Support policy registration using a preobtained access token.

This allows platforms that obtain OAuth access tokens from external APIs to use CloudPolicyClientRegistrationHelper to register policy clients. BUG=318803 R=joaodasilva@chromium.org Review URL: https://codereview.chromium.org/197313004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267130 0039d316-1c4b-4281-b951-d872f2087c98

Support policy registration using a preobtained access token.
This allows platforms that obtain OAuth access tokens from external APIs to use CloudPolicyClientRegistrationHelper to register policy clients. BUG=318803 R=joaodasilva@chromium.org Review URL: https://codereview.chromium.org/197313004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267130 0039d316-1c4b-4281-b951-d872f2087c98
28fe9850 · dconnelly@chromium.org · c6fb80c2 · 28fe9850 · 28fe9850 · 28fe9850
Commit 28fe9850 authored Apr 30, 2014 by dconnelly@chromium.org
5 changed files
--- a/chrome/browser/policy/cloud/user_policy_signin_service_base.cc
+++ b/chrome/browser/policy/cloud/user_policy_signin_service_base.cc
@@ -151,7 +151,11 @@ UserPolicySigninServiceBase::CreateClientForRegistrationOnly(
    const std::string& username) {
  DCHECK(!username.empty());
  // We should not be called with a client already initialized.
+#if !defined(OS_IOS)
+  // On iOS we check if an account has policy while the profile is signed in
+  // to another account.
  DCHECK(!policy_manager() || !policy_manager()->core()->client());
+#endif

  // If the user should not get policy, just bail out.
  if (!policy_manager() || !ShouldLoadPolicyForUser(username)) {

--- a/chrome/browser/policy/cloud/user_policy_signin_service_ios.h
+++ b/chrome/browser/policy/cloud/user_policy_signin_service_ios.h
@@ -6,6 +6,7 @@
 #define CHROME_BROWSER_POLICY_CLOUD_USER_POLICY_SIGNIN_SERVICE_IOS_H_

 #include <string>
+#include <vector>

 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
@@ -47,13 +48,16 @@ class UserPolicySigninService : public UserPolicySigninServiceBase {
  virtual ~UserPolicySigninService();

  // Registers a CloudPolicyClient for fetching policy for |username|.
-  // This requests an OAuth2 token for the services involved, and contacts
-  // the policy service if the account has management enabled.
-  // |callback| is invoked once we have registered this device to fetch policy,
-  // or once it is determined that |username| is not a managed account.
+  // This requires a valid OAuth access token for the scopes returned by the
+  // |GetScopes| static function. |callback| is invoked once we have
+  // registered this device to fetch policy, or once it is determined that
+  // |username| is not a managed account.
  void RegisterForPolicy(const std::string& username,
+                         const std::string& access_token,
                         PolicyRegistrationBlockCallback callback);

+  static std::vector<std::string> GetScopes();
+
  // Wrapper for FetchPolicyForSignedInUser that uses a block instead of
  // a base::Callback.
  void FetchPolicy(
@@ -82,10 +86,6 @@ class UserPolicySigninService : public UserPolicySigninServiceBase {
  scoped_ptr<CloudPolicyClientRegistrationHelper> registration_helper_;
  base::WeakPtrFactory<UserPolicySigninService> weak_factory_;

-  // Weak pointer to the token service used to authenticate the
-  // CloudPolicyClient during registration.
-  ProfileOAuth2TokenService* oauth2_token_service_;
-
  // The PrefService associated with the profile.
  PrefService* profile_prefs_;


--- a/chrome/browser/policy/cloud/user_policy_signin_service_ios.mm
+++ b/chrome/browser/policy/cloud/user_policy_signin_service_ios.mm
@@ -13,12 +13,10 @@
 #include "base/prefs/pref_service.h"
 #include "base/time/time.h"
 #include "chrome/browser/profiles/profile.h"
-#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/common/pref_names.h"
 #include "components/policy/core/common/cloud/cloud_policy_client_registration_helper.h"
 #include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
 #include "components/policy/core/common/policy_switches.h"
-#include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager.h"
 #include "net/base/network_change_notifier.h"
 #include "net/url_request/url_request_context_getter.h"
@@ -52,13 +50,13 @@ UserPolicySigninService::UserPolicySigninService(
                                  signin_manager,
                                  system_request_context),
      weak_factory_(this),
-      oauth2_token_service_(token_service),
      profile_prefs_(profile->GetPrefs()) {}

