mojo/services/authentication/interfaces/authentication.mojom - Issue 1466733002: Google OAuth Device Flow support for FNL

Side by Side Diff: mojo/services/authentication/interfaces/authentication.mojom

Issue 1466733002: Google OAuth Device Flow support for FNL (Closed) Base URL: https://github.com/domokit/mojo.git@master

Patch Set: updated demo namespaces Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « mojo/data_pipe_utils/data_pipe_utils.cc ('k') | services/BUILD.gn » ('j') | services/authentication/accounts_db_manager.h » ('J')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 [DartPackage="mojo_services", JavaPackage="org.chromium.mojo.authentication"]	5 [DartPackage="mojo_services", JavaPackage="org.chromium.mojo.authentication"]

6 module authentication;	6 module authentication;

7	7

8 // Interface to handle user identity and authentication tokens.	8 // Interface to handle user identity and authentication tokens.

9 // TODO(qsr): This API only handles google accounts at this time. It will need	9 // TODO(qsr): This API only handles google accounts at this time. It will need

10 // to be extended to allow generic account manager on the platform.	10 // to be extended to allow generic account manager on the platform.

11 [ServiceName="authentication::AuthenticationService"]	11 [ServiceName="authentication::AuthenticationService"]

12 interface AuthenticationService {	12 interface AuthenticationService {

13 // Requests a Google account to use. In case of success, error will be null.	13 // Requests a Google account to use. In case of success, error will be null.

14 // In case of error, username will be null and error will contain a	14 // In case of error, username will be null and error will contain a

15 // description of the error. If \|return_last_selected\| is true and the client	15 // description of the error. If \|return_last_selected\| is true and the client

16 // application already selected an account, the same account will be returned	16 // application already selected an account, the same account will be returned

17 // without user intervention.	17 // without user intervention.

18 SelectAccount(bool return_last_selected) => (string? username, string? error);	18 SelectAccount(bool return_last_selected) => (string? username, string? error);

19	19

20 // Requests an oauth2 token for the given Google account with the given	20 // Requests an oauth2 token for the given Google account with the given

21 // scopes. In case of error, username will be null and error will contain a	21 // scopes. In case of error, token will be null and error will contain a

22 // description of the error.	22 // description of the error.

23 GetOAuth2Token(string username, array<string> scopes) =>	23 GetOAuth2Token(string username, array<string> scopes) =>
	jln (very slow on Chromium) 2015/12/08 22:27:29 Meta-remark (not for this CL): should the scopes r Meta-remark (not for this CL): should the scopes really be strings? I wonder if we shouldn't give them their own type with some checking etc.. ukode 2015/12/16 19:24:12 OAuth scopes are in general strings, so most of Go Show quoted text On 2015/12/08 22:27:29, jln (very slow on Chromium) wrote: > Meta-remark (not for this CL): should the scopes really be strings? I wonder if > we shouldn't give them their own type with some checking etc.. OAuth scopes are in general strings, so most of Google3 and Android code directly takes a list of scope strings, (optional) normalizes them and then passes it to Google OAuth endpoints.Scope checking is already done at the LSO backends, not sure how much we would like to validate these in our frontends other than nullchecks.
24 (string? token, string? error);	24 (string? token, string? error);

25	25

26 // Requests to clear a previously acquired token. This should be called when a	26 // Requests to clear a previously acquired token. This should be called when a

27 // token is refused by a server component before requesting a new token to	27 // token is refused by a server component before requesting a new token to

28 // clear the token from any cache.	28 // clear the token from any cache.

29 ClearOAuth2Token(string token);	29 ClearOAuth2Token(string token);

	30

	31 // Requests an oauth2 device code response for the given set of scopes. In

	32 // case of error, response will be null and error will contain a description

	33 // of the error.

	34 GetOAuth2DeviceCode(array<string> scopes) => (string? verification_url, string ? device_code, string? user_code, string? error);

	35

	36 // Exchanges an oauth2 device code to a refresh token for the granted user,

	37 // and stores it locally in a secure storage location. For future

	38 // GetOAuth2Token requests, a new access token is minted from this refresh

	39 // token and returned to the calling mojo app.

	40 AddAccount(string device_code) => (string? username, string? error);

30 };	41 };

OLD	NEW