README.md
1The core public API surfaces for interacting with Google identity. Header files
2in this directory are allowed to depend only on the following other parts of the
3signin component:
4
5//components/signin/public/base
6//components/signin/public/webdata
7
8Implementation files in this directory, however, are additionally allowed to
9depend on //components/signin/internal/identity_manager.
10
11Here we take a quick guide through the core concepts (note: Documentation on
12specific IdentityManager and IdentityManager::Observer methods can be found as
13method-level comments in identity_manager.h; this guide defines the core
14concepts themselves and gives a high-level mapping between these core concepts
15and the relevant IdentityManager(::Observer) API surfaces).
16
17# Accounts
18- "Account" always refers to a Gaia account.
19- An account has three core pieces of information, which are collected together
20 in the CoreAccountInfo struct and are available for the duration of the
21 account being visible to IdentityManager:
22 - The email address.
23 - The Gaia ID.
24 - The account ID. This is an opaque Chrome-specific identifier for the
25 account.
26- The AccountInfo struct contains extra "extended" information about the account
27 that may become available only asynchronously after the account is first added
28 to Chrome. To interact with the extended account info, use the IdentityManager
29 methods with "ExtendedAccountInfo" in their names. To observe changes in the
30 state of the extended account info for one or more accounts, observe
31 IdentityManager and override one or more of the IdentityManager::Observer
32 methods with "ExtendedAccountInfo" in their names.
33
34# The Primary Account
35- "Primary account" in IdentityManager refers to the account that has been
36 blessed for sync by the user (what in Chromium historically was often referred
37 to as the "authenticated account").
38- "Unconsented primary account" is intuitively the browsing identity of the user
39 that we display to the user; the user may or may not have blessed this account
40 for sync. In particular, whenever a primary account exists, the unconsented
41 primary account equals to the primary account. On desktop platforms (excl.
42 ChromeOS), if no primary account exists and there exist any content-area
43 accounts, the unconsented primary account equals to the first signed-in content-
44 area account. In all other cases there is no unconsented primary account.
45 NOTE: This name is still subject to finalization. The problem with
46 "unconsented" in this context is that it means "did not consent"; really, this
47 account is the "possibly unconsented, possibly primary, default account", which
48 is a mouthful :).
49- To interact with the primary account and/or unconsented primary account, use
50 the IdentityManager methods with "PrimaryAccount" in their names. To observe
51 changes in the presence of either of these accounts, observe IdentityManager
52 and override one or more of the methods with "PrimaryAccount" in their names
53 as desired.
54- PrimaryAccountTokenFetcher is the primary client-side interface for obtaining
55 OAuth2 access tokens for the primary account (see the next section for the
56 discussion of OAuth2 tokens). In particular, it can handle the common use case
57 of "wait until the primary account is available and then fetch an access token
58 for it" transparently on behalf of the client. See
59 primary_account_access_token_fetcher.h for usage explanation and examples.
60
61# OAuth2 Access and Refresh Tokens
62- "OAuth2 tokens" are tokens related to the OAuth2 client-server authorization
63 protocol. "OAuth2 refresh tokens" or just "refresh tokens" are long-lived
64 tokens that the browser obtains via the user explicitly adding an account.
65 Clients of IdentityManager do not explicitly see refresh tokens, but rather use
66 IdentityManager to obtain "OAuth2 access tokens" or just "access tokens".
67 Access tokens are short-lived tokens with given scopes that can be used to make
68 authorized requests to Gaia endpoints.
69- "The accounts with refresh tokens" refer to the accounts that are visible to
70 IdentityManager with OAuth2 refresh tokens present (e.g., because the user has
71 signed in to the browser and embedder-level code then added the account to
72 IdentityManager, or because the user has added an account at the
73 system level that embedder-level code then made visible to IdentityManager).
74 To interact with these accounts, use the IdentityManager methods with
75 "RefreshToken" in their name. To observe changes in the state of one or more
76 of these accounts, observe IdentityManager and override one or more of the
77 IdentityManager::Observer methods with "RefreshToken" in their name.
78- AccessTokenFetcher is the client-side interface for obtaining access tokens
79 for arbitrary accounts; see access_token_fetcher.h for usage explanation and
80 examples.
