Chromium Code Reviews Chromium Code Reviews
Issue 12538009:
Public Sessions: fetch device robot api token during enterprise enrollment. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| index e44443d728057bc1ad2109a0260656fdfb8eca9d..08de8614a9fa8b971a722630180732279cbb1361 100644 |
| --- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| +++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| @@ -16,6 +16,7 @@ |
| #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| #include "chrome/browser/policy/cloud/cloud_policy_client.h" |
| #include "chrome/browser/policy/cloud/cloud_policy_store.h" |
| +#include "google_apis/gaia/gaia_oauth_client.h" |
| namespace enterprise_management { |
| class PolicyFetchResponse; |
| @@ -27,12 +28,16 @@ namespace policy { |
| // devices. The process is as follows: |
| // 1. Given an auth token, register with the policy service. |
| // 2. Download the initial policy blob from the service. |
| +// it. |
|
Mattias Nissler (ping if slow)
2013/04/22 10:59:00
away.
David Roche
2013/04/23 01:36:08
Oops, should have moved down with other lines. T
|
| // 3. Verify the policy blob. Everything up to this point doesn't touch device |
| // state. |
| -// 4. Establish the device lock in installation-time attributes. |
| -// 5. Store the policy blob. |
| +// 4. Download the OAuth2 authorization code for device-level API access. |
| +// 5. Download the OAuth2 refresh token for device-level API access and store |
| +// 6. Establish the device lock in installation-time attributes. |
| +// 7. Store the policy blob and API refresh token. |
| class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| - public CloudPolicyStore::Observer { |
| + public CloudPolicyStore::Observer, |
| + public gaia::GaiaOAuthClient::Delegate { |
| public: |
| typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes |
| AllowedDeviceModes; |
| @@ -64,24 +69,37 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| // CloudPolicyClient::Observer: |
| virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; |
| virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; |
| + virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE; |
| virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; |
| // CloudPolicyStore::Observer: |
| virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; |
| virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; |
| + // GaiaOAuthClient::Delegate: |
| + virtual void OnGetTokensResponse(const std::string& refresh_token, |
| + const std::string& access_token, |
| + int expires_in_seconds) OVERRIDE; |
| + virtual void OnRefreshTokenResponse(const std::string& access_token, |
| + int expires_in_seconds) OVERRIDE; |
| + virtual void OnOAuthError() OVERRIDE; |
| + virtual void OnNetworkError(int response_code) OVERRIDE; |
| + |
| private: |
| // Indicates what step of the process is currently pending. These steps need |
| // to be listed in the order they are traversed in. |
| enum EnrollmentStep { |
| - STEP_PENDING, // Not started yet. |
| - STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
| - STEP_REGISTRATION, // Currently registering the client. |
| - STEP_POLICY_FETCH, // Fetching policy. |
| - STEP_VALIDATION, // Policy validation. |
| - STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| - STEP_STORE_POLICY, // Storing policy. |
| - STEP_FINISHED, // Enrollment process finished, no further action. |
| + STEP_PENDING, // Not started yet. |
| + STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
| + STEP_REGISTRATION, // Currently registering the client. |
| + STEP_POLICY_FETCH, // Fetching policy. |
| + STEP_VALIDATION, // Policy validation. |
| + STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code. |
| + STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token. |
| + STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| + STEP_STORE_POLICY, // Storing policy. |
| + STEP_STORE_ROBOT_AUTH, // Storing device API refresh token. |
| + STEP_FINISHED, // Enrollment process finished, no further action. |
| }; |
| // Starts registration if the store is initialized. |
| @@ -115,9 +133,11 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| DeviceCloudPolicyStoreChromeOS* store_; |
| EnterpriseInstallAttributes* install_attributes_; |
| scoped_ptr<CloudPolicyClient> client_; |
| + scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; |
| std::string auth_token_; |
| std::string client_id_; |
| + std::string robot_refresh_token_; |
| bool is_auto_enrollment_; |
| AllowedDeviceModes allowed_device_modes_; |
| EnrollmentCallback completion_callback_; |
| @@ -125,8 +145,10 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| // The device mode as received in the registration request. |
| DeviceMode device_mode_; |
| - // The validated policy response to be installed in the store. |
| + // The validated policy response info to be installed in the store. |
| scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; |
| + std::string username_; |
| + std::string device_id_; |
| // Current enrollment step. |
| EnrollmentStep enrollment_step_; |
