Chromium Code Reviews Chromium Code Reviews
Issue 15148007:
Identity API: web-based scope approval dialogs for getAuthToken (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ | 5 #ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ |
| 6 #define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ | 6 #define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/memory/weak_ptr.h" | 13 #include "base/memory/weak_ptr.h" |
| 14 #include "chrome/browser/extensions/api/identity/gaia_web_auth_flow.h" | |
| 14 #include "chrome/browser/extensions/api/identity/identity_mint_queue.h" | 15 #include "chrome/browser/extensions/api/identity/identity_mint_queue.h" |
| 15 #include "chrome/browser/extensions/api/identity/identity_signin_flow.h" | 16 #include "chrome/browser/extensions/api/identity/identity_signin_flow.h" |
| 16 #include "chrome/browser/extensions/api/identity/web_auth_flow.h" | 17 #include "chrome/browser/extensions/api/identity/web_auth_flow.h" |
| 17 #include "chrome/browser/extensions/api/profile_keyed_api_factory.h" | 18 #include "chrome/browser/extensions/api/profile_keyed_api_factory.h" |
| 18 #include "chrome/browser/extensions/extension_function.h" | 19 #include "chrome/browser/extensions/extension_function.h" |
| 19 #include "chrome/browser/extensions/extension_install_prompt.h" | |
| 20 #include "chrome/browser/signin/signin_global_error.h" | 20 #include "chrome/browser/signin/signin_global_error.h" |
| 21 #include "google_apis/gaia/oauth2_mint_token_flow.h" | 21 #include "google_apis/gaia/oauth2_mint_token_flow.h" |
| 22 | 22 |
| 23 class GetAuthTokenFunctionTest; | |
| 24 class MockGetAuthTokenFunction; | |
| 25 class GoogleServiceAuthError; | 23 class GoogleServiceAuthError; |
| 26 class Profile; | 24 class Profile; |
| 27 class SigninManagerBase; | 25 class SigninManagerBase; |
| 28 | 26 |
| 29 namespace extensions { | 27 namespace extensions { |
| 30 | 28 |
| 29 class GetAuthTokenFunctionTest; | |
| 30 class MockGetAuthTokenFunction; | |
| 31 | |
| 31 namespace identity_constants { | 32 namespace identity_constants { |
| 32 extern const char kInvalidClientId[]; | 33 extern const char kInvalidClientId[]; |
| 33 extern const char kInvalidScopes[]; | 34 extern const char kInvalidScopes[]; |
| 34 extern const char kAuthFailure[]; | 35 extern const char kAuthFailure[]; |
| 35 extern const char kNoGrant[]; | 36 extern const char kNoGrant[]; |
| 36 extern const char kUserRejected[]; | 37 extern const char kUserRejected[]; |
| 37 extern const char kUserNotSignedIn[]; | 38 extern const char kUserNotSignedIn[]; |
| 38 extern const char kInteractionRequired[]; | 39 extern const char kInteractionRequired[]; |
| 39 extern const char kInvalidRedirect[]; | 40 extern const char kInvalidRedirect[]; |
| 40 extern const char kOffTheRecord[]; | 41 extern const char kOffTheRecord[]; |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 51 // | 52 // |
| 52 // The interactive flow presents a scope approval dialog to the | 53 // The interactive flow presents a scope approval dialog to the |
| 53 // user. If the user approves the request, a grant will be recorded on | 54 // user. If the user approves the request, a grant will be recorded on |
| 54 // the server, and an access token will be returned to the caller. | 55 // the server, and an access token will be returned to the caller. |
| 55 // | 56 // |
| 56 // In some cases we need to display a sign-in dialog. Normally the | 57 // In some cases we need to display a sign-in dialog. Normally the |
| 57 // profile will be signed in already, but if it turns out we need a | 58 // profile will be signed in already, but if it turns out we need a |
| 58 // new login token, there is a sign-in flow. If that flow completes | 59 // new login token, there is a sign-in flow. If that flow completes |
