1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.h"
7 #include "chrome/browser/chrome_notification_types.h"
8 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
9 #include "components/policy/core/common/cloud/cloud_policy_core.h"
10 #include "components/signin/core/browser/profile_oauth2_token_service.h"
11 #include "components/signin/core/browser/signin_manager.h"
12 #include "content/public/browser/notification_source.h"
13 #include "google_apis/gaia/gaia_constants.h"
17 UserCloudPolicyTokenForwarder::UserCloudPolicyTokenForwarder(
18 UserCloudPolicyManagerChromeOS
* manager
,
19 ProfileOAuth2TokenService
* token_service
,
20 SigninManagerBase
* signin_manager
)
21 : OAuth2TokenService::Consumer("policy_token_forwarder"),
23 token_service_(token_service
),
24 signin_manager_(signin_manager
) {
25 // Start by waiting for the CloudPolicyService to be initialized, so that
26 // we can check if it already has a DMToken or not.
27 if (manager_
->core()->service()->IsInitializationComplete()) {
30 manager_
->core()->service()->AddObserver(this);
34 UserCloudPolicyTokenForwarder::~UserCloudPolicyTokenForwarder() {}
36 void UserCloudPolicyTokenForwarder::Shutdown() {
38 token_service_
->RemoveObserver(this);
39 manager_
->core()->service()->RemoveObserver(this);
42 void UserCloudPolicyTokenForwarder::OnRefreshTokenAvailable(
43 const std::string
& account_id
) {
47 void UserCloudPolicyTokenForwarder::OnGetTokenSuccess(
48 const OAuth2TokenService::Request
* request
,
49 const std::string
& access_token
,
50 const base::Time
& expiration_time
) {
51 manager_
->OnAccessTokenAvailable(access_token
);
56 void UserCloudPolicyTokenForwarder::OnGetTokenFailure(
57 const OAuth2TokenService::Request
* request
,
58 const GoogleServiceAuthError
& error
) {
59 // This should seldom happen: if the user is signing in for the first time
60 // then this was an online signin and network errors are unlikely; if the
61 // user had already signed in before then he should have policy cached, and
62 // RequestAccessToken() wouldn't have been invoked.
63 // Still, something just went wrong (server 500, or something). Currently
64 // we don't recover in this case, and we'll just try to register for policy
65 // again on the next signin.
66 // TODO(joaodasilva, atwilson): consider blocking signin when this happens,
67 // so that the user has to try again before getting into the session. That
68 // would guarantee that a session always has fresh policy, or at least
69 // enforces a cached policy.
73 void UserCloudPolicyTokenForwarder::OnInitializationCompleted(
74 CloudPolicyService
* service
) {
78 void UserCloudPolicyTokenForwarder::Initialize() {
79 // TODO(mnissler): Once a better way to reconfirm whether a user is on the
80 // login whitelist is available, there is no reason to fetch the OAuth2 token
81 // here if the client is already registered, so check and bail out here.
83 if (token_service_
->RefreshTokenIsAvailable(
84 signin_manager_
->GetAuthenticatedAccountId()))
87 token_service_
->AddObserver(this);
90 void UserCloudPolicyTokenForwarder::RequestAccessToken() {
91 OAuth2TokenService::ScopeSet scopes
;
92 scopes
.insert(GaiaConstants::kDeviceManagementServiceOAuth
);
93 scopes
.insert(GaiaConstants::kOAuthWrapBridgeUserInfoScope
);
94 request_
= token_service_
->StartRequest(
95 signin_manager_
->GetAuthenticatedAccountId(), scopes
, this);
