identity_api.cc revision 46d4c2bc3267f3f028f39e7e311b0f89aba2e4fd
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/extensions/api/identity/identity_api.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <set> 8c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <string> 990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include <utility> 10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <vector> 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/lazy_instance.h" 13868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "base/prefs/pref_service.h" 1490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "base/strings/string_number_conversions.h" 155e3f23d412006dc4db4e659864679f29341e113fTorne (Richard Coles)#include "base/strings/stringprintf.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/values.h" 17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/app_mode/app_mode_utils.h" 18868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "chrome/browser/browser_process.h" 197dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "chrome/browser/chrome_notification_types.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/browser/extensions/extension_service.h" 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/browser/profiles/profile.h" 227dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "chrome/browser/signin/profile_oauth2_token_service_factory.h" 235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/signin/signin_manager_factory.h" 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/common/extensions/api/identity.h" 252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h" 26868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "chrome/common/pref_names.h" 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "chrome/common/url_constants.h" 28effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "components/signin/core/browser/profile_oauth2_token_service.h" 29e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch#include "components/signin/core/browser/signin_manager.h" 30cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "components/signin/core/common/profile_management_switches.h" 31f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/browser/event_router.h" 32a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "extensions/browser/extension_function_dispatcher.h" 33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/common/extension.h" 34eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "google_apis/gaia/gaia_urls.h" 357dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "url/gurl.h" 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 37c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#if defined(OS_CHROMEOS) 38cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "chrome/browser/chromeos/login/users/user_manager.h" 395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" 40eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" 41eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h" 428bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)#include "google_apis/gaia/gaia_constants.h" 43c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif 44c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace extensions { 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace identity_constants { 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kInvalidClientId[] = "Invalid OAuth2 Client ID."; 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kInvalidScopes[] = "Invalid OAuth2 scopes."; 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kAuthFailure[] = "OAuth2 request failed: "; 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kNoGrant[] = "OAuth2 not granted or revoked."; 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kUserRejected[] = "The user did not approve access."; 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kUserNotSignedIn[] = "The user is not signed in."; 54c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)const char kInteractionRequired[] = "User interaction required."; 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kInvalidRedirect[] = "Did not redirect to the right URL."; 56c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)const char kOffTheRecord[] = "Identity API is disabled in incognito windows."; 57868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)const char kPageLoadFailure[] = "Authorization page could not be loaded."; 58e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochconst char kCanceled[] = "canceled"; 59c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 60c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)const int kCachedIssueAdviceTTLSeconds = 1; 612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace identity_constants 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 63c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace { 64c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 65c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)static const char kChromiumDomainRedirectUrlPattern[] = 66c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) "https://%s.chromiumapp.org/"; 67c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 68a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)std::string GetPrimaryAccountId(content::BrowserContext* context) { 695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SigninManagerBase* signin_manager = 70a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) SigninManagerFactory::GetForProfile(Profile::FromBrowserContext(context)); 715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return signin_manager->GetAuthenticatedAccountId(); 725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 74c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace 75c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 76c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace identity = api::identity; 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 78e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityTokenCacheValue::IdentityTokenCacheValue() 79e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch : status_(CACHE_STATUS_NOTFOUND) {} 80e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 81e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityTokenCacheValue::IdentityTokenCacheValue( 82e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch const IssueAdviceInfo& issue_advice) 83e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch : status_(CACHE_STATUS_ADVICE), issue_advice_(issue_advice) { 84e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch expiration_time_ = 85e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch base::Time::Now() + base::TimeDelta::FromSeconds( 86e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch identity_constants::kCachedIssueAdviceTTLSeconds); 87e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 88e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 89e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityTokenCacheValue::IdentityTokenCacheValue(const std::string& token, 90e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch base::TimeDelta time_to_live) 91e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch : status_(CACHE_STATUS_TOKEN), token_(token) { 92e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch // Remove 20 minutes from the ttl so cached tokens will have some time 93e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch // to live any time they are returned. 94e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch time_to_live -= base::TimeDelta::FromMinutes(20); 95e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 96e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch base::TimeDelta zero_delta; 97e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch if (time_to_live < zero_delta) 98e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch time_to_live = zero_delta; 99e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 100e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch expiration_time_ = base::Time::Now() + time_to_live; 101e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 102e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 103e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityTokenCacheValue::~IdentityTokenCacheValue() {} 104e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 105e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityTokenCacheValue::CacheValueStatus IdentityTokenCacheValue::status() 106e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch const { 107e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch if (is_expired()) 108e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return IdentityTokenCacheValue::CACHE_STATUS_NOTFOUND; 109e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch else 110e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return status_; 111e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 