| blob | 0243d60da96f5a9d8fa0381aca913a293db9ae80 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_
6 #define GOOGLE_APIS_GAIA_GAIA_AUTH_FETCHER_H_
8 #include <string>
9 #include <vector>
18 // Authenticate a user against the Google Accounts ClientLogin API
19 // with various capabilities and return results to a GaiaAuthConsumer.
20 //
21 // In the future, we will also issue auth tokens from this class.
22 // This class should be used on a single thread, but it can be whichever thread
23 // that you like.
24 //
25 // This class can handle one request at a time on any thread. To parallelize
26 // requests, create multiple GaiaAuthFetcher's.
34 }
39 HostedAccountsAllowed,
40 HostedAccountsNotAllowed
41 };
43 // Magic string indicating that, while a second factor is still
44 // needed to complete authentication, the user provided the right password.
47 // Magic string indicating that though the user does not have Less Secure
48 // Apps enabled, the user provided the right password.
51 // This will later be hidden behind an auth service which caches
52 // tokens.
58 // Start a request to obtain the SID and LSID cookies for the the account
59 // identified by |username| and |password|. If |service| is not null or
60 // empty, then also obtains a service token for specified service.
61 //
62 // If this is a second call because of captcha challenge, then the
63 // |login_token| and |login_captcha| arugment should correspond to the
64 // solution of the challenge.
65 //
66 // Either OnClientLoginSuccess or OnClientLoginFailure will be
67 // called on the consumer on the original thread.
73 HostedAccountsSetting allow_hosted_accounts);
75 // Start a request to obtain service token for the the account identified by
76 // |sid| and |lsid| and the |service|.
77 //
78 // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be
79 // called on the consumer on the original thread.
84 // Start a request to obtain |service| token for the the account identified by
85 // |uber_token|.
86 //
87 // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be
88 // called on the consumer on the original thread.
92 // Start a request to obtain service token for the the account identified by
93 // |oauth2_access_token| and the |service|.
94 //
95 // Either OnIssueAuthTokenSuccess or OnIssueAuthTokenFailure will be
96 // called on the consumer on the original thread.
100 // Start a request to exchange an "lso" service token given by |auth_token|
101 // for an OAuthLogin-scoped oauth2 token.
102 //
103 // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
104 // called on the consumer on the original thread.
107 // Start a request to revoke |auth_token|.
108 //
109 // OnOAuth2RevokeTokenCompleted will be called on the consumer on the original
110 // thread.
113 // Start a request to exchange the cookies of a signed-in user session
114 // for an OAuthLogin-scoped oauth2 token. In the case of a session with
115 // multiple accounts signed in, |session_index| indicate the which of accounts
116 // within the session.
117 //
118 // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
119 // called on the consumer on the original thread.
122 // Start a request to exchange the cookies of a signed-in user session
123 // for an OAuthLogin-scoped oauth2 token. In the case of a session with
124 // multiple accounts signed in, |session_index| indicate the which of accounts
125 // within the session.
126 // Resulting refresh token is annotated on the server with |device_id|. Format
127 // of device_id on the server is at most 64 unicode characters.
128 //
129 // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
130 // called on the consumer on the original thread.
135 // Start a request to exchange the authorization code for an OAuthLogin-scoped
136 // oauth2 token.
137 //
138 // Either OnClientOAuthSuccess or OnClientOAuthFailure will be
139 // called on the consumer on the original thread.
142 // Start a request to get user info for the account identified by |lsid|.
143 //
144 // Either OnGetUserInfoSuccess or OnGetUserInfoFailure will be
145 // called on the consumer on the original thread.
148 // Start a MergeSession request to pre-login the user with the given
149 // credentials.
150 //
151 // Start a MergeSession request to fill the browsing cookie jar with
152 // credentials represented by the account whose uber-auth token is
153 // |uber_token|. This method will modify the cookies of the current profile.
154 //
155 // The |external_cc_result| string can specify the result of connetion checks
156 // for various google properties, and MergeSession will set cookies on those
157 // properties too if appropriate. See StartGetCheckConnectionInfo() for
158 // details. The string is a comma separated list of token/result pairs, where
159 // token and result are separated by a colon. This string may be empty, in
160 // which case no specific handling is performed.
