device_oauth2_token_service.h revision 68043e1e95eeb07d5cae7aca370b26518b0867d6
1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file. 4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 7c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 8eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include <set> 9c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <string> 10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/basictypes.h" 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/gtest_prod_util.h" 13c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 14eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/stl_util.h" 15eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/time/time.h" 16eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "google_apis/gaia/gaia_oauth_client.h" 17424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles)#include "google_apis/gaia/oauth2_token_service.h" 18c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/url_request/url_request_context_getter.h" 19c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace net { 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class URLRequestContextGetter; 22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class GoogleServiceAuthError; 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class PrefRegistrySimple; 26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class PrefService; 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class Profile; 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace chromeos { 30c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 31c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given 32c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// set of scopes using the device-level OAuth2 any-api refresh token 33c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// obtained during enterprise device enrollment. 34c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// 35c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// See |OAuth2TokenService| for usage details. 36c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// 3768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// When using DeviceOAuth2TokenSerivce, a value of |GetRobotAccountId| should 3868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// be used in places where API expects |account_id|. 3968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// 40c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Note that requests must be made from the UI thread. 41c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class DeviceOAuth2TokenService : public OAuth2TokenService { 42c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 43c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Persist the given refresh token on the device. Overwrites any previous 44c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // value. Should only be called during initial device setup. 45c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void SetAndSaveRefreshToken(const std::string& refresh_token); 46c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 47c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) static void RegisterPrefs(PrefRegistrySimple* registry); 48c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 4968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) // Gets the refresh token used by the service. |account_id| is expected to be 5068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) // a value of |GetRobotAccountId|. 5168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) virtual std::string GetRefreshToken(const std::string& account_id) OVERRIDE; 52c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 53eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Pull the robot account ID from device policy. 54eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual std::string GetRobotAccountId(); 55eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 5668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) protected: 573551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Implementation of OAuth2TokenService. 583551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE; 5968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) virtual scoped_ptr<OAuth2TokenService::RequestImpl> CreateRequest( 6068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) OAuth2TokenService::Consumer* consumer) OVERRIDE; 613551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 62c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) private: 63eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch class ValidatingConsumer; 64eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch friend class ValidatingConsumer; 65c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) friend class DeviceOAuth2TokenServiceFactory; 66eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch friend class DeviceOAuth2TokenServiceTest; 67eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch friend class TestDeviceOAuth2TokenService; 68c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 69c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. 70c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, 71c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PrefService* local_state); 72c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) virtual ~DeviceOAuth2TokenService(); 73c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 74a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) void OnValidationComplete(bool token_is_valid); 75eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 76eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch bool refresh_token_is_valid_; 77eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch int max_refresh_token_validation_retries_; 78eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 79ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; 80ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch 81c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Cache the decrypted refresh token, so we only decrypt once. 82c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string refresh_token_; 83c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) PrefService* local_state_; 84c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); 85c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 86c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 87c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace chromeos 88c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 89c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 90