112e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 113e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochconst IssueAdviceInfo& IdentityTokenCacheValue::issue_advice() const { 114e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return issue_advice_; 115e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 116e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 117e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochconst std::string& IdentityTokenCacheValue::token() const { return token_; } 118e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 119e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochbool IdentityTokenCacheValue::is_expired() const { 120e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return status_ == CACHE_STATUS_NOTFOUND || 121e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch expiration_time_ < base::Time::Now(); 122e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 123e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 124e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochconst base::Time& IdentityTokenCacheValue::expiration_time() const { 125e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return expiration_time_; 126e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 127e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 128e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityAPI::IdentityAPI(content::BrowserContext* context) 129e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch : browser_context_(context), 130e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch account_tracker_(Profile::FromBrowserContext(context)) { 131e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch account_tracker_.AddObserver(this); 132e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 133e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 134e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityAPI::~IdentityAPI() {} 135e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 136e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochIdentityMintRequestQueue* IdentityAPI::mint_queue() { return &mint_queue_; } 137e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 138e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::SetCachedToken(const ExtensionTokenKey& key, 139e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch const IdentityTokenCacheValue& token_data) { 140e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch CachedTokens::iterator it = token_cache_.find(key); 141e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch if (it != token_cache_.end() && it->second.status() <= token_data.status()) 142e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch token_cache_.erase(it); 143e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 144e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch token_cache_.insert(std::make_pair(key, token_data)); 145e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 146e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 147e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::EraseCachedToken(const std::string& extension_id, 148e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch const std::string& token) { 149e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch CachedTokens::iterator it; 150e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch for (it = token_cache_.begin(); it != token_cache_.end(); ++it) { 151e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch if (it->first.extension_id == extension_id && 152e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch it->second.status() == IdentityTokenCacheValue::CACHE_STATUS_TOKEN && 153e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch it->second.token() == token) { 154e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch token_cache_.erase(it); 155e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch break; 156e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch } 157e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch } 158e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 159e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 160e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::EraseAllCachedTokens() { token_cache_.clear(); } 161e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 162e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochconst IdentityTokenCacheValue& IdentityAPI::GetCachedToken( 163e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch const ExtensionTokenKey& key) { 164e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return token_cache_[key]; 165e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 166e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 167e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochconst IdentityAPI::CachedTokens& IdentityAPI::GetAllCachedTokens() { 168e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return token_cache_; 169e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 170e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 171cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)std::vector<std::string> IdentityAPI::GetAccounts() const { 17246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) const std::string primary_account_id = GetPrimaryAccountId(browser_context_); 173cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) const std::vector<AccountIds> ids = account_tracker_.GetAccounts(); 174cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) std::vector<std::string> gaia_ids; 175cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 176cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (switches::IsExtensionsMultiAccount()) { 177cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) for (std::vector<AccountIds>::const_iterator it = ids.begin(); 178cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) it != ids.end(); 179cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) ++it) { 180cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) gaia_ids.push_back(it->gaia); 181cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 182cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } else if (ids.size() >= 1) { 183cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) gaia_ids.push_back(ids[0].gaia); 184cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 185cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 186cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return gaia_ids; 187cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 188cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 18946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)std::string IdentityAPI::FindAccountKeyByGaiaId(const std::string& gaia_id) { 19046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return account_tracker_.FindAccountKeyByGaiaId(gaia_id); 19146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)} 19246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 193e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::ReportAuthError(const GoogleServiceAuthError& error) { 194e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch account_tracker_.ReportAuthError(GetPrimaryAccountId(browser_context_), 195e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch error); 196e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 197e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 198e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochGoogleServiceAuthError IdentityAPI::GetAuthStatusForTest() const { 199e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return account_tracker_.GetAuthStatus(); 200e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 201e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 202e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::Shutdown() { 203e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch FOR_EACH_OBSERVER(ShutdownObserver, shutdown_observer_list_, OnShutdown()); 204e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch account_tracker_.RemoveObserver(this); 205e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch account_tracker_.Shutdown(); 206e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 207e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 208e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochstatic base::LazyInstance<BrowserContextKeyedAPIFactory<IdentityAPI> > 209e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch g_factory = LAZY_INSTANCE_INITIALIZER; 210e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 211e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch// static 212e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen MurdochBrowserContextKeyedAPIFactory<IdentityAPI>* IdentityAPI::GetFactoryInstance() { 213e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return g_factory.Pointer(); 214e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 215e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 216e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::OnAccountAdded(const