1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/host/oauth_token_getter.h"
8 #include "base/callback.h"
9 #include "base/strings/string_util.h"
10 #include "google_apis/google_api_keys.h"
11 #include "net/url_request/url_request_context_getter.h"
12 #include "remoting/base/logging.h"
18 // Maximum number of retries on network/500 errors.
19 const int kMaxRetries = 3;
21 // Time when we we try to update OAuth token before its expiration.
22 const int kTokenUpdateTimeBeforeExpirySeconds = 60;
26 OAuthTokenGetter::OAuthCredentials::OAuthCredentials(
27 const std::string& login,
28 const std::string& refresh_token,
29 bool is_service_account)
31 refresh_token(refresh_token),
32 is_service_account(is_service_account) {
35 OAuthTokenGetter::OAuthTokenGetter(
36 scoped_ptr<OAuthCredentials> oauth_credentials,
37 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter)
38 : oauth_credentials_(oauth_credentials.Pass()),
40 new gaia::GaiaOAuthClient(url_request_context_getter)),
41 url_request_context_getter_(url_request_context_getter),
42 refreshing_oauth_token_(false) {
45 OAuthTokenGetter::~OAuthTokenGetter() {}
47 void OAuthTokenGetter::OnGetTokensResponse(const std::string& user_email,
48 const std::string& access_token,
49 int expires_seconds) {
53 void OAuthTokenGetter::OnRefreshTokenResponse(
54 const std::string& access_token,
55 int expires_seconds) {
56 DCHECK(CalledOnValidThread());
57 DCHECK(oauth_credentials_.get());
58 HOST_LOG << "Received OAuth token.";
60 oauth_access_token_ = access_token;
61 auth_token_expiry_time_ = base::Time::Now() +
62 base::TimeDelta::FromSeconds(expires_seconds) -
63 base::TimeDelta::FromSeconds(kTokenUpdateTimeBeforeExpirySeconds);
65 gaia_oauth_client_->GetUserEmail(access_token, kMaxRetries, this);
68 void OAuthTokenGetter::OnGetUserEmailResponse(const std::string& user_email) {
69 DCHECK(CalledOnValidThread());
70 DCHECK(oauth_credentials_.get());
71 HOST_LOG << "Received user info.";
73 if (user_email != oauth_credentials_->login) {
74 LOG(ERROR) << "OAuth token and email address do not refer to "
80 refreshing_oauth_token_ = false;
82 // Now that we've refreshed the token and verified that it's for the correct
83 // user account, try to connect using the new token.
84 NotifyCallbacks(OAuthTokenGetter::SUCCESS, user_email, oauth_access_token_);
87 void OAuthTokenGetter::NotifyCallbacks(Status status,
88 const std::string& user_email,
89 const std::string& access_token) {
90 std::queue<TokenCallback> callbacks(pending_callbacks_);
91 pending_callbacks_ = std::queue<TokenCallback>();
93 while (!callbacks.empty()) {
94 callbacks.front().Run(status, user_email, access_token);
99 void OAuthTokenGetter::OnOAuthError() {
100 DCHECK(CalledOnValidThread());
101 LOG(ERROR) << "OAuth: invalid credentials.";
102 refreshing_oauth_token_ = false;
103 NotifyCallbacks(OAuthTokenGetter::AUTH_ERROR, std::string(), std::string());
106 void OAuthTokenGetter::OnNetworkError(int response_code) {
107 DCHECK(CalledOnValidThread());
108 LOG(ERROR) << "Network error when trying to update OAuth token: "
110 refreshing_oauth_token_ = false;
112 OAuthTokenGetter::NETWORK_ERROR, std::string(), std::string());
115 void OAuthTokenGetter::CallWithToken(const TokenCallback& on_access_token) {
116 DCHECK(CalledOnValidThread());
117 bool need_new_auth_token = oauth_credentials_.get() &&
118 (auth_token_expiry_time_.is_null() ||
119 base::Time::Now() >= auth_token_expiry_time_);
120 if (need_new_auth_token) {
121 pending_callbacks_.push(on_access_token);
122 if (!refreshing_oauth_token_)
126 SUCCESS, oauth_credentials_->login, oauth_access_token_);
130 void OAuthTokenGetter::RefreshOAuthToken() {
131 DCHECK(CalledOnValidThread());
132 HOST_LOG << "Refreshing OAuth token.";
133 DCHECK(!refreshing_oauth_token_);
135 // Service accounts use different API keys, as they use the client app flow.
136 google_apis::OAuth2Client oauth2_client =
137 oauth_credentials_->is_service_account ?
138 google_apis::CLIENT_REMOTING_HOST : google_apis::CLIENT_REMOTING;
140 gaia::OAuthClientInfo client_info = {
141 google_apis::GetOAuth2ClientID(oauth2_client),
142 google_apis::GetOAuth2ClientSecret(oauth2_client),
143 // Redirect URL is only used when getting tokens from auth code. It
144 // is not required when getting access tokens.
148 refreshing_oauth_token_ = true;
149 std::vector<std::string> empty_scope_list; // Use scope from refresh token.
150 gaia_oauth_client_->RefreshToken(
151 client_info, oauth_credentials_->refresh_token, empty_scope_list,
155 } // namespace remoting