device_oauth2_token_service.h revision 1e9bf3e0803691d0a228da41fc608347b6db4340
1cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// found in the LICENSE file. 4cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 5cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 6cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 7cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 8cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include <set> 9cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include <string> 10cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 11cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "base/basictypes.h" 12cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "base/gtest_prod_util.h" 13cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 14cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "base/memory/weak_ptr.h" 15cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "base/stl_util.h" 16cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "base/time/time.h" 17cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "google_apis/gaia/gaia_oauth_client.h" 18cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "google_apis/gaia/oauth2_token_service.h" 19cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "net/url_request/url_request_context_getter.h" 20cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 21cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)namespace net { 22cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)class URLRequestContextGetter; 23cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 24cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 25cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)class GoogleServiceAuthError; 26cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)class PrefRegistrySimple; 27cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)class PrefService; 28cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)class Profile; 29cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 30cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)namespace chromeos { 31cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 32cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)class TokenEncryptor; 33cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 34cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given 35cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// set of scopes using the device-level OAuth2 any-api refresh token 36cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// obtained during enterprise device enrollment. 37cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// 38cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// See |OAuth2TokenService| for usage details. 39cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// 40cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// When using DeviceOAuth2TokenSerivce, a value of |GetRobotAccountId| should 41cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// be used in places where API expects |account_id|. 42cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// 43cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// Note that requests must be made from the UI thread. 44cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)class DeviceOAuth2TokenService : public OAuth2TokenService { 45cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) public: 46cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // Persist the given refresh token on the device. Overwrites any previous 47cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // value. Should only be called during initial device setup. Returns false 48cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // if there was an error encrypting and persisting the value, else true. 49cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) bool SetAndSaveRefreshToken(const std::string& refresh_token); 50cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 51cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) static void RegisterPrefs(PrefRegistrySimple* registry); 52cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 53cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // Gets the refresh token used by the service. |account_id| is expected to be 54cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // a value of |GetRobotAccountId|. 55cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) virtual std::string GetRefreshToken(const std::string& account_id) OVERRIDE; 56cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 57cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // Pull the robot account ID from device policy. 58cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) virtual std::string GetRobotAccountId(); 59cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 60cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) protected: 61cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // Implementation of OAuth2TokenService. 62cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE; 63cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) virtual scoped_ptr<OAuth2TokenService::RequestImpl> CreateRequest( 64cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) OAuth2TokenService::Consumer* consumer) OVERRIDE; 65cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 66cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) private: 67cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) class ValidatingConsumer; 68cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) friend class ValidatingConsumer; 69cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) friend class DeviceOAuth2TokenServiceFactory; 70cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) friend class DeviceOAuth2TokenServiceTest; 71cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) friend class TestDeviceOAuth2TokenService; 72cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 73 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. 74 // Ownership of |token_encryptor| will be taken. 75 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, 76 PrefService* local_state, 77 TokenEncryptor* token_encryptor); 78 virtual ~DeviceOAuth2TokenService(); 79 80 void OnValidationComplete(bool token_is_valid); 81 82 bool refresh_token_is_valid_; 83 int max_refresh_token_validation_retries_; 84 85 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; 86 87 // Cache the decrypted refresh token, so we only decrypt once. 88 std::string refresh_token_; 89 PrefService* local_state_; 90 91 // Used to encrypt/decrypt the refresh token. 92 scoped_ptr<TokenEncryptor> token_encryptor_; 93 94 base::WeakPtrFactory<DeviceOAuth2TokenService> weak_ptr_factory_; 95 96 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); 97}; 98 99} // namespace chromeos 100 101#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 102