Network traffic annotation added to OAuth2ApiCallFlow and its subclasses.

google_apis/gaia/oauth2_mint_token_flow.cc

Index: google_apis/gaia/oauth2_mint_token_flow.cc
diff --git a/google_apis/gaia/oauth2_mint_token_flow.cc b/google_apis/gaia/oauth2_mint_token_flow.cc
index 69c241cef6a24df158d7f12898cc0f495476c88b..db5c2e30405189c318656c5c0b566b9bca9672aa 100644
--- a/google_apis/gaia/oauth2_mint_token_flow.cc
+++ b/google_apis/gaia/oauth2_mint_token_flow.cc
@@ -279,3 +279,30 @@ bool OAuth2MintTokenFlow::ParseIssueAdviceResponse(
 
   return success;
 }
+
+net::PartialNetworkTrafficAnnotationTag
+OAuth2MintTokenFlow::GetNetworkTrafficAnnotationTag() {
+  return net::DefinePartialNetworkTrafficAnnotation("oauth2_mint_token_flow",
+                                                    "oauth2_api_call_flow", R"(
+      semantics {
+        sender: "Chrome Identity API"
+        description:
+          "Requests a token from gaia allowing an app or extension to act as "
+          "the user when calling other google APIs."
+        trigger: "API call from the app/extension"
+        data:
+          "User's login token, the identity of a chrome app/extension, and a "
+          "list of oauth scopes requested by the app/extension."
+        destination: GOOGLE_OWNED_SERVICE
+      }
+      policy {
+        setting: "..."
+        chrome_policy {
+          [POLICY_NAME] {
+            policy_options {mode: MANDATORY/RECOMMENDED/UNSET}
+            [POLICY_NAME]: ... //(value to disable it)
+          }
+        }
+        policy_exception_justification: "..."
+      })");
+}

[Roger Tawa OOO till Jul 10th, 2017/05/26 13:46:11]

This is not controllable by policy.  Although if you disable chrome sign in by
policy, this feature is indirectly disabled.

[Ramin Halavati, 2017/05/29 05:30:52]

Done, please verify.