AccountIds& ids) {} 217e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 218e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::OnAccountRemoved(const AccountIds& ids) {} 219e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 220e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::OnAccountSignInChanged(const AccountIds& ids, 221e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch bool is_signed_in) { 222cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) const std::string primary_account_id = GetPrimaryAccountId(browser_context_); 223cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (primary_account_id != ids.account_key && 224cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) !switches::IsExtensionsMultiAccount()) { 225cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return; 226cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 227cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 228e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch api::identity::AccountInfo account_info; 229e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch account_info.id = ids.gaia; 230e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 231e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch scoped_ptr<base::ListValue> args = 232e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch api::identity::OnSignInChanged::Create(account_info, is_signed_in); 233e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch scoped_ptr<Event> event(new Event(api::identity::OnSignInChanged::kEventName, 234e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch args.Pass(), 235e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch browser_context_)); 236e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 2370529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch EventRouter::Get(browser_context_)->BroadcastEvent(event.Pass()); 238e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 239e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 240e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::AddShutdownObserver(ShutdownObserver* observer) { 241e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch shutdown_observer_list_.AddObserver(observer); 242e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 243e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 244e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityAPI::RemoveShutdownObserver(ShutdownObserver* observer) { 245e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch shutdown_observer_list_.RemoveObserver(observer); 246e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 247e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 248cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)void IdentityAPI::SetAccountStateForTest(AccountIds ids, bool is_signed_in) { 249cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) account_tracker_.SetAccountStateForTest(ids, is_signed_in); 250cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 251cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 252e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochtemplate <> 253e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid BrowserContextKeyedAPIFactory<IdentityAPI>::DeclareFactoryDependencies() { 254e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch DependsOn(ExtensionsBrowserClient::Get()->GetExtensionSystemFactory()); 255e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch DependsOn(ProfileOAuth2TokenServiceFactory::GetInstance()); 256e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 257e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 258cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)IdentityGetAccountsFunction::IdentityGetAccountsFunction() { 259cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 260cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 261cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)IdentityGetAccountsFunction::~IdentityGetAccountsFunction() { 262cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 263cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 264cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)ExtensionFunction::ResponseAction IdentityGetAccountsFunction::Run() { 265cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (GetProfile()->IsOffTheRecord()) { 266cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return RespondNow(Error(identity_constants::kOffTheRecord)); 267cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 268cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 269cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) std::vector<std::string> gaia_ids = 270cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) IdentityAPI::GetFactoryInstance()->Get(GetProfile())->GetAccounts(); 271cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) DCHECK(gaia_ids.size() < 2 || switches::IsExtensionsMultiAccount()); 272cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 273cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) base::ListValue* infos = new base::ListValue(); 274cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 275cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) for (std::vector<std::string>::const_iterator it = gaia_ids.begin(); 276cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) it != gaia_ids.end(); 277cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) ++it) { 278cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) api::identity::AccountInfo account_info; 279cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) account_info.id = *it; 280cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) infos->Append(account_info.ToValue().release()); 281cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 282cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 283cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return RespondNow(OneArgument(infos)); 284cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 285cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)IdentityGetAuthTokenFunction::IdentityGetAuthTokenFunction() 2875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) : OAuth2TokenService::Consumer("extensions_identity_api"), 2885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) should_prompt_for_scopes_(false), 289c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) should_prompt_for_signin_(false) {} 290c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)IdentityGetAuthTokenFunction::~IdentityGetAuthTokenFunction() {} 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 293010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)bool IdentityGetAuthTokenFunction::RunAsync() { 2941e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) if (GetProfile()->IsOffTheRecord()) { 295c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) error_ = identity_constants::kOffTheRecord; 296c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return false; 297c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 298c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 299c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_ptr<identity::GetAuthToken::Params> params( 300c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) identity::GetAuthToken::Params::Create(*args_)); 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXTENSION_FUNCTION_VALIDATE(params.get()); 302c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool interactive = params->details.get() && 303c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) params->details->interactive.get() && 304c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) *params->details->interactive; 305c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 306c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) should_prompt_for_scopes_ = interactive; 307c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) should_prompt_for_signin_ = interactive; 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3092a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension()); 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 311c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Check that the necessary information is present in the manifest. 312eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch oauth2_client_id_ = GetOAuth2ClientId(); 313eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch if (oauth2_client_id_.empty()) { 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) error_ = identity_constants::kInvalidClientId; 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (oauth2_info.scopes.size() == 0) { 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) error_ = identity_constants::kInvalidScopes; 3205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 323a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) std::set<std::string> scopes(oauth2_info.scopes.begin(), 324a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) oauth2_info.scopes.end()); 32546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 32646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) std::string account_key = GetPrimaryAccountId(GetProfile()); 32746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 32846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) if (params->details->account.get()) { 32946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) std::string detail_key = 33046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) extensions::IdentityAPI::GetFactoryInstance() 33146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) ->Get(GetProfile()) 33246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) ->FindAccountKeyByGaiaId(params->details->account->id); 33346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 33446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) if (detail_key != account_key) { 33546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) if (detail_key.empty() || !switches::IsExtensionsMultiAccount()) { 33646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) // TODO(courage): should this be a different error? 33746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) error_ = identity_constants::kUserNotSignedIn; 33846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return false; 33946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) } 34046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 34146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) account_key = detail_key; 34246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) } 34346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) } 34446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) 34546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) token_key_.reset( 34646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) new ExtensionTokenKey(GetExtension()->id(), account_key, scopes)); 347a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 348e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch // From here on out, results must be returned asynchronously. 349e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch StartAsyncRun(); 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 351eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#if defined(OS_CHROMEOS) 3525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::BrowserPolicyConnectorChromeOS* connector = 3535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) g_browser_process->platform_part()->browser_policy_connector_chromeos(); 354eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch if (chromeos::UserManager::Get()->IsLoggedInAsKioskApp() && 3555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) connector->IsEnterpriseManaged()) { 356eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE); 357eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch return true; 358eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 359eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#endif 360eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!HasLoginToken()) { 362c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (!should_prompt_for_signin_) { 363e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch CompleteFunctionWithError(identity_constants::kUserNotSignedIn); 364e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch return true; 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 366c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Display a login prompt. 367c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartSigninFlow(); 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 369c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE); 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 371c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 372c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return true; 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 375e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityGetAuthTokenFunction::StartAsyncRun() { 376e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch // Balanced in CompleteAsyncRun 377e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch AddRef(); 378e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch extensions::IdentityAPI::GetFactoryInstance() 379e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch ->Get(GetProfile()) 380e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch ->AddShutdownObserver(this); 381e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 382e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 383e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityGetAuthTokenFunction::CompleteAsyncRun(bool success) { 384e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch extensions::IdentityAPI::GetFactoryInstance() 385e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch ->Get(GetProfile()) 386e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch ->RemoveShutdownObserver(this); 387e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 388e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch SendResponse(success); 389e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch Release(); // Balanced in StartAsyncRun 390e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 391e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 392c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::CompleteFunctionWithResult( 3935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& access_token) { 394e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 3953551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) SetResult(new base::StringValue(access_token)); 396e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch CompleteAsyncRun(true); 3975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 399c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::CompleteFunctionWithError( 400c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& error) { 401c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) error_ = error; 402e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch CompleteAsyncRun(false); 4035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 405c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::StartSigninFlow() { 406c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // All cached tokens are invalid because the user is not signed in. 407c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) IdentityAPI* id_api = 408a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) extensions::IdentityAPI::GetFactoryInstance()->Get(GetProfile()); 409c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) id_api->EraseAllCachedTokens(); 410c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Display a login prompt. If the subsequent mint fails, don't display the 411c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // login prompt again. 412c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) should_prompt_for_signin_ = false; 413c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ShowLoginPopup(); 4145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 416c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::StartMintTokenFlow( 417c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) IdentityMintRequestQueue::MintType type) { 418c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) mint_token_flow_type_ = type; 419c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 420c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Flows are serialized to prevent excessive traffic to GAIA, and 421c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // to consolidate UI pop-ups. 422c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) IdentityAPI* id_api = 423a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) extensions::IdentityAPI::GetFactoryInstance()->Get(GetProfile()); 424c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 425c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (!should_prompt_for_scopes_) { 426c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Caller requested no interaction. 