| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ | 5 #ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_GET_AUTH_TOKEN_FUNCTION_
H_ |
| 6 #define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ | 6 #define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_GET_AUTH_TOKEN_FUNCTION_
H_ |
| 7 | 7 |
| 8 #include <map> | |
| 9 #include <set> | |
| 10 #include <string> | |
| 11 #include <utility> | |
| 12 #include <vector> | |
| 13 | |
| 14 #include "base/gtest_prod_util.h" | |
| 15 #include "base/memory/ref_counted.h" | |
| 16 #include "base/memory/weak_ptr.h" | |
| 17 #include "base/observer_list.h" | |
| 18 #include "build/build_config.h" | |
| 19 #include "chrome/browser/extensions/api/identity/extension_token_key.h" | |
| 20 #include "chrome/browser/extensions/api/identity/gaia_web_auth_flow.h" | 8 #include "chrome/browser/extensions/api/identity/gaia_web_auth_flow.h" |
| 21 #include "chrome/browser/extensions/api/identity/identity_get_profile_user_info_
function.h" | |
| 22 #include "chrome/browser/extensions/api/identity/identity_launch_web_auth_flow_f
unction.h" | |
| 23 #include "chrome/browser/extensions/api/identity/identity_mint_queue.h" | 9 #include "chrome/browser/extensions/api/identity/identity_mint_queue.h" |
| 24 #include "chrome/browser/extensions/api/identity/identity_remove_cached_auth_tok
en_function.h" | |
| 25 #include "chrome/browser/extensions/api/identity/identity_signin_flow.h" | 10 #include "chrome/browser/extensions/api/identity/identity_signin_flow.h" |
| 26 #include "chrome/browser/extensions/api/identity/web_auth_flow.h" | |
| 27 #include "chrome/browser/extensions/chrome_extension_function.h" | 11 #include "chrome/browser/extensions/chrome_extension_function.h" |
| 28 #include "components/signin/core/browser/profile_identity_provider.h" | 12 #include "extensions/browser/extension_function_histogram_value.h" |
| 29 #include "extensions/browser/browser_context_keyed_api_factory.h" | |
| 30 #include "google_apis/gaia/account_tracker.h" | |
| 31 #include "google_apis/gaia/oauth2_mint_token_flow.h" | 13 #include "google_apis/gaia/oauth2_mint_token_flow.h" |
| 32 #include "google_apis/gaia/oauth2_token_service.h" | 14 #include "google_apis/gaia/oauth2_token_service.h" |
| 33 | 15 |
| 34 class GoogleServiceAuthError; | |
| 35 class MockGetAuthTokenFunction; | |
| 36 | |
| 37 namespace content { | |
| 38 class BrowserContext; | |
| 39 } | |
| 40 | |
| 41 namespace extensions { | 16 namespace extensions { |
| 42 | 17 |
| 43 class GetAuthTokenFunctionTest; | |
| 44 class IdentityGetAuthTokenFunction; | |
| 45 class MockGetAuthTokenFunction; | |
| 46 | |
| 47 class IdentityTokenCacheValue { | |
| 48 public: | |
| 49 IdentityTokenCacheValue(); | |
| 50 explicit IdentityTokenCacheValue(const IssueAdviceInfo& issue_advice); | |
| 51 IdentityTokenCacheValue(const std::string& token, | |
| 52 base::TimeDelta time_to_live); | |
| 53 IdentityTokenCacheValue(const IdentityTokenCacheValue& other); | |
| 54 ~IdentityTokenCacheValue(); | |
| 55 | |
| 56 // Order of these entries is used to determine whether or not new | |
| 57 // entries supercede older ones in SetCachedToken. | |
| 58 enum CacheValueStatus { | |
| 59 CACHE_STATUS_NOTFOUND, | |
| 60 CACHE_STATUS_ADVICE, | |
| 61 CACHE_STATUS_TOKEN | |
| 62 }; | |
| 63 | |
| 64 CacheValueStatus status() const; | |
| 65 const IssueAdviceInfo& issue_advice() const; | |
| 66 const std::string& token() const; | |
| 67 const base::Time& expiration_time() const; | |
| 68 | |
| 69 private: | |
| 70 bool is_expired() const; | |
| 71 | |
| 72 CacheValueStatus status_; | |
| 73 IssueAdviceInfo issue_advice_; | |
| 74 std::string token_; | |
| 75 base::Time expiration_time_; | |
| 76 }; | |
| 77 | |
| 78 class IdentityAPI : public BrowserContextKeyedAPI, | |
| 79 public gaia::AccountTracker::Observer { | |
| 80 public: | |
| 81 typedef std::map<ExtensionTokenKey, IdentityTokenCacheValue> CachedTokens; | |
| 82 | |
| 83 explicit IdentityAPI(content::BrowserContext* context); | |
| 84 ~IdentityAPI() override; | |
| 85 | |
| 86 // Request serialization queue for getAuthToken. | |
| 87 IdentityMintRequestQueue* mint_queue(); | |
| 88 | |
| 89 // Token cache | |
| 90 void SetCachedToken(const ExtensionTokenKey& key, | |
| 91 const IdentityTokenCacheValue& token_data); | |
| 92 void EraseCachedToken(const std::string& extension_id, | |
| 93 const std::string& token); | |
| 94 void EraseAllCachedTokens(); | |
| 95 const IdentityTokenCacheValue& GetCachedToken(const ExtensionTokenKey& key); | |
