chrome/common/net/gaia/oauth2_mint_token_flow.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_COMMON_NET_GAIA_OAUTH2_MINT_TOKEN_FLOW_H_
#define CHROME_COMMON_NET_GAIA_OAUTH2_MINT_TOKEN_FLOW_H_

#include <string>

#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "chrome/common/net/gaia/oauth2_access_token_consumer.h"
#include "chrome/common/net/gaia/oauth2_access_token_fetcher.h"
#include "chrome/common/net/gaia/oauth2_mint_token_consumer.h"
#include "chrome/common/net/gaia/oauth2_mint_token_fetcher.h"

class GoogleServiceAuthError;
class OAuth2MintTokenFlowTest;

namespace net {
class URLRequestContextGetter;
}

// This class implements the OAuth2 flow to Google to mint an OAuth2
// token for the given client and the given set of scopes from the
// OAuthLogin scoped "master" OAuth2 token for the user logged in to
// Chrome.
class OAuth2MintTokenFlow
    : public OAuth2AccessTokenConsumer,
      public OAuth2MintTokenConsumer {
 public:
  class Delegate {
   public:
    virtual void OnMintTokenSuccess(const std::string& access_token) { }
    virtual void OnMintTokenFailure(const GoogleServiceAuthError& error) { }
  };

  // An interceptor for tests.
  class InterceptorForTests {
   public:
    // Returns true if the success callback should be called and false for
    // failures.
    virtual bool DoIntercept(const OAuth2MintTokenFlow* flow,
                             std::string* access_token,
                             GoogleServiceAuthError* error) = 0;
  };
  static void SetInterceptorForTests(InterceptorForTests* interceptor);

  OAuth2MintTokenFlow(net::URLRequestContextGetter* context,
                      Delegate* delegate);
  virtual ~OAuth2MintTokenFlow();

  // Start the process to mint a token.
  void Start(const std::string& login_refresh_token,
             const std::string& extension_id,
             const std::string& client_id,
             const std::vector<std::string>& scopes);

  // OAuth2AccessTokenConsumer implementation.
  virtual void OnGetTokenSuccess(const std::string& access_token) OVERRIDE;
  virtual void OnGetTokenFailure(const GoogleServiceAuthError& error) OVERRIDE;
  // OAuth2MintTokenConsumer implementation.
  virtual void OnMintTokenSuccess(const std::string& access_token) OVERRIDE;
  virtual void OnMintTokenFailure(const GoogleServiceAuthError& error) OVERRIDE;

  // Getters for various members.
  const std::string& extension_id() const { return extension_id_; }
  const std::string& client_id() const { return client_id_; }

 protected:
  // Helper to create an instance of access token fetcher.
  // Caller owns the returned instance.
  virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher();

  // Helper to create an instance of mint token fetcher.
  // Caller owns the returned instance.
  virtual OAuth2MintTokenFetcher* CreateMintTokenFetcher();

 private:
  // The steps this class performs are:
  // 1. Create a login scoped access token from login scoped refresh token.
  // 2. Use login scoped access token to call the API to mint an access token
  //    for the app.
  enum State {
    INITIAL,
    FETCH_LOGIN_ACCESS_TOKEN_STARTED,
    FETCH_LOGIN_ACCESS_TOKEN_DONE,
    MINT_ACCESS_TOKEN_STARTED,
    MINT_ACCESS_TOKEN_DONE,
    ERROR_STATE
  };

  enum SetupError {
    NONE,
    AUTH_ERROR,
    INTERNAL_ERROR,
    USER_CANCELLED,

    // This is used for histograms, and should always be the last value.
    SETUP_ERROR_BOUNDARY
  };

  friend class OAuth2MintTokenFlowTest;

  // Creates an instance of URLFetcher that does not send or save cookies.
  // The URLFether's method will be GET if body is empty, POST otherwise.
  // Caller owns the returned instance.
  content::URLFetcher* CreateURLFetcher(
      const GURL& url, const std::string& body, const std::string& auth_token);
  void BeginGetLoginAccessToken();
  void EndGetLoginAccessToken(const GoogleServiceAuthError* error);
  void BeginMintAccessToken();
  void EndMintAccessToken(const GoogleServiceAuthError* error);

  void ReportSuccess();
  void ReportFailure(const GoogleServiceAuthError& error);

  static std::string GetErrorString(SetupError error);

  net::URLRequestContextGetter* context_;
  Delegate* delegate_;
  State state_;

  std::string login_refresh_token_;
  std::string extension_id_;
  std::string client_id_;
  std::vector<std::string> scopes_;

  scoped_ptr<OAuth2AccessTokenFetcher> oauth2_access_token_fetcher_;
  scoped_ptr<OAuth2MintTokenFetcher> oauth2_mint_token_fetcher_;
  std::string login_access_token_;
  std::string app_access_token_;

  DISALLOW_COPY_AND_ASSIGN(OAuth2MintTokenFlow);
};

#endif  // CHROME_COMMON_NET_GAIA_OAUTH2_MINT_TOKEN_FLOW_H_