427c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 428c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (type == IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE) { 429c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // GAIA told us to do a consent UI. 430c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteFunctionWithError(identity_constants::kNoGrant); 431c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return; 432c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 433c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (!id_api->mint_queue()->empty( 434a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE, *token_key_)) { 435c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Another call is going through a consent UI. 436c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteFunctionWithError(identity_constants::kNoGrant); 437c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return; 438c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 4395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 440a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) id_api->mint_queue()->RequestStart(type, *token_key_, this); 4415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 443c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::CompleteMintTokenFlow() { 444c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) IdentityMintRequestQueue::MintType type = mint_token_flow_type_; 4455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 446c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension()); 447c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::set<std::string> scopes(oauth2_info.scopes.begin(), 448c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) oauth2_info.scopes.end()); 449c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 4501e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) extensions::IdentityAPI::GetFactoryInstance() 451a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) ->Get(GetProfile()) 4521e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ->mint_queue() 453a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) ->RequestComplete(type, *token_key_, this); 4545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 456c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::StartMintToken( 457c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) IdentityMintRequestQueue::MintType type) { 458c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension()); 459a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IdentityAPI* id_api = IdentityAPI::GetFactoryInstance()->Get(GetProfile()); 460a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) IdentityTokenCacheValue cache_entry = id_api->GetCachedToken(*token_key_); 461c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) IdentityTokenCacheValue::CacheValueStatus cache_status = 462c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cache_entry.status(); 463c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 464c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (type == IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE) { 465c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) switch (cache_status) { 466c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case IdentityTokenCacheValue::CACHE_STATUS_NOTFOUND: 467868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#if defined(OS_CHROMEOS) 468868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) // Always force minting token for ChromeOS kiosk app. 469eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch if (chromeos::UserManager::Get()->IsLoggedInAsKioskApp()) { 4708bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) gaia_mint_token_mode_ = OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE; 4715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::BrowserPolicyConnectorChromeOS* connector = 4725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) g_browser_process->platform_part() 4735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ->browser_policy_connector_chromeos(); 4745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (connector->IsEnterpriseManaged()) { 4758bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) StartDeviceLoginAccessTokenRequest(); 476eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } else { 4777dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch StartLoginAccessTokenRequest(); 478eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 479868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) return; 480868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) } 481868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#endif 482eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 4837d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) if (oauth2_info.auto_approve) 4847d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) // oauth2_info.auto_approve is protected by a whitelist in 4857d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) // _manifest_features.json hence only selected extensions take 4867d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) // advantage of forcefully minting the token. 4877dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch gaia_mint_token_mode_ = OAuth2MintTokenFlow::MODE_MINT_TOKEN_FORCE; 4887d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles) else 4897dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch gaia_mint_token_mode_ = OAuth2MintTokenFlow::MODE_MINT_TOKEN_NO_FORCE; 4907dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch StartLoginAccessTokenRequest(); 491c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 492c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 493c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case IdentityTokenCacheValue::CACHE_STATUS_TOKEN: 494c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteMintTokenFlow(); 495c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteFunctionWithResult(cache_entry.token()); 496c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 497c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 498c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case IdentityTokenCacheValue::CACHE_STATUS_ADVICE: 499c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteMintTokenFlow(); 500c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) should_prompt_for_signin_ = false; 501c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) issue_advice_ = cache_entry.issue_advice(); 502c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE); 503c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 504c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 505c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } else { 506c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DCHECK(type == IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE); 507c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 508c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (cache_status == IdentityTokenCacheValue::CACHE_STATUS_TOKEN) { 509c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteMintTokenFlow(); 510c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteFunctionWithResult(cache_entry.token()); 511c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } else { 512c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ShowOAuthApprovalDialog(issue_advice_); 513c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 5145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 515c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 5165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 517c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::OnMintTokenSuccess( 518c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& access_token, int time_to_live) { 519c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) IdentityTokenCacheValue token(access_token, 520c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::TimeDelta::FromSeconds(time_to_live)); 521a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IdentityAPI::GetFactoryInstance()->Get(GetProfile())->SetCachedToken( 522a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) *token_key_, token); 523c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 524c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteMintTokenFlow(); 525c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteFunctionWithResult(access_token); 5265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 528c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::OnMintTokenFailure( 529c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const GoogleServiceAuthError& error) { 530c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteMintTokenFlow(); 531c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 532c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) switch (error.state()) { 533c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS: 534c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case GoogleServiceAuthError::ACCOUNT_DELETED: 535c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case GoogleServiceAuthError::ACCOUNT_DISABLED: 5361e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) extensions::IdentityAPI::GetFactoryInstance() 537a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) ->Get(GetProfile()) 5381e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ->ReportAuthError(error); 539c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (should_prompt_for_signin_) { 540c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Display a login prompt and try again (once). 541c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartSigninFlow(); 542c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return; 543c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 544c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 545c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) default: 546c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Return error to caller. 