device_oauth2_token_service.h revision 424c4d7b64af9d0d8fd9624f381f469654d5e3d2
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 7 8#include <set> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/gtest_prod_util.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/stl_util.h" 15#include "base/time/time.h" 16#include "google_apis/gaia/gaia_oauth_client.h" 17#include "google_apis/gaia/oauth2_token_service.h" 18#include "net/url_request/url_request_context_getter.h" 19 20namespace net { 21class URLRequestContextGetter; 22} 23 24class GoogleServiceAuthError; 25class PrefRegistrySimple; 26class PrefService; 27class Profile; 28 29namespace chromeos { 30 31// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given 32// set of scopes using the device-level OAuth2 any-api refresh token 33// obtained during enterprise device enrollment. 34// 35// See |OAuth2TokenService| for usage details. 36// 37// Note that requests must be made from the UI thread. 38class DeviceOAuth2TokenService : public OAuth2TokenService { 39 public: 40 // Specialization of StartRequest that in parallel validates that the refresh 41 // token stored on the device is owned by the device service account. 42 virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes, 43 Consumer* consumer) OVERRIDE; 44 45 // Persist the given refresh token on the device. Overwrites any previous 46 // value. Should only be called during initial device setup. 47 void SetAndSaveRefreshToken(const std::string& refresh_token); 48 49 static void RegisterPrefs(PrefRegistrySimple* registry); 50 51 virtual std::string GetRefreshToken() OVERRIDE; 52 53 protected: 54 // Pull the robot account ID from device policy. 55 virtual std::string GetRobotAccountId(); 56 57 // Implementation of OAuth2TokenService. 58 virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE; 59 60 private: 61 class ValidatingConsumer; 62 friend class ValidatingConsumer; 63 friend class DeviceOAuth2TokenServiceFactory; 64 friend class DeviceOAuth2TokenServiceTest; 65 friend class TestDeviceOAuth2TokenService; 66 67 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. 68 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, 69 PrefService* local_state); 70 virtual ~DeviceOAuth2TokenService(); 71 72 void OnValidationComplete(bool token_is_valid); 73 74 bool refresh_token_is_valid_; 75 int max_refresh_token_validation_retries_; 76 77 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; 78 79 // Cache the decrypted refresh token, so we only decrypt once. 80 std::string refresh_token_; 81 PrefService* local_state_; 82 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); 83}; 84 85} // namespace chromeos 86 87#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 88