Home | History | Annotate | Download | only in identity 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
      6 #define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
      7 
      8 #include "chrome/browser/extensions/api/identity/web_auth_flow.h"
      9 #include "chrome/browser/signin/ubertoken_fetcher.h"
     10 #include "chrome/browser/ui/host_desktop.h"
     11 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
     12 
     13 namespace extensions {
     14 
     15 // Implements a web-based OAuth2 scope approval dialog. This flow has
     16 // four parts:
     17 // 1. Fetch an ubertoken for the signed-in user.
     18 // 2. Use the ubertoken to get session cookies using MergeSession.
     19 // 3. Start the OAuth flow and wait for final redirect.
     20 // 4. Parse results from the fragment component of the final redirect URI.
     21 //
     22 // The OAuth flow is a special version of the OAuth2 out-of-band flow
     23 // where the final response page's title contains the
     24 // redirect_uri. The redirect URI has an unusual format to prevent its
     25 // use in other contexts. The scheme of the URI is a reversed version
     26 // of the OAuth client ID, and the path starts with the Chrome
     27 // extension ID. For example, an app with the OAuth client ID
     28 // "32610281651.apps.googleusercontent.com" and a Chrome app ID
     29 // "kbinjhdkhikmpjoejcfofghmjjpidcnj", would get redirected to:
     30 //
     31 // com.googleusercontent.apps.32610281651:/kbinjhdkhikmpjoejcfofghmjjpidcnj
     32 //
     33 // Arriving at this URI completes the flow. The last response from
     34 // gaia does a JavaScript redirect to the special URI, but also
     35 // includes the same URI in its title. The navigation to this URI gets
     36 // filtered out because of its unusual protocol scheme, so
     37 // GaiaWebAuthFlow pulls it out of the window title instead.
     38 
     39 class GaiaWebAuthFlow : public UbertokenConsumer, public WebAuthFlow::Delegate {
     40  public:
     41   enum Failure {
     42     WINDOW_CLOSED,  // Window closed by user.
     43     INVALID_REDIRECT,  // Redirect parse error.
     44     SERVICE_AUTH_ERROR,  // Non-OAuth related authentication error
     45     OAUTH_ERROR,  // Flow reached final redirect, which contained an error.
     46     LOAD_FAILED  // An auth flow page failed to load.
     47   };
     48 
     49   class Delegate {
     50    public:
     51     // Called when the flow fails prior to the final OAuth redirect,
     52     // TODO(courage): LOAD_FAILURE descriptions?
     53     virtual void OnGaiaFlowFailure(Failure failure,
     54                                    GoogleServiceAuthError service_error,
     55                                    const std::string& oauth_error) = 0;
     56     // Called when the OAuth2 flow completes.
     57     virtual void OnGaiaFlowCompleted(const std::string& access_token,
     58                                      const std::string& expiration) = 0;
     59   };
     60 
     61   GaiaWebAuthFlow(Delegate* delegate,
     62                   Profile* profile,
     63                   const std::string& extension_id,
     64                   const OAuth2Info& oauth2_info,
     65                   const std::string& locale);
     66   virtual ~GaiaWebAuthFlow();
     67 
     68   // Starts the flow by fetching an ubertoken. Can override for testing.
     69   virtual void Start();
     70 
     71   // UbertokenConsumer implementation:
     72   virtual void OnUbertokenSuccess(const std::string& token) OVERRIDE;
     73   virtual void OnUbertokenFailure(const GoogleServiceAuthError& error) OVERRIDE;
     74 
     75   // WebAuthFlow::Delegate implementation.
     76   virtual void OnAuthFlowFailure(WebAuthFlow::Failure failure) OVERRIDE;
     77   virtual void OnAuthFlowURLChange(const GURL& redirect_url) OVERRIDE;
     78   virtual void OnAuthFlowTitleChange(const std::string& title) OVERRIDE;
     79 
     80  private:
     81   // Creates a WebAuthFlow, which will navigate to |url|. Can override
     82   // for testing. Used to kick off the MergeSession (step #2).
     83   virtual scoped_ptr<WebAuthFlow> CreateWebAuthFlow(GURL url);
     84 
     85   Delegate* delegate_;
     86   Profile* profile_;
     87   chrome::HostDesktopType host_desktop_type_;
     88   std::string redirect_scheme_;
     89   std::string redirect_path_prefix_;
     90   GURL auth_url_;
     91   scoped_ptr<UbertokenFetcher> ubertoken_fetcher_;
     92   scoped_ptr<WebAuthFlow> web_flow_;
     93 
     94   DISALLOW_COPY_AND_ASSIGN(GaiaWebAuthFlow);
     95 };
     96 
     97 }  // extensions
     98 
     99 #endif  // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
    100