547c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 5485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 550c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteFunctionWithError( 551c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string(identity_constants::kAuthFailure) + error.ToString()); 5525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 554c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::OnIssueAdviceSuccess( 555c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const IssueAdviceInfo& issue_advice) { 556a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IdentityAPI::GetFactoryInstance()->Get(GetProfile())->SetCachedToken( 557a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) *token_key_, IdentityTokenCacheValue(issue_advice)); 558c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteMintTokenFlow(); 559c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 560c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) should_prompt_for_signin_ = false; 561c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Existing grant was revoked and we used NO_FORCE, so we got info back 562c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // instead. Start a consent UI if we can. 563c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) issue_advice_ = issue_advice; 564c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE); 5655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5677dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochvoid IdentityGetAuthTokenFunction::SigninSuccess() { 568c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE); 5695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 571c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::SigninFailed() { 572c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteFunctionWithError(identity_constants::kUserNotSignedIn); 573c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 574c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 57590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)void IdentityGetAuthTokenFunction::OnGaiaFlowFailure( 57690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) GaiaWebAuthFlow::Failure failure, 57790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) GoogleServiceAuthError service_error, 57890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const std::string& oauth_error) { 57990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CompleteMintTokenFlow(); 58090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) std::string error; 58190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 58290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) switch (failure) { 58390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) case GaiaWebAuthFlow::WINDOW_CLOSED: 58490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) error = identity_constants::kUserRejected; 58590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) break; 58690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 58790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) case GaiaWebAuthFlow::INVALID_REDIRECT: 58890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) error = identity_constants::kInvalidRedirect; 58990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) break; 59090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 59190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) case GaiaWebAuthFlow::SERVICE_AUTH_ERROR: 59290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) error = std::string(identity_constants::kAuthFailure) + 59390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) service_error.ToString(); 59490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) break; 59590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 59690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) case GaiaWebAuthFlow::OAUTH_ERROR: 59790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) error = MapOAuth2ErrorToDescription(oauth_error); 59890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) break; 59990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 600868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) case GaiaWebAuthFlow::LOAD_FAILED: 601868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) error = identity_constants::kPageLoadFailure; 602868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) break; 603868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 60490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) default: 60590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) NOTREACHED() << "Unexpected error from gaia web auth flow: " << failure; 60690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) error = identity_constants::kInvalidRedirect; 60790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) break; 60890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 60990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 61090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CompleteFunctionWithError(error); 611c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 612c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 61390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)void IdentityGetAuthTokenFunction::OnGaiaFlowCompleted( 61490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const std::string& access_token, 61590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const std::string& expiration) { 61690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 61790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) int time_to_live; 61890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (!expiration.empty() && base::StringToInt(expiration, &time_to_live)) { 61990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) IdentityTokenCacheValue token_value( 62090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) access_token, base::TimeDelta::FromSeconds(time_to_live)); 621a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IdentityAPI::GetFactoryInstance()->Get(GetProfile())->SetCachedToken( 622a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) *token_key_, token_value); 62390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) } 62490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 625c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CompleteMintTokenFlow(); 62690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CompleteFunctionWithResult(access_token); 627c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 6285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 629eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochvoid IdentityGetAuthTokenFunction::OnGetTokenSuccess( 630eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const OAuth2TokenService::Request* request, 631eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& access_token, 632eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const base::Time& expiration_time) { 6338bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) login_token_request_.reset(); 6348bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) StartGaiaRequest(access_token); 635eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 636eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 637eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochvoid IdentityGetAuthTokenFunction::OnGetTokenFailure( 638eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const OAuth2TokenService::Request* request, 639eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const GoogleServiceAuthError& error) { 6408bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) login_token_request_.reset(); 641eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch OnGaiaFlowFailure(GaiaWebAuthFlow::SERVICE_AUTH_ERROR, error, std::string()); 642eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 643eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 644e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdochvoid IdentityGetAuthTokenFunction::OnShutdown() { 645e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch gaia_web_auth_flow_.reset(); 646e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch signin_flow_.reset(); 647e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch login_token_request_.reset(); 648e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch extensions::IdentityAPI::GetFactoryInstance() 649e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch ->Get(GetProfile()) 650e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch ->mint_queue() 651e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch ->RequestCancel(*token_key_, this); 652e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch CompleteFunctionWithError(identity_constants::kCanceled); 653e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch} 654e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch 6558bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)#if defined(OS_CHROMEOS) 6568bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)void IdentityGetAuthTokenFunction::StartDeviceLoginAccessTokenRequest() { 657a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) chromeos::DeviceOAuth2TokenService* service = 658a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) chromeos::DeviceOAuth2TokenServiceFactory::Get(); 6598bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) // Since robot account refresh tokens are scoped down to [any-api] only, 6608bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) // request access token for [any-api] instead of login. 