1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.h"
7 #include "chrome/browser/chrome_notification_types.h"
8 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
9 #include "chrome/browser/signin/profile_oauth2_token_service.h"
10 #include "components/policy/core/common/cloud/cloud_policy_core.h"
11 #include "content/public/browser/notification_source.h"
12 #include "google_apis/gaia/gaia_constants.h"
13 #include "google_apis/gaia/gaia_urls.h"
17 UserCloudPolicyTokenForwarder::UserCloudPolicyTokenForwarder(
18 UserCloudPolicyManagerChromeOS* manager,
19 ProfileOAuth2TokenService* token_service)
20 : OAuth2TokenService::Consumer("policy_token_forwarder"),
22 token_service_(token_service) {
23 // Start by waiting for the CloudPolicyService to be initialized, so that
24 // we can check if it already has a DMToken or not.
25 if (manager_->core()->service()->IsInitializationComplete()) {
28 manager_->core()->service()->AddObserver(this);
32 UserCloudPolicyTokenForwarder::~UserCloudPolicyTokenForwarder() {}
34 void UserCloudPolicyTokenForwarder::Shutdown() {
36 token_service_->RemoveObserver(this);
37 manager_->core()->service()->RemoveObserver(this);
40 void UserCloudPolicyTokenForwarder::OnRefreshTokenAvailable(
41 const std::string& account_id) {
45 void UserCloudPolicyTokenForwarder::OnGetTokenSuccess(
46 const OAuth2TokenService::Request* request,
47 const std::string& access_token,
48 const base::Time& expiration_time) {
49 manager_->OnAccessTokenAvailable(access_token);
54 void UserCloudPolicyTokenForwarder::OnGetTokenFailure(
55 const OAuth2TokenService::Request* request,
56 const GoogleServiceAuthError& error) {
57 // This should seldom happen: if the user is signing in for the first time
58 // then this was an online signin and network errors are unlikely; if the
59 // user had already signed in before then he should have policy cached, and
60 // RequestAccessToken() wouldn't have been invoked.
61 // Still, something just went wrong (server 500, or something). Currently
62 // we don't recover in this case, and we'll just try to register for policy
63 // again on the next signin.
64 // TODO(joaodasilva, atwilson): consider blocking signin when this happens,
65 // so that the user has to try again before getting into the session. That
66 // would guarantee that a session always has fresh policy, or at least
67 // enforces a cached policy.
71 void UserCloudPolicyTokenForwarder::OnInitializationCompleted(
72 CloudPolicyService* service) {
76 void UserCloudPolicyTokenForwarder::Initialize() {
77 // TODO(mnissler): Once a better way to reconfirm whether a user is on the
78 // login whitelist is available, there is no reason to fetch the OAuth2 token
79 // here if the client is already registered, so check and bail out here.
81 if (token_service_->RefreshTokenIsAvailable(
82 token_service_->GetPrimaryAccountId()))
85 token_service_->AddObserver(this);
88 void UserCloudPolicyTokenForwarder::RequestAccessToken() {
89 OAuth2TokenService::ScopeSet scopes;
90 scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);
91 scopes.insert(GaiaUrls::GetInstance()->oauth_wrap_bridge_user_info_scope());
92 request_ = token_service_->StartRequest(
93 token_service_->GetPrimaryAccountId(), scopes, this);