// Use the <code>chrome.identity</code> API to get OAuth2 access tokens.
namespace identity {
+ dictionary AccountInfo {
+ // A unique identifier for the account. This ID will not change
+ // for the lifetime of the account.
+ DOMString id;
+ };
+
+ dictionary ProfileUserInfo {
+ // An email address for the user account signed into the current
+ // profile. Empty if the user is not signed in.
+ DOMString email;
+
+ // A unique identifier for the account. This ID will not change
+ // for the lifetime of the account. Empty if the user is not
+ // signed in.
+ DOMString id;
+ };
+
dictionary TokenDetails {
// Fetching a token may require the user to sign-in to Chrome, or
// approve the application's requested scopes. If the interactive
// <code>false</code> or omitted, <code>getAuthToken</code> will
// return failure any time a prompt would be required.
boolean? interactive;
+
+ // The account ID whose token should be returned. If not
+ // specified, the primary account for the profile will be used.
+ //
+ // <code>account</code> is only supported when the
+ // "enable-new-profile-management" flag is set.
+ AccountInfo? account;
+
+ // A list of OAuth2 scopes to request.
+ //
+ // When the <code>scopes</code> field is present, it overrides the
+ // list of scopes specified in manifest.json.
+ DOMString[]? scopes;
};
dictionary InvalidTokenDetails {
boolean? interactive;
};
- dictionary AccountInfo {
- // A unique identifier for the account. This ID will not change
- // for the lifetime of the account.
- DOMString id;
- };
-
callback GetAuthTokenCallback = void (optional DOMString token);
+ callback GetAccountsCallback = void (AccountInfo[] accounts);
+ callback GetProfileUserInfoCallback = void (ProfileUserInfo userInfo);
callback InvalidateAuthTokenCallback = void ();
callback LaunchWebAuthFlowCallback = void (optional DOMString responseUrl);
interface Functions {
+ // Retrieves a list of AccountInfo objects describing the accounts
+ // present on the profile.
+ //
+ // <code>getAccounts</code> is only supported on dev channel.
+ static void getAccounts(GetAccountsCallback callback);
+
// Gets an OAuth2 access token using the client ID and scopes
// specified in the <a
// href="app_identity.html#update_manifest"><code>oauth2</code>
// section of manifest.json</a>.
//
// The Identity API caches access tokens in memory, so it's ok to
- // call <code>getAuthToken</code> any time a token is
+ // call <code>getAuthToken</code> non-interactively any time a token is
// required. The token cache automatically handles expiration.
//
+ // For a good user experience it is important interactive token requests are
+ // initiated by UI in your app explaining what the authorization is for.
+ // Failing to do this will cause your users to get authorization requests,
+ // or Chrome sign in screens if they are not signed in, with with no
+ // context. In particular, do not use <code>getAuthToken</code>
+ // interactively when your app is first launched.
+ //
// |details| : Token options.
// |callback| : Called with an OAuth2 access token as specified by the
// manifest, or undefined if there was an error.
static void getAuthToken(optional TokenDetails details,
GetAuthTokenCallback callback);
+ // Retrieves email address and obfuscated gaia id of the user
+ // signed into a profile.
+ //
+ // This API is different from identity.getAccounts in two
+ // ways. The information returned is available offline, and it
+ // only applies to the primary account for the profile.
+ static void getProfileUserInfo(GetProfileUserInfoCallback callback);
+
// Removes an OAuth2 access token from the Identity API's token cache.
//
// If an access token is discovered to be invalid, it should be
// window will close, and the final redirect URL will be passed to
// the <var>callback</var> function.
//
+ // For a good user experience it is important interactive auth flows are
+ // initiated by UI in your app explaining what the authorization is for.
+ // Failing to do this will cause your users to get authorization requests
+ // with no context. In particular, do not launch an interactive auth flow
+ // when your app is first launched.
+ //
// |details| : WebAuth flow options.
// |callback| : Called with the URL redirected back to your application.
static void launchWebAuthFlow(WebAuthFlowDetails details,