Webapp changes to support third party authentication

This uses an OAuth flow on the server to fetch the token and shared secret. There are two implementations for this:

* The current one manually opens a tab and asks for a redirect to a blank page in talkgadget, which we content-script to sendmessage the token/secret back to the extension (fairly similar to our OAuth trampoline)

* Once we're running on appsv2, and identity is out of experimental, we can use launchWebAuthFlow to do this.

This includes an interstitial to ask for an optional permission to the given host. The window.open method doesn't actually need this, but the identity API one does, so I thought I'd leave it in to make its behavior match closely the one of the identity API, which is the one we'll use in the future.

Most of the code is shared between these two versions, the only different pieces are the mechanics to open the window/launchWebFlow, and to send the redirectedUrl back to the webapp for parsing.

BUG=115899

Review URL: https://chromiumcodereview.appspot.com/12905012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@196580 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 32 insertions, 0 deletions

diff --git a/remoting/webapp/client_plugin_async.js b/remoting/webapp/client_plugin_async.js
index 71ec21f..788b49a 100644
--- a/remoting/webapp/client_plugin_async.js
+++ b/remoting/webapp/client_plugin_async.js
@@ -40,6 +40,13 @@ remoting.ClientPluginAsync = function(plugin) {
   this.onConnectionStatusUpdateHandler = function(state, error) {};
   /** @param {boolean} ready Connection ready state. */
   this.onConnectionReadyHandler = function(ready) {};
+  /**
+   * @param {string} tokenUrl Token-request URL, received from the host.
+   * @param {string} hostPublicKey Public key for the host.
+   * @param {string} scope OAuth scope to request the token for.
+   */
+  this.fetchThirdPartyTokenHandler = function(
+    tokenUrl, hostPublicKey, scope) {};
   this.onDesktopSizeUpdateHandler = function () {};
   /** @param {!Array.<string>} capabilities The negotiated capabilities. */
   this.onSetCapabilitiesHandler = function (capabilities) {};
@@ -266,6 +273,18 @@ remoting.ClientPluginAsync.prototype.handleMessage_ = function(messageStr) {
     /** @type {!Array.<string>} */
     var capabilities = tokenize(message.data['capabilities']);
     this.onSetCapabilitiesHandler(capabilities);
+  } else if (message.method == 'fetchThirdPartyToken') {
+    if (typeof message.data['tokenUrl'] != 'string' ||
+        typeof message.data['hostPublicKey'] != 'string' ||
+        typeof message.data['scope'] != 'string') {
+      console.error('Received incorrect fetchThirdPartyToken message.');
+      return;
+    }
+    var tokenUrl = /** @type {string} */ message.data['tokenUrl'];
+    var hostPublicKey =
+        /** @type {string} */ message.data['hostPublicKey'];
+    var scope = /** @type {string} */ message.data['scope'];
+    this.fetchThirdPartyTokenHandler(tokenUrl, hostPublicKey, scope);
   }
 };
 
@@ -523,6 +542,19 @@ remoting.ClientPluginAsync.prototype.useAsyncPinDialog =
 };
 
 /**
+ * Sets the third party authentication token and shared secret.
+ *
+ * @param {string} token The token received from the token URL.
+ * @param {string} sharedSecret Shared secret received from the token URL.
+ */
+remoting.ClientPluginAsync.prototype.onThirdPartyTokenFetched = function(
+    token, sharedSecret) {
+  this.plugin.postMessage(JSON.stringify(
+    { method: 'onThirdPartyTokenFetched',
+      data: { token: token, sharedSecret: sharedSecret}}));
+};
+
+/**
  * If we haven't yet received a "hello" message from the plugin, change its
  * size so that the user can confirm it if click-to-play is enabled, or can
  * see the "this plugin is disabled" message if it is actually disabled.