gaia_web_auth_flow.h revision 46d4c2bc3267f3f028f39e7e311b0f89aba2e4fd 
1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
6#define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
7
8#include "chrome/browser/extensions/api/identity/web_auth_flow.h"
9#include "chrome/browser/ui/host_desktop.h"
10#include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
11#include "google_apis/gaia/ubertoken_fetcher.h"
12
13namespace extensions {
14
15// Implements a web-based OAuth2 scope approval dialog. This flow has
16// four parts:
17// 1. Fetch an ubertoken for a signed-in user.
18// 2. Use the ubertoken to get session cookies using MergeSession.
19// 3. Start the OAuth flow and wait for final redirect.
20// 4. Parse results from the fragment component of the final redirect URI.
21//
22// The OAuth flow is a special version of the OAuth2 out-of-band flow
23// where the final response page's title contains the
24// redirect_uri. The redirect URI has an unusual format to prevent its
25// use in other contexts. The scheme of the URI is a reversed version
26// of the OAuth client ID, and the path starts with the Chrome
27// extension ID. For example, an app with the OAuth client ID
28// "32610281651.apps.googleusercontent.com" and a Chrome app ID
29// "kbinjhdkhikmpjoejcfofghmjjpidcnj", would get redirected to:
30//
31// com.googleusercontent.apps.32610281651:/kbinjhdkhikmpjoejcfofghmjjpidcnj
32//
33// Arriving at this URI completes the flow. The last response from
34// gaia does a JavaScript redirect to the special URI, but also
35// includes the same URI in its title. The navigation to this URI gets
36// filtered out because of its unusual protocol scheme, so
37// GaiaWebAuthFlow pulls it out of the window title instead.
38
39class GaiaWebAuthFlow : public UbertokenConsumer, public WebAuthFlow::Delegate {
40 public:
41  enum Failure {
42    WINDOW_CLOSED,  // Window closed by user.
43    INVALID_REDIRECT,  // Redirect parse error.
44    SERVICE_AUTH_ERROR,  // Non-OAuth related authentication error
45    OAUTH_ERROR,  // Flow reached final redirect, which contained an error.
46    LOAD_FAILED  // An auth flow page failed to load.
47  };
48
49  class Delegate {
50   public:
51    // Called when the flow fails prior to the final OAuth redirect,
52    // TODO(courage): LOAD_FAILURE descriptions?
53    virtual void OnGaiaFlowFailure(Failure failure,
54                                   GoogleServiceAuthError service_error,
55                                   const std::string& oauth_error) = 0;
56    // Called when the OAuth2 flow completes.
57    virtual void OnGaiaFlowCompleted(const std::string& access_token,
58                                     const std::string& expiration) = 0;
59  };
60
61  GaiaWebAuthFlow(Delegate* delegate,
62                  Profile* profile,
63                  const std::string& account_id,
64                  const std::string& extension_id,
65                  const OAuth2Info& oauth2_info,
66                  const std::string& locale);
67  virtual ~GaiaWebAuthFlow();
68
69  // Starts the flow by fetching an ubertoken. Can override for testing.
70  virtual void Start();
71
72  // UbertokenConsumer implementation:
73  virtual void OnUbertokenSuccess(const std::string& token) OVERRIDE;
74  virtual void OnUbertokenFailure(const GoogleServiceAuthError& error) OVERRIDE;
75
76  // WebAuthFlow::Delegate implementation.
77  virtual void OnAuthFlowFailure(WebAuthFlow::Failure failure) OVERRIDE;
78  virtual void OnAuthFlowURLChange(const GURL& redirect_url) OVERRIDE;
79  virtual void OnAuthFlowTitleChange(const std::string& title) OVERRIDE;
80
81 private:
82  // Creates a WebAuthFlow, which will navigate to |url|. Can override
83  // for testing. Used to kick off the MergeSession (step #2).
84  virtual scoped_ptr<WebAuthFlow> CreateWebAuthFlow(GURL url);
85
86  Delegate* delegate_;
87  Profile* profile_;
88  std::string account_id_;
89  chrome::HostDesktopType host_desktop_type_;
90  std::string redirect_scheme_;
91  std::string redirect_path_prefix_;
92  GURL auth_url_;
93  scoped_ptr<UbertokenFetcher> ubertoken_fetcher_;
94  scoped_ptr<WebAuthFlow> web_flow_;
95
96  DISALLOW_COPY_AND_ASSIGN(GaiaWebAuthFlow);
97};
98
99}  // namespace extensions
100
101#endif  // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
102