#include "chrome/browser/extensions/api/identity/identity_get_auth_token_function.h"
#include <set>
#include <string_view>
#include <vector>
#include "base/functional/bind.h"
#include "base/location.h"
#include "base/metrics/field_trial_params.h"
#include "base/metrics/histogram_functions.h"
#include "base/notreached.h"
#include "base/strings/strcat.h"
#include "base/time/time.h"
#include "base/trace_event/trace_event.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/extensions/api/identity/identity_api.h"
#include "chrome/browser/extensions/api/identity/identity_get_auth_token_error.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/signin/chrome_device_id_helper.h"
#include "chrome/browser/signin/identity_manager_factory.h"
#include "chrome/browser/signin/signin_ui_util.h"
#include "chrome/common/channel_info.h"
#include "chrome/common/extensions/api/identity.h"
#include "components/prefs/pref_service.h"
#include "components/signin/public/base/consent_level.h"
#include "components/signin/public/base/signin_pref_names.h"
#include "components/signin/public/base/signin_switches.h"
#include "components/signin/public/identity_manager/access_token_info.h"
#include "components/signin/public/identity_manager/account_info.h"
#include "components/signin/public/identity_manager/accounts_in_cookie_jar_info.h"
#include "components/signin/public/identity_manager/scope_set.h"
#include "components/version_info/version_info.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "extensions/common/api/oauth2.h"
#include "extensions/common/manifest_handlers/oauth2_manifest_handler.h"
#include "google_apis/gaia/gaia_auth_util.h"
#include "google_apis/gaia/gaia_urls.h"
#include "google_apis/gaia/oauth2_mint_token_flow.h"
#include "services/network/public/cpp/shared_url_loader_factory.h"
#include "ui/base/idle/idle.h"
#if BUILDFLAG(IS_CHROMEOS)
#include "chrome/browser/policy/chrome_browser_policy_connector.h"
#include "chromeos/components/kiosk/kiosk_utils.h"
#include "chromeos/components/mgs/managed_guest_session_utils.h"
#include "components/account_manager_core/account_manager_util.h"
#include "google_apis/gaia/gaia_constants.h"
#endif
namespace extensions {
namespace {
const char* const kExtensionsIdentityAPIOAuthConsumerName = …;
bool IsBrowserSigninAllowed(Profile* profile) { … }
std::string_view GetOAuth2MintTokenFlowVersion() { … }
std::string_view GetOAuth2MintTokenFlowChannel() { … }
void RecordFunctionResult(const IdentityGetAuthTokenError& error,
bool remote_consent_approved) { … }
bool IsInteractionAllowed(
IdentityGetAuthTokenFunction::InteractivityStatus status) { … }
CoreAccountInfo GetSigninPrimaryAccount(Profile* profile) { … }
}
IdentityGetAuthTokenFunction::IdentityGetAuthTokenFunction() = default;
IdentityGetAuthTokenFunction::~IdentityGetAuthTokenFunction() { … }
ExtensionFunction::ResponseAction IdentityGetAuthTokenFunction::Run() { … }
void IdentityGetAuthTokenFunction::GetAuthTokenForAccount(
const std::string& gaia_id) { … }
void IdentityGetAuthTokenFunction::StartAsyncRun() { … }
void IdentityGetAuthTokenFunction::CompleteAsyncRun(ResponseValue response) { … }
void IdentityGetAuthTokenFunction::CompleteFunctionWithResult(
const std::string& access_token,
const std::set<std::string>& granted_scopes) { … }
void IdentityGetAuthTokenFunction::CompleteFunctionWithError(
const IdentityGetAuthTokenError& error) { … }
bool IdentityGetAuthTokenFunction::ShouldStartSigninFlow() { … }
void IdentityGetAuthTokenFunction::StartSigninFlow() { … }
void IdentityGetAuthTokenFunction::StartMintTokenFlow(
IdentityMintRequestQueue::MintType type) { … }
void IdentityGetAuthTokenFunction::CompleteMintTokenFlow() { … }
void IdentityGetAuthTokenFunction::StartMintToken(
IdentityMintRequestQueue::MintType type) { … }
void IdentityGetAuthTokenFunction::OnMintTokenSuccess(