| 59 // successfully, getAuthToken proceeds to the non-interactive flow. | 60 // successfully, getAuthToken proceeds to the non-interactive flow. |
| 60 class IdentityGetAuthTokenFunction : public AsyncExtensionFunction, | 61 class IdentityGetAuthTokenFunction : public AsyncExtensionFunction, |
| 61 public ExtensionInstallPrompt::Delegate, | 62 public GaiaWebAuthFlow::Delegate, |
| 62 public IdentityMintRequestQueue::Request, | 63 public IdentityMintRequestQueue::Request, |
| 63 public OAuth2MintTokenFlow::Delegate, | 64 public OAuth2MintTokenFlow::Delegate, |
| 64 public IdentitySigninFlow::Delegate { | 65 public IdentitySigninFlow::Delegate { |
| 65 public: | 66 public: |
| 66 DECLARE_EXTENSION_FUNCTION("identity.getAuthToken", | 67 DECLARE_EXTENSION_FUNCTION("identity.getAuthToken", |
| 67 EXPERIMENTAL_IDENTITY_GETAUTHTOKEN); | 68 EXPERIMENTAL_IDENTITY_GETAUTHTOKEN); |
| 68 | 69 |
| 69 IdentityGetAuthTokenFunction(); | 70 IdentityGetAuthTokenFunction(); |
| 70 | 71 |
| 71 protected: | 72 protected: |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 95 int time_to_live) OVERRIDE; | 96 int time_to_live) OVERRIDE; |
| 96 virtual void OnMintTokenFailure( | 97 virtual void OnMintTokenFailure( |
| 97 const GoogleServiceAuthError& error) OVERRIDE; | 98 const GoogleServiceAuthError& error) OVERRIDE; |
| 98 virtual void OnIssueAdviceSuccess( | 99 virtual void OnIssueAdviceSuccess( |
| 99 const IssueAdviceInfo& issue_advice) OVERRIDE; | 100 const IssueAdviceInfo& issue_advice) OVERRIDE; |
| 100 | 101 |
| 101 // IdentitySigninFlow::Delegate implementation: | 102 // IdentitySigninFlow::Delegate implementation: |
| 102 virtual void SigninSuccess(const std::string& token) OVERRIDE; | 103 virtual void SigninSuccess(const std::string& token) OVERRIDE; |
| 103 virtual void SigninFailed() OVERRIDE; | 104 virtual void SigninFailed() OVERRIDE; |
| 104 | 105 |
| 105 // ExtensionInstallPrompt::Delegate implementation: | 106 // GaiaWebAuthFlow::Delegate implementation: |
| 106 virtual void InstallUIProceed() OVERRIDE; | 107 virtual void OnGaiaFlowFailure(GaiaWebAuthFlow::Failure failure, |
| 107 virtual void InstallUIAbort(bool user_initiated) OVERRIDE; | 108 GoogleServiceAuthError service_error) OVERRIDE; |
| 109 virtual void OnGaiaFlowCompleted(const std::string& access_token, | |
| 110 const std::string& expiration, | |
| 111 const std::string& error) OVERRIDE; | |
| 108 | 112 |
| 109 // Starts a mint token request to GAIA. | 113 // Starts a mint token request to GAIA. |
| 110 void StartGaiaRequest(OAuth2MintTokenFlow::Mode mode); | 114 void StartGaiaRequest(OAuth2MintTokenFlow::Mode mode); |
| 111 | 115 |
| 112 // Methods for invoking UI. Overridable for testing. | 116 // Methods for invoking UI. Overridable for testing. |
| 113 virtual void ShowLoginPopup(); | 117 virtual void ShowLoginPopup(); |
| 114 virtual void ShowOAuthApprovalDialog(const IssueAdviceInfo& issue_advice); | 118 virtual void ShowOAuthApprovalDialog(const IssueAdviceInfo& issue_advice); |
| 115 // Caller owns the returned instance. | 119 // Caller owns the returned instance. |
| 116 virtual OAuth2MintTokenFlow* CreateMintTokenFlow( | 120 virtual OAuth2MintTokenFlow* CreateMintTokenFlow( |
| 117 OAuth2MintTokenFlow::Mode mode); | 121 OAuth2MintTokenFlow::Mode mode); |
| 118 | 122 |
| 119 // Checks if there is a master login token to mint tokens for the extension. | 123 // Checks if there is a master login token to mint tokens for the extension. |
| 120 virtual bool HasLoginToken() const; | 124 virtual bool HasLoginToken() const; |
| 121 | 125 |
| 126 // Maps OAuth2 protocol errors to an error message. | |
|
asargent_no_longer_on_chrome
2013/05/16 21:39:20
nit: it might be helpful to mention who the audien
Michael Courage
2013/05/16 22:44:08
Done.
