Support service accounts in the chromoting host.

remoting/host/signaling_connector.cc

Index: remoting/host/signaling_connector.cc
diff --git a/remoting/host/signaling_connector.cc b/remoting/host/signaling_connector.cc
index 67c142fb3019e6bf5819a3b33d772d560b22f9a4..7c6cb7ef864753cc4b86a7d44e2b8ad89cb53357 100644
--- a/remoting/host/signaling_connector.cc
+++ b/remoting/host/signaling_connector.cc
@@ -6,6 +6,7 @@
 
 #include "base/bind.h"
 #include "base/callback.h"
+#include "base/strings/string_util.h"
 #include "google_apis/google_api_keys.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
@@ -26,9 +27,11 @@ const int kTokenUpdateTimeBeforeExpirySeconds = 60;
 
 SignalingConnector::OAuthCredentials::OAuthCredentials(
     const std::string& login_value,
-    const std::string& refresh_token_value)
+    const std::string& refresh_token_value,
+    bool is_service_account)
     : login(login_value),
-      refresh_token(refresh_token_value) {
+      refresh_token(refresh_token_value),
+      is_service_account(is_service_account) {
 }
 
 SignalingConnector::SignalingConnector(
@@ -228,12 +231,20 @@ void SignalingConnector::RefreshOAuthToken() {
   LOG(INFO) << "Refreshing OAuth token.";
   DCHECK(!refreshing_oauth_token_);
 
+  // Service accounts use different API keys, as they use the client app flow.

[rmsousa, 2013/07/23 21:50:21]

Yuck. Longer explanation - Service Accounts use the client app flow
(redirect_uri = oob). Our current host client IDs only support the server flow
(redirect_uri = real server, in our case talk gadget). The dev console doesn't
allow the same client IDs to be used for both flows. So we need to add another
client ID, to be used specifically for service accounts.

On the upside, this means that once we fully move to appsv2 and service
accounts, we can get rid of the old oauth.js flow and client IDs entirely - the
client will use the new identity API flow, and the host will use the service
account flow.

+  google_apis::OAuth2Client oauth2_client;
+  if (oauth_credentials_->is_service_account) {
+    oauth2_client = google_apis::CLIENT_REMOTING_SERVICE_ACCOUNT;
+  } else {
+    oauth2_client = google_apis::CLIENT_REMOTING;
+  }
+
   gaia::OAuthClientInfo client_info = {
-      google_apis::GetOAuth2ClientID(google_apis::CLIENT_REMOTING),
-      google_apis::GetOAuth2ClientSecret(google_apis::CLIENT_REMOTING),
-      // Redirect URL is only used when getting tokens from auth code. It
-      // is not required when getting access tokens.
-      ""
+    google_apis::GetOAuth2ClientID(oauth2_client),
+    google_apis::GetOAuth2ClientSecret(oauth2_client),
+    // Redirect URL is only used when getting tokens from auth code. It
+    // is not required when getting access tokens.
+    ""
   };
 
   refreshing_oauth_token_ = true;