chrome/browser/extensions/api/identity/gaia_web_auth_flow.h

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
   6 #define CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_
   7
   8 #include "chrome/browser/extensions/api/identity/extension_token_key.h"
   9 #include "chrome/browser/extensions/api/identity/web_auth_flow.h"
  10 #include "chrome/browser/ui/host_desktop.h"
  11 #include "extensions/common/manifest_handlers/oauth2_manifest_handler.h"
  12 #include "google_apis/gaia/ubertoken_fetcher.h"
  13
  14 namespace extensions {
  15
  16 // Implements a web-based OAuth2 scope approval dialog. This flow has
  17 // four parts:
  18 // 1. Fetch an ubertoken for a signed-in user.
  19 // 2. Use the ubertoken to get session cookies using MergeSession.
  20 // 3. Start the OAuth flow and wait for final redirect.
  21 // 4. Parse results from the fragment component of the final redirect URI.
  22 //
  23 // The OAuth flow is a special version of the OAuth2 out-of-band flow
  24 // where the final response page's title contains the
  25 // redirect_uri. The redirect URI has an unusual format to prevent its
  26 // use in other contexts. The scheme of the URI is a reversed version
  27 // of the OAuth client ID, and the path starts with the Chrome
  28 // extension ID. For example, an app with the OAuth client ID
  29 // "32610281651.apps.googleusercontent.com" and a Chrome app ID
  30 // "kbinjhdkhikmpjoejcfofghmjjpidcnj", would get redirected to:
  31 //
  32 // com.googleusercontent.apps.32610281651:/kbinjhdkhikmpjoejcfofghmjjpidcnj
  33 //
  34 // Arriving at this URI completes the flow. The last response from
  35 // gaia does a JavaScript redirect to the special URI, but also
  36 // includes the same URI in its title. The navigation to this URI gets
  37 // filtered out because of its unusual protocol scheme, so
  38 // GaiaWebAuthFlow pulls it out of the window title instead.
  39
  40 class GaiaWebAuthFlow : public UbertokenConsumer, public WebAuthFlow::Delegate {
  41  public:
  42   enum Failure {
  43     WINDOW_CLOSED,  // Window closed by user.
  44     INVALID_REDIRECT,  // Redirect parse error.
  45     SERVICE_AUTH_ERROR,  // Non-OAuth related authentication error
  46     OAUTH_ERROR,  // Flow reached final redirect, which contained an error.
  47     LOAD_FAILED  // An auth flow page failed to load.
  48   };
  49
  50   class Delegate {
  51    public:
  52     // Called when the flow fails prior to the final OAuth redirect,
  53     // TODO(courage): LOAD_FAILURE descriptions?
  54     virtual void OnGaiaFlowFailure(Failure failure,
  55                                    GoogleServiceAuthError service_error,
  56                                    const std::string& oauth_error) = 0;
  57     // Called when the OAuth2 flow completes.
  58     virtual void OnGaiaFlowCompleted(const std::string& access_token,
  59                                      const std::string& expiration) = 0;
  60   };
  61
  62   GaiaWebAuthFlow(Delegate* delegate,
  63                   Profile* profile,
  64                   const ExtensionTokenKey* token_key,
  65                   const std::string& oauth2_client_id,
  66                   const std::string& locale);
  67   ~GaiaWebAuthFlow() override;
  68
  69   // Starts the flow by fetching an ubertoken. Can override for testing.
  70   virtual void Start();
  71
  72   // UbertokenConsumer implementation:
  73   void OnUbertokenSuccess(const std::string& token) override;
  74   void OnUbertokenFailure(const GoogleServiceAuthError& error) override;
  75
  76   // WebAuthFlow::Delegate implementation.
  77   void OnAuthFlowFailure(WebAuthFlow::Failure failure) override;
  78   void OnAuthFlowURLChange(const GURL& redirect_url) override;
  79   void OnAuthFlowTitleChange(const std::string& title) override;
  80
  81  private:
  82   // Creates a WebAuthFlow, which will navigate to |url|. Can override
  83   // for testing. Used to kick off the MergeSession (step #2).
  84   virtual scoped_ptr<WebAuthFlow> CreateWebAuthFlow(GURL url);
  85
  86   Delegate* delegate_;
  87   Profile* profile_;
  88   std::string account_id_;
  89   chrome::HostDesktopType host_desktop_type_;
  90   std::string redirect_scheme_;
  91   std::string redirect_path_prefix_;
  92   GURL auth_url_;
  93   scoped_ptr<UbertokenFetcher> ubertoken_fetcher_;
  94   scoped_ptr<WebAuthFlow> web_flow_;
  95
  96   DISALLOW_COPY_AND_ASSIGN(GaiaWebAuthFlow);
  97 };
  98
  99 }  // namespace extensions
 100
 101 #endif  // CHROME_BROWSER_EXTENSIONS_API_IDENTITY_GAIA_WEB_AUTH_FLOW_H_