Wire up the identity API for enterprise Kiosk Apps.

chrome/browser/extensions/api/identity/experimental_identity_api.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/identity/experimental_identity_api.h"
 
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/app_mode/app_mode_utils.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/api/identity/identity_api.h"
 #include "chrome/browser/extensions/extension_install_prompt.h"
+#include "chrome/browser/policy/browser_policy_connector.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/signin/token_service_factory.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/common/extensions/api/experimental_identity.h"
 #include "chrome/common/extensions/api/identity.h"
 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_manifest_constants.h"
 #include "chrome/common/extensions/manifest_handler.h"
 #include "chrome/common/url_constants.h"
 #include "content/public/common/page_transition_types.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "googleurl/src/gurl.h"
 #include "ui/base/window_open_disposition.h"
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
+#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
 #endif
 
 namespace extensions {
 
 namespace {
 
 static const char kChromiumDomainRedirectUrlPattern[] =
     "https://%s.chromiumapp.org/";
 
 }  // namespace
@@ skipping 32 matching lines @@
   }
 
   if (oauth2_info.scopes.size() == 0) {
     error_ = identity_constants::kInvalidScopes;
     return false;
   }
 
   // Balanced in CompleteFunctionWithResult|CompleteFunctionWithError
   AddRef();
 
+#if defined(OS_CHROMEOS)
+  if (chromeos::UserManager::Get()->IsLoggedInAsKioskApp() &&
+      g_browser_process->browser_policy_connector()->IsEnterpriseManaged()) {

[zel, 2013/06/19 03:09:35]

do you want to test if DeviceOAuth2TokenServiceFactory has refresh token?

[Mattias Nissler (ping if slow), 2013/06/19 03:44:40]

Since we don't have the intention to send the user through the auth flow, the
only thing we'd do if there's no token would be to bail out early. But then
again, there's no harm in having DeviceOAuth2TokenService handle that situation
(i.e. reporting an error immediately).

[zel, 2013/06/19 21:46:25]

Actually, we can still let app show sign-in UI on this identity API call. That
way you will still permit enrolled kiosk app that don't have robot accounts
associated with them.  

+    OAuth2TokenService::ScopeSet scope_set(oauth2_info.scopes.begin(),
+                                           oauth2_info.scopes.end());
+    device_token_request_ =
+        chromeos::DeviceOAuth2TokenServiceFactory::Get()->StartRequest(
+            scope_set, this);
+    return true;
+  }
+#endif
+
   if (!HasLoginToken()) {
     if (!should_prompt_for_signin_) {
       error_ = identity_constants::kUserNotSignedIn;
       Release();
       return false;
     }
     // Display a login prompt.
     StartSigninFlow();
   } else {
     TokenService* token_service = TokenServiceFactory::GetForProfile(profile());
@@ skipping 104 matching lines @@
   // The user has accepted the scopes, so we may now force (recording a grant
   // and receiving a token).
   StartGaiaRequest(OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE);
 }
 
 void ExperimentalIdentityGetAuthTokenFunction::InstallUIAbort(
     bool user_initiated) {
   CompleteFunctionWithError(identity_constants::kUserRejected);
 }
 
+void ExperimentalIdentityGetAuthTokenFunction::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const base::Time& expiration_time) {
+  DCHECK_EQ(device_token_request_.get(), request);
+  device_token_request_.reset();
+
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension());
+  IdentityTokenCacheValue token(access_token,
+                                expiration_time - base::Time::Now());
+  IdentityAPI::GetFactoryInstance()->GetForProfile(profile())->SetCachedToken(
+      GetExtension()->id(), oauth2_info.scopes, token);
+
+  CompleteFunctionWithResult(access_token);
+}
+
+void ExperimentalIdentityGetAuthTokenFunction::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  DCHECK_EQ(device_token_request_.get(), request);
+  device_token_request_.reset();
+
+  CompleteFunctionWithError(error.ToString());
+}
+
 void ExperimentalIdentityGetAuthTokenFunction::StartGaiaRequest(
     OAuth2MintTokenFlow::Mode mode) {
   mint_token_flow_.reset(CreateMintTokenFlow(mode));
   mint_token_flow_->Start();
 }
 
 void ExperimentalIdentityGetAuthTokenFunction::ShowLoginPopup() {
   signin_flow_.reset(new IdentitySigninFlow(this, profile()));
   signin_flow_->Start();
 }
@@ skipping 140 matching lines @@
   }
 }
 
 void ExperimentalIdentityLaunchWebAuthFlowFunction::
     InitFinalRedirectURLPrefixesForTest(const std::string& extension_id) {
   final_prefixes_.clear();
   InitFinalRedirectURLPrefixes(extension_id);
 }
 
 }  // namespace extensions