1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5// Use the <code>chrome.identity</code> API to get OAuth2 access tokens. 6namespace identity { 7 8 dictionary AccountInfo { 9 // A unique identifier for the account. This ID will not change 10 // for the lifetime of the account. 11 DOMString id; 12 }; 13 14 dictionary ProfileUserInfo { 15 // An email address for the user account signed into the current 16 // profile. Empty if the user is not signed in. 17 DOMString email; 18 19 // A unique identifier for the account. This ID will not change 20 // for the lifetime of the account. Empty if the user is not 21 // signed in. 22 DOMString id; 23 }; 24 25 dictionary TokenDetails { 26 // Fetching a token may require the user to sign-in to Chrome, or 27 // approve the application's requested scopes. If the interactive 28 // flag is <code>true</code>, <code>getAuthToken</code> will 29 // prompt the user as necessary. When the flag is 30 // <code>false</code> or omitted, <code>getAuthToken</code> will 31 // return failure any time a prompt would be required. 32 boolean? interactive; 33 34 // The account ID whose token should be returned. If not 35 // specified, the primary account for the profile will be used. 36 // 37 // <code>account</code> is only supported when the 38 // "enable-new-profile-management" flag is set. 39 AccountInfo? account; 40 41 // A list of OAuth2 scopes to request. 42 // 43 // When the <code>scopes</code> field is present, it overrides the 44 // list of scopes specified in manifest.json. 45 DOMString[]? scopes; 46 }; 47 48 dictionary InvalidTokenDetails { 49 // The specific token that should be removed from the cache. 50 DOMString token; 51 }; 52 53 dictionary WebAuthFlowDetails { 54 // The URL that initiates the auth flow. 55 DOMString url; 56 57 // Whether to launch auth flow in interactive mode. 58 // 59 // Since some auth flows may immediately redirect to a result URL, 60 // <code>launchWebAuthFlow</code> hides its web view until the 61 // first navigation either redirects to the final URL, or finishes 62 // loading a page meant to be displayed. 63 // 64 // If the interactive flag is <code>true</code>, the window will 65 // be displayed when a page load completes. If the flag is 66 // <code>false</code> or omitted, <code>launchWebAuthFlow</code> 67 // will return with an error if the initial navigation does not 68 // complete the flow. 69 boolean? interactive; 70 }; 71 72 callback GetAuthTokenCallback = void (optional DOMString token); 73 callback GetAccountsCallback = void (AccountInfo[] accounts); 74 callback GetProfileUserInfoCallback = void (ProfileUserInfo userInfo); 75 callback InvalidateAuthTokenCallback = void (); 76 callback LaunchWebAuthFlowCallback = void (optional DOMString responseUrl); 77 78 interface Functions { 79 // Retrieves a list of AccountInfo objects describing the accounts 80 // present on the profile. 81 // 82 // <code>getAccounts</code> is only supported on dev channel. 83 static void getAccounts(GetAccountsCallback callback); 84 85 // Gets an OAuth2 access token using the client ID and scopes 86 // specified in the <a 87 // href="app_identity.html#update_manifest"><code>oauth2</code> 88 // section of manifest.json</a>. 89 // 90 // The Identity API caches access tokens in memory, so it's ok to 91 // call <code>getAuthToken</code> non-interactively any time a token is 92 // required. The token cache automatically handles expiration. 93 // 94 // For a good user experience it is important interactive token requests are 95 // initiated by UI in your app explaining what the authorization is for. 96 // Failing to do this will cause your users to get authorization requests, 97 // or Chrome sign in screens if they are not signed in, with with no 98 // context. In particular, do not use <code>getAuthToken</code> 99 // interactively when your app is first launched. 100 // 101 // |details| : Token options. 102 // |callback| : Called with an OAuth2 access token as specified by the 103 // manifest, or undefined if there was an error. 104 static void getAuthToken(optional TokenDetails details, 105 GetAuthTokenCallback callback); 106 107 // Retrieves email address and obfuscated gaia id of the user 108 // signed into a profile. 109 // 110 // This API is different from identity.getAccounts in two 111 // ways. The information returned is available offline, and it 112 // only applies to the primary account for the profile. 113 static void getProfileUserInfo(GetProfileUserInfoCallback callback); 114 115 // Removes an OAuth2 access token from the Identity API's token cache. 116 // 117 // If an access token is discovered to be invalid, it should be 118 // passed to removeCachedAuthToken to remove it from the 119 // cache. The app may then retrieve a fresh token with 120 // <code>getAuthToken</code>. 121 // 122 // |details| : Token information. 123 // |callback| : Called when the token has been removed from the cache. 124 static void removeCachedAuthToken( 125 InvalidTokenDetails details, InvalidateAuthTokenCallback callback); 126 127 // Starts an auth flow at the specified URL. 128 // 129 // This method enables auth flows with non-Google identity 130 // providers by launching a web view and navigating it to the 131 // first URL in the provider's auth flow. When the provider 132 // redirects to a URL matching the pattern 133 // <code>https://<app-id>.chromiumapp.org/*</code>, the 134 // window will close, and the final redirect URL will be passed to 135 // the <var>callback</var> function. 136 // 137 // For a good user experience it is important interactive auth flows are 138 // initiated by UI in your app explaining what the authorization is for. 139 // Failing to do this will cause your users to get authorization requests 140 // with no context. In particular, do not launch an interactive auth flow 141 // when your app is first launched. 142 // 143 // |details| : WebAuth flow options. 144 // |callback| : Called with the URL redirected back to your application. 145 static void launchWebAuthFlow(WebAuthFlowDetails details, 146 LaunchWebAuthFlowCallback callback); 147 148 // Generates a redirect URL to be used in |launchWebAuthFlow|. 149 // 150 // The generated URLs match the pattern 151 // <code>https://<app-id>.chromiumapp.org/*</code>. 152 // 153 // |path| : The path appended to the end of the generated URL. 154 [nocompile] static DOMString getRedirectURL(optional DOMString path); 155 }; 156 157 interface Events { 158 // Fired when signin state changes for an account on the user's profile. 159 static void onSignInChanged(AccountInfo account, boolean signedIn); 160 }; 161}; 162