1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "google_apis/gaia/gaia_oauth_client.h"
7 #include "base/json/json_reader.h"
8 #include "base/logging.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/strings/string_util.h"
11 #include "base/values.h"
12 #include "google_apis/gaia/gaia_urls.h"
13 #include "net/base/escape.h"
14 #include "net/base/load_flags.h"
15 #include "net/http/http_status_code.h"
16 #include "net/url_request/url_fetcher.h"
17 #include "net/url_request/url_fetcher_delegate.h"
18 #include "net/url_request/url_request_context_getter.h"
22 const char kAccessTokenValue[] = "access_token";
23 const char kRefreshTokenValue[] = "refresh_token";
24 const char kExpiresInValue[] = "expires_in";
29 // Use a non-zero number, so unit tests can differentiate the URLFetcher used by
30 // this class from other fetchers (most other code just hardcodes the ID to 0).
31 const int GaiaOAuthClient::kUrlFetcherId = 17109006;
33 class GaiaOAuthClient::Core
34 : public base::RefCountedThreadSafe<GaiaOAuthClient::Core>,
35 public net::URLFetcherDelegate {
37 Core(net::URLRequestContextGetter* request_context_getter)
39 request_context_getter_(request_context_getter),
41 request_type_(NO_PENDING_REQUEST) {
44 void GetTokensFromAuthCode(const OAuthClientInfo& oauth_client_info,
45 const std::string& auth_code,
47 GaiaOAuthClient::Delegate* delegate);
48 void RefreshToken(const OAuthClientInfo& oauth_client_info,
49 const std::string& refresh_token,
50 const std::vector<std::string>& scopes,
52 GaiaOAuthClient::Delegate* delegate);
53 void GetUserEmail(const std::string& oauth_access_token,
56 void GetUserId(const std::string& oauth_access_token,
59 void GetUserInfo(const std::string& oauth_access_token,
62 void GetTokenInfo(const std::string& oauth_access_token,
66 // net::URLFetcherDelegate implementation.
67 virtual void OnURLFetchComplete(const net::URLFetcher* source) OVERRIDE;
70 friend class base::RefCountedThreadSafe<Core>;
74 TOKENS_FROM_AUTH_CODE,
84 void PeopleGet(const std::string& oauth_access_token,
87 void MakeGaiaRequest(const GURL& url,
88 const std::string& post_body,
90 GaiaOAuthClient::Delegate* delegate);
91 void HandleResponse(const net::URLFetcher* source,
92 bool* should_retry_request);
95 scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
96 GaiaOAuthClient::Delegate* delegate_;
97 scoped_ptr<net::URLFetcher> request_;
98 RequestType request_type_;
101 void GaiaOAuthClient::Core::GetTokensFromAuthCode(
102 const OAuthClientInfo& oauth_client_info,
103 const std::string& auth_code,
105 GaiaOAuthClient::Delegate* delegate) {
106 DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
107 request_type_ = TOKENS_FROM_AUTH_CODE;
108 std::string post_body =
109 "code=" + net::EscapeUrlEncodedData(auth_code, true) +
110 "&client_id=" + net::EscapeUrlEncodedData(oauth_client_info.client_id,
113 net::EscapeUrlEncodedData(oauth_client_info.client_secret, true) +
115 net::EscapeUrlEncodedData(oauth_client_info.redirect_uri, true) +
116 "&grant_type=authorization_code";
117 MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_url()),
118 post_body, max_retries, delegate);
121 void GaiaOAuthClient::Core::RefreshToken(
122 const OAuthClientInfo& oauth_client_info,
123 const std::string& refresh_token,
124 const std::vector<std::string>& scopes,
126 GaiaOAuthClient::Delegate* delegate) {
127 DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
128 request_type_ = REFRESH_TOKEN;
129 std::string post_body =
130 "refresh_token=" + net::EscapeUrlEncodedData(refresh_token, true) +
131 "&client_id=" + net::EscapeUrlEncodedData(oauth_client_info.client_id,
134 net::EscapeUrlEncodedData(oauth_client_info.client_secret, true) +
135 "&grant_type=refresh_token";
137 if (!scopes.empty()) {
138 std::string scopes_string = JoinString(scopes, ' ');
139 post_body += "&scope=" + net::EscapeUrlEncodedData(scopes_string, true);
142 MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_url()),