6618bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) OAuth2TokenService::ScopeSet scopes; 6628bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) scopes.insert(GaiaConstants::kAnyApiOAuth2Scope); 6638bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) login_token_request_ = 6648bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) service->StartRequest(service->GetRobotAccountId(), 6658bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) scopes, 6668bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) this); 6678bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)} 6688bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)#endif 6698bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) 6707dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdochvoid IdentityGetAuthTokenFunction::StartLoginAccessTokenRequest() { 671a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) ProfileOAuth2TokenService* service = 6721e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ProfileOAuth2TokenServiceFactory::GetForProfile(GetProfile()); 673a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)#if defined(OS_CHROMEOS) 674a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) if (chrome::IsRunningInForcedAppMode()) { 675a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) std::string app_client_id; 676a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) std::string app_client_secret; 677a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) if (chromeos::UserManager::Get()->GetAppModeChromeClientOAuthInfo( 678a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) &app_client_id, &app_client_secret)) { 679a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) login_token_request_ = 68046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) service->StartRequestForClient(token_key_->account_id, 68168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) app_client_id, 682a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) app_client_secret, 683a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) OAuth2TokenService::ScopeSet(), 684a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) this); 685a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) return; 686a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) } 687a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) } 688a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)#endif 68968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) login_token_request_ = service->StartRequest( 69046d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) token_key_->account_id, OAuth2TokenService::ScopeSet(), this); 6917dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch} 6927dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch 693c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::StartGaiaRequest( 6947dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch const std::string& login_access_token) { 6957dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch DCHECK(!login_access_token.empty()); 6967dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch mint_token_flow_.reset(CreateMintTokenFlow(login_access_token)); 697c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) mint_token_flow_->Start(); 698c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 699c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 700c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityGetAuthTokenFunction::ShowLoginPopup() { 7011e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) signin_flow_.reset(new IdentitySigninFlow(this, GetProfile())); 702c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) signin_flow_->Start(); 7035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void IdentityGetAuthTokenFunction::ShowOAuthApprovalDialog( 7065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const IssueAdviceInfo& issue_advice) { 70790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension()); 708868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) const std::string locale = g_browser_process->local_state()->GetString( 709868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) prefs::kApplicationLocale); 71090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 71146d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) gaia_web_auth_flow_.reset(new GaiaWebAuthFlow(this, 71246d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) GetProfile(), 71346d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) token_key_->account_id, 71446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) GetExtension()->id(), 71546d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) oauth2_info, 71646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) locale)); 71790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) gaia_web_auth_flow_->Start(); 7185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)OAuth2MintTokenFlow* IdentityGetAuthTokenFunction::CreateMintTokenFlow( 7217dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch const std::string& login_access_token) { 7222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension()); 723eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 7241e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) OAuth2MintTokenFlow* mint_token_flow = new OAuth2MintTokenFlow( 7251e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) GetProfile()->GetRequestContext(), 7261e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) this, 7271e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) OAuth2MintTokenFlow::Parameters(login_access_token, 7281e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) GetExtension()->id(), 7291e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) oauth2_client_id_, 7301e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) oauth2_info.scopes, 7311e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) gaia_mint_token_mode_)); 732c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return mint_token_flow; 7335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool IdentityGetAuthTokenFunction::HasLoginToken() const { 73668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) ProfileOAuth2TokenService* token_service = 7371e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ProfileOAuth2TokenServiceFactory::GetForProfile(GetProfile()); 73846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) return token_service->RefreshTokenIsAvailable(token_key_->account_id); 7395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 74190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)std::string IdentityGetAuthTokenFunction::MapOAuth2ErrorToDescription( 74290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const std::string& error) { 74390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const char kOAuth2ErrorAccessDenied[] = "access_denied"; 74490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const char kOAuth2ErrorInvalidScope[] = "invalid_scope"; 74590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 74690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (error == kOAuth2ErrorAccessDenied) 74790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return std::string(identity_constants::kUserRejected); 74890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) else if (error == kOAuth2ErrorInvalidScope) 74990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return std::string(identity_constants::kInvalidScopes); 75090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) else 75190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) return std::string(identity_constants::kAuthFailure) + error; 75290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 75390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 754eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochstd::string IdentityGetAuthTokenFunction::GetOAuth2ClientId() const { 755eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(GetExtension()); 756eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch std::string client_id = oauth2_info.client_id; 757eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 758eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Component apps using auto_approve may use Chrome's client ID by 759eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // omitting the field. 760eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch if (client_id.empty() && GetExtension()->location() == Manifest::COMPONENT && 761eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch oauth2_info.auto_approve) { 762eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch client_id = GaiaUrls::GetInstance()->oauth2_chrome_client_id(); 763eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 764eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch return client_id; 765eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 766eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 767c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)IdentityRemoveCachedAuthTokenFunction::IdentityRemoveCachedAuthTokenFunction() { 768c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 769c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 770c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)IdentityRemoveCachedAuthTokenFunction:: 771c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ~IdentityRemoveCachedAuthTokenFunction() { 772c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 773c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 7745c02ac1a9c1b504631c0a3d2b6e737b5d738bae1Bo Liubool IdentityRemoveCachedAuthTokenFunction::RunSync() { 7751e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) if (GetProfile()->IsOffTheRecord()) { 776c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) error_ = identity_constants::kOffTheRecord; 777c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return false; 778c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 779c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 780c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_ptr<identity::RemoveCachedAuthToken::Params> params( 781c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) identity::RemoveCachedAuthToken::Params::Create(*args_)); 782c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXTENSION_FUNCTION_VALIDATE(params.get()); 783a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) IdentityAPI::GetFactoryInstance()->Get(GetProfile())->EraseCachedToken( 784a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) GetExtension()->id(), params->details.token); 785c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return true; 786c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 787c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 7885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)IdentityLaunchWebAuthFlowFunction::IdentityLaunchWebAuthFlowFunction() {} 78990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 79090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)IdentityLaunchWebAuthFlowFunction::~IdentityLaunchWebAuthFlowFunction() { 79190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) if (auth_flow_) 79290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) auth_flow_.release()->DetachDelegateAndDelete(); 79390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 7945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 795010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)bool IdentityLaunchWebAuthFlowFunction::RunAsync() { 7961e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) if (GetProfile()->IsOffTheRecord()) { 797c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) error_ = identity_constants::kOffTheRecord; 798c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return false; 799c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 800c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 801c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_ptr<identity::LaunchWebAuthFlow::Params> params( 802c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) identity::LaunchWebAuthFlow::Params::Create(*args_)); 8035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXTENSION_FUNCTION_VALIDATE(params.get()); 8045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 805c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) GURL auth_url(params->details.url); 8065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) WebAuthFlow::Mode mode = 807c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) params->details.interactive && *params->details.interactive ? 8085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) WebAuthFlow::INTERACTIVE : WebAuthFlow::SILENT; 8095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 810c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Set up acceptable target URLs. (Does not include chrome-extension 811c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // scheme for this version of the API.) 812b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) InitFinalRedirectURLPrefix(GetExtension()->id()); 813c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 8145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AddRef(); // Balanced in OnAuthFlowSuccess/Failure. 8152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 8161e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) auth_flow_.reset(new WebAuthFlow(this, GetProfile(), auth_url, mode)); 8175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) auth_flow_->Start(); 8185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 8195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 8205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 821b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void IdentityLaunchWebAuthFlowFunction::InitFinalRedirectURLPrefixForTest( 822c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& extension_id) { 823b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) InitFinalRedirectURLPrefix(extension_id); 824c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 825c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 826b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void IdentityLaunchWebAuthFlowFunction::InitFinalRedirectURLPrefix( 827c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& extension_id) { 828b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) if (final_url_prefix_.is_empty()) { 829b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) final_url_prefix_ = GURL(base::StringPrintf( 830b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) kChromiumDomainRedirectUrlPattern, extension_id.c_str())); 831b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) } 832c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 833c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 834c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityLaunchWebAuthFlowFunction::OnAuthFlowFailure( 835c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) WebAuthFlow::Failure failure) { 836c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) switch (failure) { 837c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case WebAuthFlow::WINDOW_CLOSED: 838c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) error_ = identity_constants::kUserRejected; 839c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 840c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) case WebAuthFlow::INTERACTION_REQUIRED: 841c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) error_ = identity_constants::kInteractionRequired; 842c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 843868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) case WebAuthFlow::LOAD_FAILED: 844868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) error_ = identity_constants::kPageLoadFailure; 845868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) break; 846c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) default: 847c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) NOTREACHED() << "Unexpected error from web auth flow: " << failure; 848c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) error_ = identity_constants::kInvalidRedirect; 849c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) break; 850c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 8515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SendResponse(false); 852010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) Release(); // Balanced in RunAsync. 8535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 8545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 855c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void IdentityLaunchWebAuthFlowFunction::OnAuthFlowURLChange( 856c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const GURL& redirect_url) { 857b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) if (redirect_url.GetWithEmptyPath() == final_url_prefix_) { 8583551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) SetResult(new base::StringValue(redirect_url.spec())); 859c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SendResponse(true); 860010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) Release(); // Balanced in RunAsync. 861c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 862c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 863c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 8645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace extensions 865