const OAuth2MintTokenFlow::MintTokenResult& result) { … }
void IdentityGetAuthTokenFunction::OnMintTokenFailure(
const GoogleServiceAuthError& error) { … }
void IdentityGetAuthTokenFunction::OnRemoteConsentSuccess(
const RemoteConsentResolutionData& resolution_data) { … }
void IdentityGetAuthTokenFunction::OnRefreshTokenUpdatedForAccount(
const CoreAccountInfo& account_info) { … }
bool IdentityGetAuthTokenFunction::TryRecoverFromServiceAuthError(
const GoogleServiceAuthError& error) { … }
void IdentityGetAuthTokenFunction::OnPrimaryAccountChanged(
const signin::PrimaryAccountChangeEvent& event_details) { … }
void IdentityGetAuthTokenFunction::SigninFailed() { … }
void IdentityGetAuthTokenFunction::OnGaiaRemoteConsentFlowFailed(
GaiaRemoteConsentFlow::Failure failure) { … }
void IdentityGetAuthTokenFunction::OnGaiaRemoteConsentFlowApproved(
const std::string& consent_result,
const std::string& gaia_id) { … }
void IdentityGetAuthTokenFunction::OnGetAccessTokenComplete(
const std::optional<std::string>& access_token,
base::Time expiration_time,
const GoogleServiceAuthError& error) { … }
#if BUILDFLAG(IS_CHROMEOS)
void IdentityGetAuthTokenFunction::OnAccessTokenForDeviceAccountFetchCompleted(
crosapi::mojom::AccessTokenResultPtr result) {
std::optional<std::string> access_token;
base::Time expiration_time;
GoogleServiceAuthError error = GoogleServiceAuthError::AuthErrorNone();
if (result->is_access_token_info()) {
access_token = result->get_access_token_info()->access_token;
expiration_time = result->get_access_token_info()->expiration_time;
} else {
DCHECK(result->is_error());
error = account_manager::FromMojoGoogleServiceAuthError(result->get_error())
.value_or(GoogleServiceAuthError(
GoogleServiceAuthError::SERVICE_ERROR));
}
device_oauth2_token_fetcher_.reset();
OnGetAccessTokenComplete(access_token, expiration_time, error);
}
#endif
void IdentityGetAuthTokenFunction::OnAccessTokenFetchCompleted(
GoogleServiceAuthError error,
signin::AccessTokenInfo access_token_info) { … }
void IdentityGetAuthTokenFunction::OnIdentityAPIShutdown() { … }
#if BUILDFLAG(IS_CHROMEOS)
void IdentityGetAuthTokenFunction::StartDeviceAccessTokenRequest() {
device_oauth2_token_fetcher_ = std::make_unique<DeviceOAuth2TokenFetcher>();
device_oauth2_token_fetcher_->FetchAccessTokenForDeviceAccount(
{GaiaConstants::kAnyApiOAuth2Scope},
base::BindOnce(&IdentityGetAuthTokenFunction::
OnAccessTokenForDeviceAccountFetchCompleted,
base::Unretained(this)));
}
#endif
void IdentityGetAuthTokenFunction::StartTokenKeyAccountAccessTokenRequest() { … }
void IdentityGetAuthTokenFunction::StartGaiaRequest(
const std::string& login_access_token) { … }
#if BUILDFLAG(ENABLE_DICE_SUPPORT)
void IdentityGetAuthTokenFunction::MaybeShowChromeSigninDialog() { … }
void IdentityGetAuthTokenFunction::OnChromeSigninDialogDestroyed() { … }
#endif
void IdentityGetAuthTokenFunction::ShowExtensionLoginPrompt() { … }
void IdentityGetAuthTokenFunction::ShowRemoteConsentDialog(
const RemoteConsentResolutionData& resolution_data) { … }
std::unique_ptr<OAuth2MintTokenFlow>
IdentityGetAuthTokenFunction::CreateMintTokenFlow() { … }
bool IdentityGetAuthTokenFunction::HasRefreshTokenForTokenKeyAccount() const { … }
std::string IdentityGetAuthTokenFunction::GetOAuth2ClientId() const { … }
bool IdentityGetAuthTokenFunction::IsPrimaryAccountOnly() const { … }
Profile* IdentityGetAuthTokenFunction::GetProfile() const { … }
bool IdentityGetAuthTokenFunction::enable_granular_permissions() const { … }
std::string IdentityGetAuthTokenFunction::GetSelectedUserId() const { … }
void IdentityGetAuthTokenFunction::ComputeInteractivityStatus(
const std::optional<api::identity::TokenDetails>& details) { … }
IdentityGetAuthTokenError
IdentityGetAuthTokenFunction::GetErrorFromInteractivityStatus(
InteractionType interaction_type) const { … }
}