143 post_body, max_retries, delegate);
146 void GaiaOAuthClient::Core::GetUserEmail(const std::string& oauth_access_token,
148 Delegate* delegate) {
149 DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
150 DCHECK(!request_.get());
151 request_type_ = USER_EMAIL;
152 PeopleGet(oauth_access_token, max_retries, delegate);
155 void GaiaOAuthClient::Core::GetUserId(const std::string& oauth_access_token,
157 Delegate* delegate) {
158 DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
159 DCHECK(!request_.get());
160 request_type_ = USER_ID;
161 PeopleGet(oauth_access_token, max_retries, delegate);
164 void GaiaOAuthClient::Core::GetUserInfo(const std::string& oauth_access_token,
166 Delegate* delegate) {
167 DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
168 DCHECK(!request_.get());
169 request_type_ = USER_INFO;
170 PeopleGet(oauth_access_token, max_retries, delegate);
173 void GaiaOAuthClient::Core::PeopleGet(const std::string& oauth_access_token,
175 Delegate* delegate) {
176 delegate_ = delegate;
178 request_.reset(net::URLFetcher::Create(
179 kUrlFetcherId, GURL(GaiaUrls::GetInstance()->people_get_url()),
180 net::URLFetcher::GET, this));
181 request_->SetRequestContext(request_context_getter_.get());
182 request_->AddExtraRequestHeader("Authorization: OAuth " + oauth_access_token);
183 request_->SetMaxRetriesOn5xx(max_retries);
184 request_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
185 net::LOAD_DO_NOT_SAVE_COOKIES);
187 // Fetchers are sometimes cancelled because a network change was detected,
188 // especially at startup and after sign-in on ChromeOS. Retrying once should
189 // be enough in those cases; let the fetcher retry up to 3 times just in case.
190 // http://crbug.com/163710
191 request_->SetAutomaticallyRetryOnNetworkChanges(3);
195 void GaiaOAuthClient::Core::GetTokenInfo(const std::string& oauth_access_token,
197 Delegate* delegate) {
198 DCHECK_EQ(request_type_, NO_PENDING_REQUEST);
199 DCHECK(!request_.get());
200 request_type_ = TOKEN_INFO;
201 std::string post_body =
202 "access_token=" + net::EscapeUrlEncodedData(oauth_access_token, true);
203 MakeGaiaRequest(GURL(GaiaUrls::GetInstance()->oauth2_token_info_url()),
209 void GaiaOAuthClient::Core::MakeGaiaRequest(
211 const std::string& post_body,
213 GaiaOAuthClient::Delegate* delegate) {
214 DCHECK(!request_.get()) << "Tried to fetch two things at once!";
215 delegate_ = delegate;
217 request_.reset(net::URLFetcher::Create(
218 kUrlFetcherId, url, net::URLFetcher::POST, this));
219 request_->SetRequestContext(request_context_getter_.get());
220 request_->SetUploadData("application/x-www-form-urlencoded", post_body);
221 request_->SetMaxRetriesOn5xx(max_retries);
222 request_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
223 net::LOAD_DO_NOT_SAVE_COOKIES);
224 // See comment on SetAutomaticallyRetryOnNetworkChanges() above.
225 request_->SetAutomaticallyRetryOnNetworkChanges(3);
229 // URLFetcher::Delegate implementation.
230 void GaiaOAuthClient::Core::OnURLFetchComplete(
231 const net::URLFetcher* source) {
232 bool should_retry = false;
233 HandleResponse(source, &should_retry);
235 // Explicitly call ReceivedContentWasMalformed() to ensure the current
236 // request gets counted as a failure for calculation of the back-off
237 // period. If it was already a failure by status code, this call will
239 request_->ReceivedContentWasMalformed();
241 // We must set our request_context_getter_ again because
242 // URLFetcher::Core::RetryOrCompleteUrlFetch resets it to NULL...
243 request_->SetRequestContext(request_context_getter_.get());
248 void GaiaOAuthClient::Core::HandleResponse(
249 const net::URLFetcher* source,
250 bool* should_retry_request) {
251 // Move ownership of the request fetcher into a local scoped_ptr which
252 // will be nuked when we're done handling the request, unless we need
253 // to retry, in which case ownership will be returned to request_.
