device_oauth2_token_service.h revision 68043e1e95eeb07d5cae7aca370b26518b0867d6
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
7
8#include <set>
9#include <string>
10
11#include "base/basictypes.h"
12#include "base/gtest_prod_util.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/stl_util.h"
15#include "base/time/time.h"
16#include "google_apis/gaia/gaia_oauth_client.h"
17#include "google_apis/gaia/oauth2_token_service.h"
18#include "net/url_request/url_request_context_getter.h"
19
20namespace net {
21class URLRequestContextGetter;
22}
23
24class GoogleServiceAuthError;
25class PrefRegistrySimple;
26class PrefService;
27class Profile;
28
29namespace chromeos {
30
31// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given
32// set of scopes using the device-level OAuth2 any-api refresh token
33// obtained during enterprise device enrollment.
34//
35// See |OAuth2TokenService| for usage details.
36//
37// When using DeviceOAuth2TokenSerivce, a value of |GetRobotAccountId| should
38// be used in places where API expects |account_id|.
39//
40// Note that requests must be made from the UI thread.
41class DeviceOAuth2TokenService : public OAuth2TokenService {
42 public:
43  // Persist the given refresh token on the device.  Overwrites any previous
44  // value.  Should only be called during initial device setup.
45  void SetAndSaveRefreshToken(const std::string& refresh_token);
46
47  static void RegisterPrefs(PrefRegistrySimple* registry);
48
49  // Gets the refresh token used by the service. |account_id| is expected to be
50  // a value of |GetRobotAccountId|.
51  virtual std::string GetRefreshToken(const std::string& account_id) OVERRIDE;
52
53  // Pull the robot account ID from device policy.
54  virtual std::string GetRobotAccountId();
55
56 protected:
57  // Implementation of OAuth2TokenService.
58  virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE;
59  virtual scoped_ptr<OAuth2TokenService::RequestImpl> CreateRequest(
60      OAuth2TokenService::Consumer* consumer) OVERRIDE;
61
62 private:
63  class ValidatingConsumer;
64  friend class ValidatingConsumer;
65  friend class DeviceOAuth2TokenServiceFactory;
66  friend class DeviceOAuth2TokenServiceTest;
67  friend class TestDeviceOAuth2TokenService;
68
69  // Use DeviceOAuth2TokenServiceFactory to get an instance of this class.
70  explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter,
71                                    PrefService* local_state);
72  virtual ~DeviceOAuth2TokenService();
73
74  void OnValidationComplete(bool token_is_valid);
75
76  bool refresh_token_is_valid_;
77  int max_refresh_token_validation_retries_;
78
79  scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_;
80
81  // Cache the decrypted refresh token, so we only decrypt once.
82  std::string refresh_token_;
83  PrefService* local_state_;
84  DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService);
85};
86
87}  // namespace chromeos
88
89#endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
90