161 //
162 // Either OnMergeSessionSuccess or OnMergeSessionFailure will be
163 // called on the consumer on the original thread.
167 // Start a request to exchange an OAuthLogin-scoped oauth2 access token for an
168 // uber-auth token. The returned token can be used with the method
169 // StartMergeSession().
170 //
171 // Either OnUberAuthTokenSuccess or OnUberAuthTokenFailure will be
172 // called on the consumer on the original thread.
175 // Start a request to exchange an OAuthLogin-scoped oauth2 access token for a
176 // ClientLogin-style service tokens. The response to this request is the
177 // same as the response to a ClientLogin request, except that captcha
178 // challenges are never issued.
179 //
180 // Either OnClientLoginSuccess or OnClientLoginFailure will be
181 // called on the consumer on the original thread. If |service| is empty,
182 // the call will attempt to fetch uber auth token.
186 // Starts a request to list the accounts in the GAIA cookie.
189 // Starts a request to get the list of URLs to check for connection info.
190 // Returns token/URL pairs to check, and the resulting status can be given to
191 // /MergeSession requests.
194 // Starts listing any sessions that exist for the IDP. If all requested scopes
195 // have been approved by the session user, then a login hint is included in
196 // the response.
200 // Generates an access token for the session, specifying the scopes and
201 // |login_hint|.
206 // Implementation of net::URLFetcherDelegate
209 // StartClientLogin been called && results not back yet?
212 // Stop any URL fetches in progress.
215 // From a URLFetcher result, generate an appropriate error.
216 // From the API documentation, both IssueAuthToken and ClientLogin have
217 // the same error returns.
223 // ClientLogin body constants that don't change
228 // The format of the POST body for ClientLogin.
230 // The format of said POST body when CAPTCHA token & answer are specified.
232 // The format of the POST body for IssueAuthToken.
234 // The format of the POST body to get OAuth2 auth code from auth token.
236 // The format of the POST body to get OAuth2 auth code from auth token. This
237 // format is used for request annotated with device_id.
239 // The format of the POST body to get OAuth2 token pair from auth code.
241 // The format of the POST body to revoke an OAuth2 token.
243 // The format of the POST body for GetUserInfo.
245 // The format of the POST body for MergeSession.
247 // The format of the URL for UberAuthToken.
249 // The format of the body for OAuthLogin.
252 // Constants for parsing ClientLogin errors.
268 // Constants for parsing ClientOAuth errors.
273 // Constants for request/response for OAuth2 requests.
283 // Process the results of a ClientLogin fetch.
337 // Tokenize the results of a ClientLogin fetch.
349 // Parse ClientLogin to OAuth2 response.
360 // Is this a special case Gaia error for TwoFactor auth?
363 // Is this a special case Gaia error for Less Secure Apps?
366 // Given parameters, create a ClientLogin request body.
374 HostedAccountsSetting allow_hosted_accounts);
375 // Supply the sid / lsid returned from ClientLogin in order to
376 // request a long lived auth token for a service.
380 // Create body to get OAuth2 auth code.
382 // Given auth code, create body to get OAuth2 token pair.
384 // Given an OAuth2 token, create body to revoke the token.
386 // Supply the lsid returned from ClientLogin in order to fetch
387 // user information.
390 // Supply the authentication token returned from StartIssueAuthToken.
408 // Create a fetcher usable for making any Gaia request. |body| is used
409 // as the body of the POST request sent to GAIA. Any strings listed in
410 // |headers| are added as extra HTTP headers in the request.
411 //
412 // |load_flags| are passed to directly to net::URLFetcher::Create() when
413 // creating the URL fetcher.
422 // From a URLFetcher result, generate an appropriate error.
423 // From the API documentation, both IssueAuthToken and ClientLogin have
424 // the same error returns.
429 // These fields are common to GaiaAuthFetcher, same every request.
445 // While a fetch is going on:
447 GURL client_login_to_oauth2_gurl_;
463 ParseClientLoginToOAuth2Response);
471 };