1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_ 6 #define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_ 7 8 #include "chrome/browser/extensions/api/identity/web_auth_flow.h" 9 #include "chrome/browser/signin/ubertoken_fetcher.h" 10 #include "chrome/browser/ui/host_desktop.h" 11 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h" 12 13 namespace extensions { 14 15 // Implements a web-based OAuth2 scope approval dialog. This flow has 16 // four parts: 17 // 1. Fetch an ubertoken for the signed-in user. 18 // 2. Use the ubertoken to get session cookies using MergeSession. 19 // 3. Start the OAuth flow and wait for final redirect. 20 // 4. Parse results from the fragment component of the final redirect URI. 21 // 22 // The OAuth flow is a special version of the OAuth2 out-of-band flow 23 // where the final response page's title contains the 24 // redirect_uri. The redirect URI has an unusual format to prevent its 25 // use in other contexts. The scheme of the URI is a reversed version 26 // of the OAuth client ID, and the path starts with the Chrome 27 // extension ID. For example, an app with the OAuth client ID 28 // "32610281651.apps.googleusercontent.com" and a Chrome app ID 29 // "kbinjhdkhikmpjoejcfofghmjjpidcnj", would get redirected to: 30 // 31 // com.googleusercontent.apps.32610281651:/kbinjhdkhikmpjoejcfofghmjjpidcnj 32 // 33 // Arriving at this URI completes the flow. The last response from 34 // gaia does a JavaScript redirect to the special URI, but also 35 // includes the same URI in its title. The navigation to this URI gets 36 // filtered out because of its unusual protocol scheme, so 37 // GaiaWebAuthFlow pulls it out of the window title instead. 38 39 class GaiaWebAuthFlow : public UbertokenConsumer, public WebAuthFlow::Delegate { 40 public: 41 enum Failure { 42 WINDOW_CLOSED, // Window closed by user. 43 INVALID_REDIRECT, // Redirect parse error. 44 SERVICE_AUTH_ERROR, // Non-OAuth related authentication error 45 OAUTH_ERROR, // Flow reached final redirect, which contained an error. 46 LOAD_FAILED // An auth flow page failed to load. 47 }; 48 49 class Delegate { 50 public: 51 // Called when the flow fails prior to the final OAuth redirect, 52 // TODO(courage): LOAD_FAILURE descriptions? 53 virtual void OnGaiaFlowFailure(Failure failure, 54 GoogleServiceAuthError service_error, 55 const std::string& oauth_error) = 0; 56 // Called when the OAuth2 flow completes. 57 virtual void OnGaiaFlowCompleted(const std::string& access_token, 58 const std::string& expiration) = 0; 59 }; 60 61 GaiaWebAuthFlow(Delegate* delegate, 62 Profile* profile, 63 const std::string& extension_id, 64 const OAuth2Info& oauth2_info, 65 const std::string& locale); 66 virtual ~GaiaWebAuthFlow(); 67 68 // Starts the flow by fetching an ubertoken. Can override for testing. 69 virtual void Start(); 70 71 // UbertokenConsumer implementation: 72 virtual void OnUbertokenSuccess(const std::string& token) OVERRIDE; 73 virtual void OnUbertokenFailure(const GoogleServiceAuthError& error) OVERRIDE; 74 75 // WebAuthFlow::Delegate implementation. 76 virtual void OnAuthFlowFailure(WebAuthFlow::Failure failure) OVERRIDE; 77 virtual void OnAuthFlowURLChange(const GURL& redirect_url) OVERRIDE; 78 virtual void OnAuthFlowTitleChange(const std::string& title) OVERRIDE; 79 80 private: 81 // Creates a WebAuthFlow, which will navigate to |url|. Can override 82 // for testing. Used to kick off the MergeSession (step #2). 83 virtual scoped_ptr<WebAuthFlow> CreateWebAuthFlow(GURL url); 84 85 Delegate* delegate_; 86 Profile* profile_; 87 chrome::HostDesktopType host_desktop_type_; 88 std::string redirect_scheme_; 89 std::string redirect_path_prefix_; 90 GURL auth_url_; 91 scoped_ptr<UbertokenFetcher> ubertoken_fetcher_; 92 scoped_ptr<WebAuthFlow> web_flow_; 93 94 DISALLOW_COPY_AND_ASSIGN(GaiaWebAuthFlow); 95 }; 96 97 } // extensions 98 99 #endif // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_ 100