Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(96)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/api/identity/gaia_web_auth_flow.h

Issue 15148007: Identity API: web-based scope approval dialogs for getAuthToken (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: better protocol description Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/extensions/api/identity/gaia_web_auth_flow.cc » ('j') | chrome/browser/extensions/api/identity/gaia_web_auth_flow.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/api/identity/gaia_web_auth_flow.h
diff --git a/chrome/browser/extensions/api/identity/gaia_web_auth_flow.h b/chrome/browser/extensions/api/identity/gaia_web_auth_flow.h
new file mode 100644
index 0000000000000000000000000000000000000000..8c07cd18eae05bf420fe0782d95575ca83fb183b
--- /dev/null
+++ b/chrome/browser/extensions/api/identity/gaia_web_auth_flow.h
@@ -0,0 +1,93 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
+#define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
+
+#include "chrome/browser/extensions/api/identity/web_auth_flow.h"
+#include "chrome/browser/signin/ubertoken_fetcher.h"
+#include "chrome/browser/ui/host_desktop.h"
+#include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
+
+namespace extensions {
+
+// Implements a web-based OAuth2 scope approval dialog. This flow has
+// four parts:
+// 1. Fetch an ubertoken for the signed-in user.
+// 2. Use the ubertoken to get session cookies using MergeSession.
+// 3. Start the OAuth flow and wait for final redirect.
+// 4. Parse results from the fragment component of the final redirect URI.
+//
+// The OAuth flow is a special version of the OAuth2 out-of-band flow
+// where the final response page's title contains the
+// redirect_uri. The redirect URI has an unusual format to prevent its
+// use in other contexts. The scheme of the URI is a reversed version
+// of the OAuth client ID, and the path starts with the Chrome
+// extension ID. For example, an app with the OAuth client ID
+// "32610281651.apps.googleusercontent.com" and a Chrome app ID
+// "kbinjhdkhikmpjoejcfofghmjjpidcnj", would get redirected to:
+//
+// com.googleusercontent.apps.32610281651:/kbinjhdkhikmpjoejcfofghmjjpidcnj
+//
+// Arriving at this URI completes the flow. The last response from
+// gaia does a JavaScript redirect to the special URI, but also
+// includes the same URI in its title. The navigation to this URI gets
+// filtered out because of its unusual protocol scheme, so
+// GaiaWebAuthFlow pulls it out of the window title instead.
+
+class GaiaWebAuthFlow : public UbertokenConsumer, public WebAuthFlow::Delegate {
+ public:
+ enum Failure {
+ WINDOW_CLOSED, // Window closed by user.
+ INVALID_REDIRECT, // Redirect parse error.
+ SERVICE_AUTH_ERROR // Non-OAuth related authentication error
+ };
+
+ class Delegate {
+ public:
+ virtual void OnGaiaFlowFailure(Failure failure,
+ GoogleServiceAuthError service_error) = 0;
+ virtual void OnGaiaFlowCompleted(const std::string& token,
Roger Tawa OOO till Jul 10th 2013/05/16 16:06:15 Change name to |access_token| to make it clearer?
Michael Courage 2013/05/16 20:39:02 Done.
+ const std::string& expiration,
+ const std::string& error) = 0;
+ };
+
+ GaiaWebAuthFlow(Delegate* delegate,
+ Profile* profile,
+ chrome::HostDesktopType host_desktop_type,
+ const std::string& extension_id,
+ const OAuth2Info& oauth2_info);
+ virtual ~GaiaWebAuthFlow();
+
+ // Starts the flow by fetching an ubertoken. Can override for testing.
+ virtual void Start();
+
+ // UbertokenConsumer implementation:
+ virtual void OnUbertokenSuccess(const std::string& token) OVERRIDE;
+ virtual void OnUbertokenFailure(const GoogleServiceAuthError& error) OVERRIDE;
+
+ // WebAuthFlow::Delegate implementation.
+ virtual void OnAuthFlowFailure(WebAuthFlow::Failure failure) OVERRIDE;
+ virtual void OnAuthFlowURLChange(const GURL& redirect_url) OVERRIDE;
+ virtual void OnAuthFlowTitleChange(const std::string& title) OVERRIDE;
+
+ private:
+ // Creates an interactive flow. Can override for testing.
Roger Tawa OOO till Jul 10th 2013/05/16 16:06:15 Add description of |url| arg.
Michael Courage 2013/05/16 20:39:02 Done.
+ virtual scoped_ptr<WebAuthFlow> CreateWebAuthFlow(GURL url);
+
+ Delegate* delegate_;
+ Profile* profile_;
+ chrome::HostDesktopType host_desktop_type_;
+ std::string redirect_scheme_;
+ std::string redirect_path_prefix_;
+ std::string auth_url_;
+ scoped_ptr<UbertokenFetcher> ubertoken_fetcher_;
+ scoped_ptr<WebAuthFlow> web_flow_;
+
+ DISALLOW_COPY_AND_ASSIGN(GaiaWebAuthFlow);
+};
+
+} // extensions
+
+#endif // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
« no previous file with comments | « no previous file | chrome/browser/extensions/api/identity/gaia_web_auth_flow.cc » ('j') | chrome/browser/extensions/api/identity/gaia_web_auth_flow.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698