| 96 | |
| 97 const CachedTokens& GetAllCachedTokens(); | |
| 98 | |
| 99 // Account queries. | |
| 100 std::vector<std::string> GetAccounts() const; | |
| 101 std::string FindAccountKeyByGaiaId(const std::string& gaia_id); | |
| 102 | |
| 103 // BrowserContextKeyedAPI implementation. | |
| 104 void Shutdown() override; | |
| 105 static BrowserContextKeyedAPIFactory<IdentityAPI>* GetFactoryInstance(); | |
| 106 | |
| 107 // gaia::AccountTracker::Observer implementation: | |
| 108 void OnAccountAdded(const gaia::AccountIds& ids) override; | |
| 109 void OnAccountRemoved(const gaia::AccountIds& ids) override; | |
| 110 void OnAccountSignInChanged(const gaia::AccountIds& ids, | |
| 111 bool is_signed_in) override; | |
| 112 | |
| 113 void SetAccountStateForTest(gaia::AccountIds ids, bool is_signed_in); | |
| 114 | |
| 115 void set_get_auth_token_function( | |
| 116 IdentityGetAuthTokenFunction* get_auth_token_function) { | |
| 117 get_auth_token_function_ = get_auth_token_function; | |
| 118 } | |
| 119 | |
| 120 private: | |
| 121 friend class BrowserContextKeyedAPIFactory<IdentityAPI>; | |
| 122 | |
| 123 // BrowserContextKeyedAPI implementation. | |
| 124 static const char* service_name() { return "IdentityAPI"; } | |
| 125 static const bool kServiceIsNULLWhileTesting = true; | |
| 126 | |
| 127 content::BrowserContext* browser_context_; | |
| 128 IdentityMintRequestQueue mint_queue_; | |
| 129 CachedTokens token_cache_; | |
| 130 ProfileIdentityProvider profile_identity_provider_; | |
| 131 gaia::AccountTracker account_tracker_; | |
| 132 | |
| 133 // May be null. | |
| 134 IdentityGetAuthTokenFunction* get_auth_token_function_; | |
| 135 }; | |
| 136 | |
| 137 template <> | |
| 138 void BrowserContextKeyedAPIFactory<IdentityAPI>::DeclareFactoryDependencies(); | |
| 139 | |
| 140 class IdentityGetAccountsFunction : public ChromeUIThreadExtensionFunction { | |
| 141 public: | |
| 142 DECLARE_EXTENSION_FUNCTION("identity.getAccounts", | |
| 143 IDENTITY_GETACCOUNTS); | |
| 144 | |
| 145 IdentityGetAccountsFunction(); | |
| 146 | |
| 147 private: | |
| 148 ~IdentityGetAccountsFunction() override; | |
| 149 | |
| 150 // UIThreadExtensionFunction implementation. | |
| 151 ExtensionFunction::ResponseAction Run() override; | |
| 152 }; | |
| 153 | |
| 154 // identity.getAuthToken fetches an OAuth 2 function for the | 18 // identity.getAuthToken fetches an OAuth 2 function for the |
| 155 // caller. The request has three sub-flows: non-interactive, | 19 // caller. The request has three sub-flows: non-interactive, |
| 156 // interactive, and sign-in. | 20 // interactive, and sign-in. |
| 157 // | 21 // |
| 158 // In the non-interactive flow, getAuthToken requests a token from | 22 // In the non-interactive flow, getAuthToken requests a token from |
| 159 // GAIA. GAIA may respond with a token, an error, or "consent | 23 // GAIA. GAIA may respond with a token, an error, or "consent |
| 160 // required". In the consent required cases, getAuthToken proceeds to | 24 // required". In the consent required cases, getAuthToken proceeds to |
| 161 // the second, interactive phase. | 25 // the second, interactive phase. |
| 162 // | 26 // |
| 163 // The interactive flow presents a scope approval dialog to the | 27 // The interactive flow presents a scope approval dialog to the |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 285 std::string oauth2_client_id_; | 149 std::string oauth2_client_id_; |
| 286 // When launched in interactive mode, and if there is no existing grant, | 150 // When launched in interactive mode, and if there is no existing grant, |
| 287 // a permissions prompt will be popped up to the user. | 151 // a permissions prompt will be popped up to the user. |
| 288 IssueAdviceInfo issue_advice_; | 152 IssueAdviceInfo issue_advice_; |
| 289 std::unique_ptr<GaiaWebAuthFlow> gaia_web_auth_flow_; | 153 std::unique_ptr<GaiaWebAuthFlow> gaia_web_auth_flow_; |
| 290 std::unique_ptr<IdentitySigninFlow> signin_flow_; | 154 std::unique_ptr<IdentitySigninFlow> signin_flow_; |
| 291 }; | 155 }; |
| 292 | 156 |
| 293 } // namespace extensions | 157 } // namespace extensions |
| 294 | 158 |
| 295 #endif // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_API_H_ | 159 #endif // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_IDENTITY_GET_AUTH_TOKEN_FUNCTI
ON_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2668203004:
Move impl of identity.GetAuthToken() extension API to its own file (Closed)