254 scoped_ptr<net::URLFetcher> old_request = request_.Pass();
255 DCHECK_EQ(source, old_request.get());
257 // HTTP_BAD_REQUEST means the arguments are invalid. HTTP_UNAUTHORIZED means
258 // the access or refresh token is invalid. No point retrying. We are
260 int response_code = source->GetResponseCode();
261 if (response_code == net::HTTP_BAD_REQUEST ||
262 response_code == net::HTTP_UNAUTHORIZED) {
263 delegate_->OnOAuthError();
267 scoped_ptr<base::DictionaryValue> response_dict;
268 if (source->GetResponseCode() == net::HTTP_OK) {
270 source->GetResponseAsString(&data);
271 scoped_ptr<base::Value> message_value(base::JSONReader::Read(data));
272 if (message_value.get() &&
273 message_value->IsType(base::Value::TYPE_DICTIONARY)) {
275 static_cast<base::DictionaryValue*>(message_value.release()));
279 if (!response_dict.get()) {
280 // If we don't have an access token yet and the the error was not
281 // RC_BAD_REQUEST, we may need to retry.
282 if ((source->GetMaxRetriesOn5xx() != -1) &&
283 (num_retries_ >= source->GetMaxRetriesOn5xx())) {
284 // Retry limit reached. Give up.
285 delegate_->OnNetworkError(source->GetResponseCode());
287 request_ = old_request.Pass();
288 *should_retry_request = true;
293 RequestType type = request_type_;
294 request_type_ = NO_PENDING_REQUEST;
298 // Use first email of type "account" as the user's email.
299 const base::ListValue* emails_list;
300 bool email_found = false;
301 if (response_dict->GetList("emails", &emails_list)) {
302 for (size_t i = 0; i < emails_list->GetSize(); ++i) {
303 const base::DictionaryValue* email_dict;
304 if (emails_list->GetDictionary(i, &email_dict)) {
307 if (email_dict->GetString("type", &type) &&
309 email_dict->GetString("value", &email)) {
310 delegate_->OnGetUserEmailResponse(email);
318 delegate_->OnNetworkError(net::URLFetcher::RESPONSE_CODE_INVALID);
324 response_dict->GetString("id", &id);
325 delegate_->OnGetUserIdResponse(id);
330 delegate_->OnGetUserInfoResponse(response_dict.Pass());
335 delegate_->OnGetTokenInfoResponse(response_dict.Pass());
339 case TOKENS_FROM_AUTH_CODE:
340 case REFRESH_TOKEN: {
341 std::string access_token;
342 std::string refresh_token;
343 int expires_in_seconds = 0;
344 response_dict->GetString(kAccessTokenValue, &access_token);
345 response_dict->GetString(kRefreshTokenValue, &refresh_token);
346 response_dict->GetInteger(kExpiresInValue, &expires_in_seconds);
348 if (access_token.empty()) {
349 delegate_->OnOAuthError();
353 if (type == REFRESH_TOKEN) {
354 delegate_->OnRefreshTokenResponse(access_token, expires_in_seconds);
356 delegate_->OnGetTokensResponse(refresh_token,
368 GaiaOAuthClient::GaiaOAuthClient(net::URLRequestContextGetter* context_getter) {
369 core_ = new Core(context_getter);
372 GaiaOAuthClient::~GaiaOAuthClient() {
375 void GaiaOAuthClient::GetTokensFromAuthCode(
376 const OAuthClientInfo& oauth_client_info,
377 const std::string& auth_code,
379 Delegate* delegate) {
380 return core_->GetTokensFromAuthCode(oauth_client_info,
386 void GaiaOAuthClient::RefreshToken(
387 const OAuthClientInfo& oauth_client_info,
388 const std::string& refresh_token,
389 const std::vector<std::string>& scopes,
391 Delegate* delegate) {
392 return core_->RefreshToken(oauth_client_info,
399 void GaiaOAuthClient::GetUserEmail(const std::string& access_token,
401 Delegate* delegate) {
402 return core_->GetUserEmail(access_token, max_retries, delegate);
405 void GaiaOAuthClient::GetUserId(const std::string& access_token,
407 Delegate* delegate) {
408 return core_->GetUserId(access_token, max_retries, delegate);
411 void GaiaOAuthClient::GetUserInfo(const std::string& access_token,
413 Delegate* delegate) {
414 return core_->GetUserInfo(access_token, max_retries, delegate);
417 void GaiaOAuthClient::GetTokenInfo(const std::string& access_token,
419 Delegate* delegate) {
420 return core_->GetTokenInfo(access_token, max_retries, delegate);