'https://www.googleapis.com/auth/chromoting ' +
+      'https://www.googleapis.com/auth/googletalk');
+  this.redirect_uri = encodeURIComponent('urn:ietf:wg:oauth:2.0:oob');
+}
+
+OAuth2.prototype.isAuthenticated = function() {
+  if(this.getRefreshToken()) {
+    return true;
+  }
+  return false;
+}
+
+OAuth2.prototype.getAccessToken = function() {

[Jamie, 2011/05/19 21:01:04]

I would expect a get method to have a return statement. Perhaps this should be
renamed ensureAccessToken()?

[awong, 2011/05/19 21:33:06]

Cut and paste error.  This function is defined lower.

+  if (!this.isAuthenticated()) {
+    throw "Not Authenticated";
+  }
+}
+
+OAuth2.prototype.clear = function() {
+  removeItem(this.OAUTH2_REFRESH_TOKEN_NAME);
+  delete this.access_token;
+  delete this.access_token_expiration;
+}
+
+OAuth2.prototype.setRefreshToken = function(token) {
+  setItem(this.OAUTH2_REFRESH_TOKEN_NAME, token);
+}
+
+OAuth2.prototype.getRefreshToken = function(token) {
+  return getItem(this.OAUTH2_REFRESH_TOKEN_NAME);
+}
+
+OAuth2.prototype.setAccessToken = function(token, expiration) {
+  this.access_token = token;
+  this.access_token_expiration = expiration;
+}
+
+OAuth2.prototype.needsNewAccessToken = function() {
+  if (!this.isAuthenticated()) {
+    throw "Not Authenticated.";
+  }
+  if (!this.access_token) {
+    return true;
+  }
+  if (Date.now() > this.access_token_expiration) {
+    return true;
+  }
+  return false;
+}
+
+OAuth2.prototype.getAccessToken = function() {
+  if (this.needsNewAccessToken()) {
+    throw "Access Token expired.";
+  }
+  return this.access_token;
+}
+
+OAuth2.prototype.refreshAccessToken = function(on_done) {
+  if (!this.isAuthenticated()) {
+    throw "Not Authenticated.";
+  }
+  var xhr = new XMLHttpRequest();
+  var that = this;

[Jamie, 2011/05/19 21:01:04]

:)

[awong, 2011/05/19 21:33:06]

Heh...apparently "var that = this;" is a common javascript idiom...at least
according to StackOverflow. :-/

+  xhr.onreadystatechange = function() {
+    if (xhr.readyState != 4) {
+      return;
+    }
+    if (xhr.status == 200) {
+      tokens = JSON.parse(xhr.responseText);
+      that.setAccessToken(tokens['access_token'],
+                          tokens['expires_in'] * 1000 + Date.now());
+    } else {
+      console.log("Refresh access token failed. Status: " + xhr.status +
+                  " response: " + xhr.responseText);
+    }
+    on_done();
+  };
+  xhr.open('POST', 'https://accounts.google.com/o/oauth2/token', true);
+  xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
+  var post_data = 'client_id=' + this.client_id
+      + '&client_secret=' + this.client_secret
+      + '&refresh_token=' + encodeURIComponent(this.getRefreshToken())
+      + '&grant_type=refresh_token';
+  xhr.send(post_data);
+}
+
+OAuth2.prototype.openOAuth2Window = function() {
+  var GET_CODE_URL = 'https://accounts.google.com/o/oauth2/auth?'
+      + 'client_id=' + this.client_id
+      + '&redirect_uri=' + this.redirect_uri
+      + '&scope=' + this.scope
+      + '&response_type=code';
+  window.open(GET_CODE_URL);
+}
+
+OAuth2.prototype.exchangeCodeForToken = function(code, on_done) {
+  var xhr = new XMLHttpRequest();
+  var that = this;
+  xhr.onreadystatechange = function() {
+    if (xhr.readyState != 4) {
+      return;
+    }
+    if (xhr.status == 200) {
+      tokens = JSON.parse(xhr.responseText);
+      that.setRefreshToken(tokens['refresh_token']);
+      that.setAccessToken(tokens['access_token'],
+                          tokens['expires_in'] + Date.now());
+    } else {
+      console.log("Code exchnage failed. Status: " + xhr.status +
+                  " response: " + xhr.responseText);
+    }
+    on_done();
+  };
+  xhr.open('POST', 'https://accounts.google.com/o/oauth2/token', true);
+  xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
+  var post_data = 'client_id=' + this.client_id
+      + '&client_secret=' + this.client_secret
+      + '&redirect_uri=' + this.redirect_uri
+      + '&code=' + encodeURIComponent(code)
+      + '&grant_type=authorization_code';
+  xhr.send(post_data);
+}
+
+var oauth2 = new OAuth2();