commit 803b71cecfc6d15318abd7bd30d09fde64f04de4
author davidroche@chromium.org <davidroche@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> Mon Apr 29 17:51:49 2013
committer davidroche@chromium.org <davidroche@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> Mon Apr 29 17:51:49 2013
tree cd4e02e3fc1ed1d7979ed474045fb5ed8d3c0cda
parent b6b262c93bcffa7ea1493c920d3ca5b5e18a020c

Modify the enterprise enrollment flow to fetch an optional device robot api token from the policy server.  This token will be stored in the device's Local State for use by Cloud Print across all profiles (including Guest and Public Sessions).  The new steps that fetch the token during enrollment are optional, so that enrollment will still succeed if a policy server doesn't support robot api tokens.

BUG=164606

Review URL: https://chromiumcodereview.appspot.com/12538009

git-svn-id: http://src.chromium.org/svn/trunk/src/chrome/browser/policy/proto@197075 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

cloud/device_management_backend.proto

diff --git a/cloud/device_management_backend.proto b/cloud/device_management_backend.proto
index 765cc9f..0d42509 100644
--- a/cloud/device_management_backend.proto
+++ b/cloud/device_management_backend.proto
@@ -103,6 +103,21 @@
   optional string watermark = 2;
 }
 
+// Request to access a Google service with the given scope.
+message DeviceServiceApiAccessRequest {
+  // The list of auth scopes the device requests from DMServer.
+  repeated string auth_scope = 1;
+
+  // OAuth2 client ID to which the returned authorization code is bound.
+  optional string oauth2_client_id = 2;
+}
+
+message DeviceServiceApiAccessResponse {
+  // The OAuth2 authorization code for the requested scope(s).
+  // This can be exchanged for a refresh token.
+  optional string auth_code = 1;
+}
+
 message PolicyFetchRequest {
   // This is the policy type, which maps to D3 policy type internally.
   // By convention, we use "/" as separator to create policy namespace.
@@ -446,6 +461,7 @@
 //     * register
 //     * status
 //     * unregister
+//     * api_authorization
 //
 //   * devicetype: MUST BE "1" for Android or "2" for Chrome OS.
 //   * apptype: MUST BE Android or Chrome.
@@ -493,6 +509,9 @@
 
   // EMCert upload (for remote attestation)
   optional DeviceCertUploadRequest cert_upload_request = 7;
+
+  // Request for OAuth2 authorization codes to access Google services.
+  optional DeviceServiceApiAccessRequest service_api_access_request = 8;
 }
 
 // Response from server to device.
@@ -535,4 +554,7 @@
 
   // EMCert upload response.
   optional DeviceCertUploadResponse cert_upload_response = 9;
+
+  // Response to OAuth2 authorization code request.
+  optional DeviceServiceApiAccessResponse service_api_access_response = 10;
 }