Identity API: web-based scope approval dialogs for getAuthToken

chrome/browser/extensions/api/identity/gaia_web_auth_flow.h

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
+#define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
+
+#include "chrome/browser/extensions/api/identity/web_auth_flow.h"
+#include "chrome/browser/signin/ubertoken_fetcher.h"
+#include "chrome/browser/ui/host_desktop.h"
+#include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
+
+namespace extensions {
+
+// Implements a web-based OAuth2 scope approval dialog. This flow has
+// four parts:
+// 1. Fetch an ubertoken for the signed-in user.
+// 2. Use the ubertoken to get session cookies using MergeSession.
+// 3. Start the OAuth flow and wait for final redirect.
+// 4. Parse results from the fragment component of the final redirect URI.
+//
+// The OAuth flow is a special version of the OAuth2 out-of-band flow
+// where the final response page's title contains the
+// redirect_uri. The redirect URI has an unusual format to prevent its
+// use in other contexts. The scheme of the URI is a reversed version
+// of the OAuth client ID, and the path starts with the Chrome
+// extension ID. For example, an app with the OAuth client ID
+// "32610281651.apps.googleusercontent.com" and a Chrome app ID
+// "kbinjhdkhikmpjoejcfofghmjjpidcnj", would get redirected to:
+//
+// com.googleusercontent.apps.32610281651:/kbinjhdkhikmpjoejcfofghmjjpidcnj
+//
+// Arriving at this URI completes the flow. The last response from
+// gaia does a JavaScript redirect to the special URI, but also
+// includes the same URI in its title. The navigation to this URI gets
+// filtered out because of its unusual protocol scheme, so
+// GaiaWebAuthFlow pulls it out of the window title instead.
+
+class GaiaWebAuthFlow : public UbertokenConsumer, public WebAuthFlow::Delegate {
+ public:
+  enum Failure {
+    WINDOW_CLOSED,  // Window closed by user.
+    INVALID_REDIRECT,  // Redirect parse error.
+    SERVICE_AUTH_ERROR  // Non-OAuth related authentication error
+  };
+
+  class Delegate {
+   public:
+    virtual void OnGaiaFlowFailure(Failure failure,
+                                   GoogleServiceAuthError service_error) = 0;
+    virtual void OnGaiaFlowCompleted(const std::string& access_token,
+                                     const std::string& expiration,
+                                     const std::string& error) = 0;

[asargent_no_longer_on_chrome, 2013/05/16 21:39:20]

nit: It seems slightly unexpected that there are separate "Failure" and
"Completed" callbacks, but the "Completed" one contains an |error| parameter
that needs to be checked. I guess there are different kinds of failure? Perhaps
worth a comment here. 

[Michael Courage, 2013/05/16 22:44:08]

I was thinking of these errors as special because they don't involve protocol or
network failures, but from the caller POV they aren't really that special, so I
moved them to the FlowFailure call.

+  };
+
+  GaiaWebAuthFlow(Delegate* delegate,
+                  Profile* profile,
+                  chrome::HostDesktopType host_desktop_type,
+                  const std::string& extension_id,
+                  const OAuth2Info& oauth2_info);
+  virtual ~GaiaWebAuthFlow();
+
+  // Starts the flow by fetching an ubertoken. Can override for testing.
+  virtual void Start();
+
+  // UbertokenConsumer implementation:
+  virtual void OnUbertokenSuccess(const std::string& token) OVERRIDE;
+  virtual void OnUbertokenFailure(const GoogleServiceAuthError& error) OVERRIDE;
+
+  // WebAuthFlow::Delegate implementation.
+  virtual void OnAuthFlowFailure(WebAuthFlow::Failure failure) OVERRIDE;
+  virtual void OnAuthFlowURLChange(const GURL& redirect_url) OVERRIDE;
+  virtual void OnAuthFlowTitleChange(const std::string& title) OVERRIDE;
+
+ private:
+  // Creates a WebAuthFlow, which will navigate to |url|. Can override
+  // for testing. Used to kick off the MergeSession (step #2).
+  virtual scoped_ptr<WebAuthFlow> CreateWebAuthFlow(GURL url);
+
+  Delegate* delegate_;
+  Profile* profile_;
+  chrome::HostDesktopType host_desktop_type_;
+  std::string redirect_scheme_;
+  std::string redirect_path_prefix_;
+  std::string auth_url_;

[asargent_no_longer_on_chrome, 2013/05/16 21:39:20]

Any reason you aren't using a GURL here for |auth_url_|? This doesn't end up
containing the special invalid url mentioned in the overview comments up top
does it?

[Michael Courage, 2013/05/16 22:44:08]

Done. No crazy URLs here.

+  scoped_ptr<UbertokenFetcher> ubertoken_fetcher_;
+  scoped_ptr<WebAuthFlow> web_flow_;
+
+  DISALLOW_COPY_AND_ASSIGN(GaiaWebAuthFlow);
+};
+
+}  // extensions
+
+#endif  // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_