| |
| 127 std::string MapOAuth2ErrorToDescription(const std::string& error); | |
| 128 | |
| 122 bool should_prompt_for_scopes_; | 129 bool should_prompt_for_scopes_; |
| 123 IdentityMintRequestQueue::MintType mint_token_flow_type_; | 130 IdentityMintRequestQueue::MintType mint_token_flow_type_; |
| 124 scoped_ptr<OAuth2MintTokenFlow> mint_token_flow_; | 131 scoped_ptr<OAuth2MintTokenFlow> mint_token_flow_; |
| 125 std::string refresh_token_; | 132 std::string refresh_token_; |
| 126 bool should_prompt_for_signin_; | 133 bool should_prompt_for_signin_; |
| 127 | 134 |
| 128 // When launched in interactive mode, and if there is no existing grant, | 135 // When launched in interactive mode, and if there is no existing grant, |
| 129 // a permissions prompt will be popped up to the user. | 136 // a permissions prompt will be popped up to the user. |
| 130 IssueAdviceInfo issue_advice_; | 137 IssueAdviceInfo issue_advice_; |
| 131 scoped_ptr<ExtensionInstallPrompt> install_ui_; | 138 scoped_ptr<GaiaWebAuthFlow> gaia_web_auth_flow_; |
| 132 scoped_ptr<IdentitySigninFlow> signin_flow_; | 139 scoped_ptr<IdentitySigninFlow> signin_flow_; |
| 133 }; | 140 }; |
| 134 | 141 |
| 135 class IdentityRemoveCachedAuthTokenFunction : public SyncExtensionFunction { | 142 class IdentityRemoveCachedAuthTokenFunction : public SyncExtensionFunction { |
| 136 public: | 143 public: |
| 137 DECLARE_EXTENSION_FUNCTION("identity.removeCachedAuthToken", | 144 DECLARE_EXTENSION_FUNCTION("identity.removeCachedAuthToken", |
| 138 EXPERIMENTAL_IDENTITY_REMOVECACHEDAUTHTOKEN) | 145 EXPERIMENTAL_IDENTITY_REMOVECACHEDAUTHTOKEN) |
| 139 IdentityRemoveCachedAuthTokenFunction(); | 146 IdentityRemoveCachedAuthTokenFunction(); |
| 140 | 147 |
| 141 protected: | 148 protected: |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 156 // Tests may override extension_id. | 163 // Tests may override extension_id. |
| 157 void InitFinalRedirectURLPrefixForTest(const std::string& extension_id); | 164 void InitFinalRedirectURLPrefixForTest(const std::string& extension_id); |
| 158 | 165 |
| 159 private: | 166 private: |
| 160 virtual ~IdentityLaunchWebAuthFlowFunction(); | 167 virtual ~IdentityLaunchWebAuthFlowFunction(); |
| 161 virtual bool RunImpl() OVERRIDE; | 168 virtual bool RunImpl() OVERRIDE; |
| 162 | 169 |
| 163 // WebAuthFlow::Delegate implementation. | 170 // WebAuthFlow::Delegate implementation. |
| 164 virtual void OnAuthFlowFailure(WebAuthFlow::Failure failure) OVERRIDE; | 171 virtual void OnAuthFlowFailure(WebAuthFlow::Failure failure) OVERRIDE; |
| 165 virtual void OnAuthFlowURLChange(const GURL& redirect_url) OVERRIDE; | 172 virtual void OnAuthFlowURLChange(const GURL& redirect_url) OVERRIDE; |
| 173 virtual void OnAuthFlowTitleChange(const std::string& title) OVERRIDE {} | |
| 166 | 174 |
| 167 // Helper to initialize final URL prefix. | 175 // Helper to initialize final URL prefix. |
| 168 void InitFinalRedirectURLPrefix(const std::string& extension_id); | 176 void InitFinalRedirectURLPrefix(const std::string& extension_id); |
| 169 | 177 |
| 170 scoped_ptr<WebAuthFlow> auth_flow_; | 178 scoped_ptr<WebAuthFlow> auth_flow_; |
| 171 GURL final_url_prefix_; | 179 GURL final_url_prefix_; |
| 172 }; | 180 }; |
| 173 | 181 |
| 174 class IdentityTokenCacheValue { | 182 class IdentityTokenCacheValue { |
| 175 public: | 183 public: |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 261 IdentityMintRequestQueue mint_queue_; | 269 IdentityMintRequestQueue mint_queue_; |
| 262 std::map<TokenCacheKey, IdentityTokenCacheValue> token_cache_; | 270 std::map<TokenCacheKey, IdentityTokenCacheValue> token_cache_; |
| 263 }; | 271 }; |
| 264 | 272 |
| 265 template <> | 273 template <> |
| 266 void ProfileKeyedAPIFactory<IdentityAPI>::DeclareFactoryDependencies(); | 274 void ProfileKeyedAPIFactory<IdentityAPI>::DeclareFactoryDependencies(); |
| 267 | 275 |
| 268 } // namespace extensions | 276 } // namespace extensions |
| 269 | 277 |
| 270 #endif // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ | 278 #endif // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ |
| OLD | NEW |
