1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_REFRESH_TOKEN_FETCHER_H_ 6#define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_REFRESH_TOKEN_FETCHER_H_ 7 8#include <string> 9 10#include "base/callback_forward.h" 11#include "base/compiler_specific.h" 12#include "base/memory/scoped_ptr.h" 13#include "base/strings/string16.h" 14 15class GoogleServiceAuthError; 16class OAuth2TokenService; 17 18namespace net { 19class URLRequestContextGetter; 20} 21 22// This class fetches an OAuth2 refresh token that is tied to a supervised user 23// ID and downscoped to a special scope for Chrome Sync for supervised users. 24// Fetching the token consists of the following steps: 25// 1. Get an access token for the custodian from OAuth2TokenService 26// (either cached or fetched). 27// 2. Call the IssueToken API to mint a scoped authorization code for a 28// refresh token for the supervised user from the custodian's access token. 29// 3. Exchange the authorization code for a refresh token for the supervised 30// user and return it to the caller. The refresh token can only be used to 31// mint tokens with the special supervised user Sync scope. 32class SupervisedUserRefreshTokenFetcher { 33 public: 34 typedef base::Callback<void(const GoogleServiceAuthError& /* error */, 35 const std::string& /* refresh_token */)> 36 TokenCallback; 37 38 static scoped_ptr<SupervisedUserRefreshTokenFetcher> Create( 39 OAuth2TokenService* oauth2_token_service, 40 const std::string& account_id, 41 const std::string& device_id, 42 net::URLRequestContextGetter* context); 43 44 virtual ~SupervisedUserRefreshTokenFetcher(); 45 46 virtual void Start(const std::string& supervised_user_id, 47 const std::string& device_name, 48 const TokenCallback& callback) = 0; 49}; 50 51#endif // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_REFRESH_TOKEN_FETCHER_H_ 52