Avoid treating the load of about:blank as a failure in the web auth flow.

chrome/browser/extensions/api/identity/web_auth_flow.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/identity/web_auth_flow.h"
 
 #include <utility>
 
 #include "base/base64.h"
 #include "base/location.h"
@@ skipping 18 matching lines @@
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/resource_request_details.h"
 #include "content/public/browser/web_contents.h"
 #include "crypto/random.h"
 #include "extensions/browser/app_window/app_window.h"
 #include "extensions/browser/event_router.h"
 #include "extensions/browser/extension_system.h"
 #include "net/http/http_response_headers.h"
 #include "url/gurl.h"
+#include "url/url_constants.h"
 
 using content::RenderViewHost;
 using content::ResourceRedirectDetails;
 using content::WebContents;
 using content::WebContentsObserver;
 using guest_view::GuestViewBase;
 
 namespace extensions {
 
 namespace identity_private = api::identity_private;
@@ skipping 151 matching lines @@
     content::NavigationHandle* navigation_handle) {
   if (navigation_handle->IsInMainFrame())
     BeforeUrlLoaded(navigation_handle->GetURL());
 }
 
 void WebAuthFlow::DidFinishNavigation(
     content::NavigationHandle* navigation_handle) {
   bool failed = false;
 
   if (navigation_handle->GetNetErrorCode() != net::OK) {
-    failed = true;
-    TRACE_EVENT_ASYNC_STEP_PAST1("identity", "WebAuthFlow", this,
-                                 "DidFinishNavigationFailure", "error_code",
-                                 navigation_handle->GetNetErrorCode());
+    if (navigation_handle->GetURL().spec() == url::kAboutBlankURL) {
+      // As part of the OAUth 2.0 protocol with GAIA, at the end of the web
+      // authorization flow, GAIA redirects to a custom scheme URL of type
+      // |com.googleusercontent.apps.123:/<extension_id>|, where
+      // |com.googleusercontent.apps.123| is the reverse DNS notation of the
+      // client ID of the extension that started the web sign-in flow. (The
+      // intent of this weird URL scheme was to make sure it couldn't be loaded
+      // anywhere at all as this makes it much harder to pull off a cross-site
+      // attack that could leak the returned oauth token to a malicious script
+      // or site.)
+      //
+      // This URL is not an accessible URL from within a Guest WebView, so
+      // during its load of this URL, Chrome changes it to |about:blank| and
+      // then the Identity Scope Approval Dialog extension fails to load it.
+      // Failing to load |about:blank| must not be treated as a failure of
+      // the web auth flow.
+      DCHECK_EQ(net::ERR_UNKNOWN_URL_SCHEME,
+                navigation_handle->GetNetErrorCode());
+    } else {
+      failed = true;
+      TRACE_EVENT_ASYNC_STEP_PAST1("identity", "WebAuthFlow", this,
+                                   "DidFinishNavigationFailure", "error_code",
+                                   navigation_handle->GetNetErrorCode());
+    }
   } else if (navigation_handle->IsInMainFrame() &&
              navigation_handle->GetResponseHeaders() &&
              navigation_handle->GetResponseHeaders()->response_code() >= 400) {
     failed = true;
     TRACE_EVENT_ASYNC_STEP_PAST1(
         "identity", "WebAuthFlow", this, "DidFinishNavigationFailure",
         "response_code",
         navigation_handle->GetResponseHeaders()->response_code());
   }
 
   if (failed && delegate_)
     delegate_->OnAuthFlowFailure(LOAD_FAILED);
 }
 
 }  // namespace extensions