81
82# The Gaia Cookie
83- "The Gaia cookie" refers to the cookie that contains the information of the
84 user's Gaia accounts that are available on the web.
85- "The accounts in the Gaia cookie" and "the accounts in the cookie jar" refer to
86 the set of accounts in this cookie. To interact with these accounts, use the
87 IdentityManager methods with "Cookie" in their name. To observe changes in the
88 state of one or more of these accounts, observe IdentityManager and override
89 one or more of the IdentityManager::Observer methods with "Cookie" in their
90 name. Note that as the information that Chrome has about these accounts is
91 fundamentally different than that which Chrome has about the user's accounts
92 with OAuth2 refresh tokens, the struct encoding this information is also
93 distinct: see accounts_in_cookie_jar_info.h.
94
95# Interacting with IdentityManager and Friends in Tests
96- IdentityTestEnvironment is the preferred test infrastructure for unittests
97 of production code that interacts with IdentityManager. It is suitable for
98 use in cases where neither the production code nor the unittest is interacting
99 with Profile.
100- identity_test_utils.h provides lower-level test facilities for interacting
101 explicitly with IdentityManager. These facilities are the way to interact with
102 IdentityManager in testing contexts where the production code and/or the
103 unittest are interacting with Profile (in particular, where the
104 IdentityManager instance with which the test is interacting must be
105 IdentityManagerFactory::GetForProfile(profile)). Examples include integration
106 tests and Profile-based unittests (in the latter case, consider migrating the
107 test and production code away from using Profile directly and using
108 IdentityTestEnvironment).
109
110# Mutation of Account State
111- Various mutators of account state are available through IdentityManager (e.g.,
112 PrimaryAccountMutator). These should in general be used only as part of larger
113 embedder-specific flows for mutating the user's account state in ways that are
114 in line with product specifications. If you are a consumer of
115 //components/identity/public/identity_manager and you believe that you have a
116 new use case for one of these API surfaces, you should first contact the
117 OWNERS of //components/signin to discuss this use case and how best to realize
118 it. With these caveats, here are the details of how various operations are
119 supported on the various platforms on which Chrome runs:
120 * Mutating the primary account: Setting the primary account is done via
121 PrimaryAccountMutator::SetPrimaryAccount(); see the comments on the
122 declaration of that method for the conditions required for the setting of
123 the primary account to succeed. On all platforms other than ChromeOS, the
124 primary account can be cleared via
125 PrimaryAccountMutator::ClearPrimaryAccount() (on ChromeOS, the primary
126 account cannot be cleared as there is no user-level flow to sign out of
127 the browser).
128 * Updating the state of the accounts in the Gaia cookie: This is supported via
129 AccountsCookieMutator.
130 * Mutating the set of accounts with refresh tokens: The ways in which this
131 occurs are platform-specific due to the differences in underlying platform
132 account management (or lack thereof). We detail these below:
133 - Windows/Mac/Linux: Chrome manages the user's OAuth2 refresh tokens
134 internally. Adding and removing accounts with refresh tokens is done via
135 AccountsMutator.
136 - ChromeOS: Chrome is backed by ChromeOS' platform-level AccountManager.
137 Chrome's view of the accounts with refresh tokens is synchronized with
138 the platform-level state by observing that platform-level AccountManager
139 internally.
140 - Android: Chrome is backed by Android's platform-level AccountManager (in
141 Java). Chrome's view of the accounts with refresh tokens is synchronized
142 with the platform-level state via IdentityMutator.java.
143 - iOS: Chrome is backed by Google's iOS SSO library for supporting shared
144 identities between Google's various iOS applications. Chrome's view of the
145 accounts with refresh tokens is synchronized with the platform-level state
146 via DeviceAccountsSynchronizer.
147
148# Mental Mapping from Chromium's Historical API Surfaces for Signin
149Documentation on the mapping between usage of legacy signin
150classes (notably PrimaryAccountManager and ProfileOAuth2TokenService) and usage
151of IdentityManager is available here:
152
153https://docs.google.com/document/d/14f3qqkDM9IE4Ff_l6wuXvCMeHfSC9TxKezXTCyeaPUY/edit#
154