Home | History | Annotate | Download | only in api 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 // Use the <code>chrome.identity</code> API to get OAuth2 access tokens.
      6 namespace identity {
      7 
      8   dictionary AccountInfo {
      9     // A unique identifier for the account. This ID will not change
     10     // for the lifetime of the account.
     11     DOMString id;
     12   };
     13 
     14   dictionary ProfileUserInfo {
     15     // An email address for the user account signed into the current
     16     // profile. Empty if the user is not signed in.
     17     DOMString email;
     18 
     19     // A unique identifier for the account. This ID will not change
     20     // for the lifetime of the account. Empty if the user is not
     21     // signed in.
     22     DOMString id;
     23   };
     24 
     25   dictionary TokenDetails {
     26     // Fetching a token may require the user to sign-in to Chrome, or
     27     // approve the application's requested scopes. If the interactive
     28     // flag is <code>true</code>, <code>getAuthToken</code> will
     29     // prompt the user as necessary. When the flag is
     30     // <code>false</code> or omitted, <code>getAuthToken</code> will
     31     // return failure any time a prompt would be required.
     32     boolean? interactive;
     33 
     34     // The account ID whose token should be returned. If not
     35     // specified, the primary account for the profile will be used.
     36     //
     37     // <code>account</code> is only supported when the
     38     // "enable-new-profile-management" flag is set.
     39     AccountInfo? account;
     40 
     41     // A list of OAuth2 scopes to request.
     42     //
     43     // When the <code>scopes</code> field is present, it overrides the
     44     // list of scopes specified in manifest.json.
     45     DOMString[]? scopes;
     46   };
     47 
     48   dictionary InvalidTokenDetails {
     49     // The specific token that should be removed from the cache.
     50     DOMString token;
     51   };
     52 
     53   dictionary WebAuthFlowDetails {
     54     // The URL that initiates the auth flow.
     55     DOMString url;
     56 
     57     // Whether to launch auth flow in interactive mode.
     58     //
     59     // Since some auth flows may immediately redirect to a result URL,
     60     // <code>launchWebAuthFlow</code> hides its web view until the
     61     // first navigation either redirects to the final URL, or finishes
     62     // loading a page meant to be displayed.
     63     //
     64     // If the interactive flag is <code>true</code>, the window will
     65     // be displayed when a page load completes. If the flag is
     66     // <code>false</code> or omitted, <code>launchWebAuthFlow</code>
     67     // will return with an error if the initial navigation does not
     68     // complete the flow.
     69     boolean? interactive;
     70   };
     71 
     72   callback GetAuthTokenCallback = void (optional DOMString token);
     73   callback GetAccountsCallback = void (AccountInfo[] accounts);
     74   callback GetProfileUserInfoCallback = void (ProfileUserInfo userInfo);
     75   callback InvalidateAuthTokenCallback = void ();
     76   callback LaunchWebAuthFlowCallback = void (optional DOMString responseUrl);
     77 
     78   interface Functions {
     79     // Retrieves a list of AccountInfo objects describing the accounts
     80     // present on the profile.
     81     //
     82     // <code>getAccounts</code> is only supported on dev channel.
     83     static void getAccounts(GetAccountsCallback callback);
     84 
     85     // Gets an OAuth2 access token using the client ID and scopes
     86     // specified in the <a
     87     // href="app_identity.html#update_manifest"><code>oauth2</code>
     88     // section of manifest.json</a>.
     89     //
     90     // The Identity API caches access tokens in memory, so it's ok to
     91     // call <code>getAuthToken</code> non-interactively any time a token is
     92     // required. The token cache automatically handles expiration.
     93     //
     94     // For a good user experience it is important interactive token requests are
     95     // initiated by UI in your app explaining what the authorization is for.
     96     // Failing to do this will cause your users to get authorization requests,
     97     // or Chrome sign in screens if they are not signed in, with with no
     98     // context. In particular, do not use <code>getAuthToken</code>
     99     // interactively when your app is first launched.
    100     //
    101     // |details| : Token options.
    102     // |callback| : Called with an OAuth2 access token as specified by the
    103     // manifest, or undefined if there was an error.
    104     static void getAuthToken(optional TokenDetails details,
    105                              GetAuthTokenCallback callback);
    106 
    107     // Retrieves email address and obfuscated gaia id of the user
    108     // signed into a profile.
    109     //
    110     // This API is different from identity.getAccounts in two
    111     // ways. The information returned is available offline, and it
    112     // only applies to the primary account for the profile.
    113     static void getProfileUserInfo(GetProfileUserInfoCallback callback);
    114 
    115     // Removes an OAuth2 access token from the Identity API's token cache.
    116     //
    117     // If an access token is discovered to be invalid, it should be
    118     // passed to removeCachedAuthToken to remove it from the
    119     // cache. The app may then retrieve a fresh token with
    120     // <code>getAuthToken</code>.
    121     //
    122     // |details| : Token information.
    123     // |callback| : Called when the token has been removed from the cache.
    124     static void removeCachedAuthToken(
    125         InvalidTokenDetails details, InvalidateAuthTokenCallback callback);
    126 
    127     // Starts an auth flow at the specified URL.
    128     //
    129     // This method enables auth flows with non-Google identity
    130     // providers by launching a web view and navigating it to the
    131     // first URL in the provider's auth flow. When the provider
    132     // redirects to a URL matching the pattern
    133     // <code>https://<app-id>.chromiumapp.org/*</code>, the
    134     // window will close, and the final redirect URL will be passed to
    135     // the <var>callback</var> function.
    136     //
    137     // For a good user experience it is important interactive auth flows are
    138     // initiated by UI in your app explaining what the authorization is for.
    139     // Failing to do this will cause your users to get authorization requests
    140     // with no context. In particular, do not launch an interactive auth flow
    141     // when your app is first launched.
    142     //
    143     // |details| : WebAuth flow options.
    144     // |callback| : Called with the URL redirected back to your application.
    145     static void launchWebAuthFlow(WebAuthFlowDetails details,
    146                                   LaunchWebAuthFlowCallback callback);
    147 
    148     // Generates a redirect URL to be used in |launchWebAuthFlow|.
    149     //
    150     // The generated URLs match the pattern
    151     // <code>https://<app-id>.chromiumapp.org/*</code>.
    152     //
    153     // |path| : The path appended to the end of the generated URL.
    154     [nocompile] static DOMString getRedirectURL(optional DOMString path);
    155   };
    156 
    157   interface Events {
    158     // Fired when signin state changes for an account on the user's profile.
    159     static void onSignInChanged(AccountInfo account, boolean signedIn);
    160   };
    161 };
    162