 UserPolicySigninService::~UserPolicySigninService() {}

 void UserPolicySigninService::RegisterForPolicy(
    const std::string& username,
+    const std::string& access_token,
    PolicyRegistrationBlockCallback callback) {
  // Create a new CloudPolicyClient for fetching the DMToken.
  scoped_ptr<CloudPolicyClient> policy_client = CreateClientForRegistrationOnly(
@@ -75,13 +73,17 @@ void UserPolicySigninService::RegisterForPolicy(
  registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
      policy_client.get(),
      GetRegistrationType()));
-  registration_helper_->StartRegistration(
-      oauth2_token_service_,
-      username,
-      base::Bind(&UserPolicySigninService::CallPolicyRegistrationCallback,
-                 base::Unretained(this),
-                 base::Passed(&policy_client),
-                 [callback copy]));
+      registration_helper_->StartRegistrationWithAccessToken(
+          access_token,
+          base::Bind(&UserPolicySigninService::CallPolicyRegistrationCallback,
+                     base::Unretained(this),
+                     base::Passed(&policy_client),
+                     [callback copy]));
+}
+
+// static
+std::vector<std::string> UserPolicySigninService::GetScopes() {
+  return CloudPolicyClientRegistrationHelper::GetScopes();
 }

 void UserPolicySigninService::FetchPolicy(

--- a/components/policy/core/common/cloud/cloud_policy_client_registration_helper.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client_registration_helper.cc
@@ -4,8 +4,6 @@

 #include "components/policy/core/common/cloud/cloud_policy_client_registration_helper.h"

-#include <vector>
-
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/logging.h"
@@ -24,10 +22,6 @@

 namespace policy {

-// OAuth2 scope for the userinfo service.
-const char kServiceScopeGetUserInfo[] =
-    "https://www.googleapis.com/auth/userinfo.email";
-
 // The key under which the hosted-domain value is stored in the UserInfo
 // response.
 const char kGetHostedDomainKey[] = "hd";
@@ -77,7 +71,7 @@ void CloudPolicyClientRegistrationHelper::TokenServiceHelper::FetchAccessToken(

  OAuth2TokenService::ScopeSet scopes;
  scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);
-  scopes.insert(kServiceScopeGetUserInfo);
+  scopes.insert(GaiaConstants::kOAuthWrapBridgeUserInfoScope);
  token_request_ = token_service->StartRequest(account_id, scopes, this);
 }

@@ -135,14 +129,11 @@ void CloudPolicyClientRegistrationHelper::LoginTokenHelper::FetchAccessToken(
  // userinfo services.
  oauth2_access_token_fetcher_.reset(
      new OAuth2AccessTokenFetcherImpl(this, context, login_refresh_token));
-  std::vector<std::string> scopes;
-  scopes.push_back(GaiaConstants::kDeviceManagementServiceOAuth);
-  scopes.push_back(kServiceScopeGetUserInfo);
  GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
  oauth2_access_token_fetcher_->Start(
      gaia_urls->oauth2_chrome_client_id(),
      gaia_urls->oauth2_chrome_client_secret(),
-      scopes);
+      GetScopes());
 }

 void CloudPolicyClientRegistrationHelper::LoginTokenHelper::OnGetTokenSuccess(
@@ -210,6 +201,24 @@ void CloudPolicyClientRegistrationHelper::StartRegistrationWithLoginToken(
      base::Bind(&CloudPolicyClientRegistrationHelper::OnTokenFetched,
                 base::Unretained(this)));
 }
+
+void CloudPolicyClientRegistrationHelper::StartRegistrationWithAccessToken(
+    const std::string& access_token,
+    const base::Closure& callback) {
+  DCHECK(!client_->is_registered());
+  callback_ = callback;
+  client_->AddObserver(this);
+  OnTokenFetched(access_token);
+}
+
+// static
+std::vector<std::string>
+CloudPolicyClientRegistrationHelper::GetScopes() {
+  std::vector<std::string> scopes;
+  scopes.push_back(GaiaConstants::kDeviceManagementServiceOAuth);
+  scopes.push_back(GaiaConstants::kOAuthWrapBridgeUserInfoScope);
+  return scopes;
+}
 #endif

 void CloudPolicyClientRegistrationHelper::OnTokenFetched(

--- a/components/policy/core/common/cloud/cloud_policy_client_registration_helper.h
+++ b/components/policy/core/common/cloud/cloud_policy_client_registration_helper.h
@@ -6,6 +6,7 @@
 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_REGISTRATION_HELPER_H_

 #include <string>
+#include <vector>

 #include "base/basictypes.h"
 #include "base/callback.h"
@@ -52,6 +53,15 @@ class POLICY_EXPORT CloudPolicyClientRegistrationHelper
  // |callback| is invoked when the registration is complete.
  void StartRegistrationWithLoginToken(const std::string& login_refresh_token,
                                       const base::Closure& callback);
+
+  // Starts the client registration process. |access_token| must be a valid
+  // OAuth access token for the scopes returned by the |GetScopes| static
+  // function.
+  void StartRegistrationWithAccessToken(const std::string& access_token,
+                                        const base::Closure& callback);
+
+  // Returns the scopes required for policy client registration.
+  static std::vector<std::string> GetScopes();
 #endif

 private: