ash / components / arc / mojom / auth.mojom [blame]

// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Next MinVersion: 31

module arc.mojom;

// These values describe failure reason of auth code retrieval.
// This enum previously had provisioning status values such as GMS
// sign-in and check-in failure codes from 0 to 22 that have been
// removed and should not be re-introduced.
[Extensible]
enum ArcAuthCodeStatus {
  // Next value: 23.

  // Server does not return authorization.
  [MinVersion=10] CHROME_SERVER_COMMUNICATION_ERROR = 16,

  // ARC was disabled for Active Directory user.
  [MinVersion=10] ARC_DISABLED = 17,

  [MinVersion=10] SUCCESS = 18,

  // Account is not present in ChromeOS Account Manager.
  [MinVersion=21] CHROME_ACCOUNT_NOT_FOUND = 21,

  // NOTE: If you add any entries to this enum, you must also update the
  // corresponding UMA ArcAuthMainAccountResolutionStatus at
  // tools/metrics/histograms/enums.xml.
};

[Extensible]
enum GeneralSignInError {
  // Next value: 8.
  UNKNOWN_ERROR = 0,

  // Mojo errors:
  // MOJO_VERSION_MISMATCH: is sent when an API is not supported
  //   due to Host/Instance version mismatch.
  MOJO_VERSION_MISMATCH = 1,

  // GENERIC_PROVISIONING_TIMEOUT: is sent when provisioning is started
  //   but not completed with time out.
  GENERIC_PROVISIONING_TIMEOUT = 2,

  // Network connection is unavailable.
  NO_NETWORK_CONNECTION = 3,

  // Server does not return authorization.
  CHROME_SERVER_COMMUNICATION_ERROR = 4,

  // ARC was disabled for Active Directory user.
  ARC_DISABLED = 5,

  // Account type is not supported for authorization.
  UNSUPPORTED_ACCOUNT_TYPE = 6,

  // Account is not present in ChromeOS Account Manager.
  CHROME_ACCOUNT_NOT_FOUND = 7,
};

[Extensible]
enum GMSCheckInError {
  // Next value: 4.

  // GMS_CHECK_IN_FAILED: is sent when "check-in" procedure is completed
  //   but is actually failed.
  GMS_CHECK_IN_FAILED = 1,

  // GMS_CHECK_IN_TIMEOUT: is sent when "check-in" procedure started
  //   but is not completed.
  GMS_CHECK_IN_TIMEOUT = 2,

  // GMS_CHECK_IN_INTERNAL_ERROR: is sent when "check-in" procedure is
  //   started, but some unexpected error situation happens so that it could
  //   not completed.
  GMS_CHECK_IN_INTERNAL_ERROR = 3,
};

[Extensible]
enum GMSSignInError {
  // Next value: 7.

  // GMS_SIGN_IN_NETWORK_ERROR: is sent when GMS sign-in procedure is
  //   started, but it reports NETWORK_ERROR.
  GMS_SIGN_IN_NETWORK_ERROR = 1,

  // GMS_SIGN_IN_SERVICE_UNAVAILABLE: is sent when GMS sign-in
  //   procedure is started but it reports SERVICE_UNAVAILABLE. Note
  //   that this is not generic service unavailable error code.
  GMS_SIGN_IN_SERVICE_UNAVAILABLE = 2,

  // GMS_SIGN_IN_BAD_AUTHENTICATION: is sent when GMS sign-in procedure
  //   is started but it reports BAD_AUTHENTICATION.
  GMS_SIGN_IN_BAD_AUTHENTICATION = 3,

  // GMS_SIGN_IN_FAILED: is sent when GMS sign in procedure is started but
  //   it reports an error other than above NETWORK_ERROR, SERVICE_UNAVAILABLE
  //   or BAD_AUTHENTICATION. In general, we do not expect this kind of cases.
  GMS_SIGN_IN_FAILED = 4,

  // GMS_SIGN_IN_TIMEOUT: is sent when GMS sign in procedure is started but
  //   not returned.
  GMS_SIGN_IN_TIMEOUT = 5,

  // GMS_SIGN_IN_INTERNAL_ERROR: is sent when GMS sign in procedure is started
  //   but could not completed.
  GMS_SIGN_IN_INTERNAL_ERROR = 6,
};

[Extensible]
// These values must be in sync with ProvisionConstants in CloudDPC code
enum CloudProvisionFlowError {
    // Unknown or uncommon error.
    ERROR_OTHER = 0,
    // Enrollment token provided was invalid.
    ERROR_ENROLLMENT_TOKEN_INVALID = 1,
    // Enterprise hit device quota.
    ERROR_DEVICE_QUOTA_EXCEEDED = 2,
    // CloudDPS could not fulfill request because of a transient error.
    ERROR_SERVER_TRANSIENT_ERROR = 3,
    // Account could not be added.
    ERROR_ADD_ACCOUNT_FAILED = 4,
    // Could not get Android ID
    ERROR_REQUEST_ANDROID_ID_FAILED = 5,
    // Device got stuck in quarantine mode.
    ERROR_QUARANTINE = 6,
    // Setup step timed out.
    ERROR_TIMEOUT = 7,
    // There was no network, so device couldn't fulfill a request.
    ERROR_NETWORK_UNAVAILABLE = 8,
    // Enterprise is not registered with CloudDPx.
    ERROR_ENTERPRISE_INVALID = 9,
    // User cancelled the step.
    ERROR_USER_CANCEL = 10,
    // Either account migration failed or account was deleted by user during provisioning.
    ERROR_NO_ACCOUNT_IN_WORK_PROFILE = 11,
    // Policy got stuck in invalid state.
    ERROR_INVALID_POLICY_STATE = 12,
    // Issues with DpcSupport.
    ERROR_DPC_SUPPORT = 13,
    // Account wad not ready.
    ERROR_ACCOUNT_NOT_READY = 14,
    // Checkin failed.
    ERROR_CHECKIN_FAILED = 15,
    // Issues with allowlisting work account.
    ERROR_ACCOUNT_NOT_ALLOWLISTED = 16,
    // Error parsing JSON, most likely policy JSON
    ERROR_JSON = 17,
    // ManagedProvisioning failed.
    ERROR_MANAGED_PROVISIONING_FAILED = 18,
    // Setup intent could not be parsed.
    ERROR_INVALID_SETUP_ACTION = 19,
    // CloudDPS exception with an uncommon server code.
    ERROR_SERVER = 20,
    // Removing a previously existing unmanaged account failed.
    ERROR_REMOVE_ACCOUNT_FAILED = 21,
    // Error with getting OAuth token.
    ERROR_OAUTH_TOKEN = 22,
    // AccountException with no exception details.
    ERROR_ACCOUNT_OTHER = 23,
    // Error with getting OAuth token due to AuthenticatorException.
    ERROR_OAUTH_TOKEN_AUTHENTICATOR_EXCEPTION = 24,
    // Error with getting OAuth token due to IOException.
    ERROR_OAUTH_TOKEN_IO_EXCEPTION = 25,
    // Error with getting OAuth token due to OperationCanceledException.
    ERROR_OAUTH_TOKEN_OPERATION_CANCELED_EXCEPTION = 26,
};

[Extensible]
enum ArcSignInSuccess {
  // Next value: 3.
  [MinVersion=10] SUCCESS = 1,

  // ARC was already provisioned.
  [MinVersion=11] SUCCESS_ALREADY_PROVISIONED = 2
};

// Represents different kinds of errors that can happen during
// sign-in.
union ArcSignInError {
  CloudProvisionFlowError cloud_provision_flow_error;
  [MinVersion=26] GeneralSignInError general_error;
  [MinVersion=26] GMSSignInError sign_in_error;
  [MinVersion=26] GMSCheckInError check_in_error;
};

union ArcSignInResult {
  ArcSignInSuccess success;
  ArcSignInError? error;
};

union ArcSignInAccount {
  // Placeholder value; if this is the union type, indicates the
  // auth flow was for initial device provisioning.
  uint8 initial_signin;

  // If |account_name| is not present, it is assumed to be the Primary/Device
  // account.
  string? account_name;
};

// These values describe account check status.
[Extensible]
enum AccountCheckStatus {
    // Checked account exists and is up to date.
    [MinVersion=9] UP_TO_DATE = 0,

    // Checked account is new in the system.
    [MinVersion=9] NEW = 1,

    // Checked account exists but need to be reauthorized.
    [MinVersion=9] NEED_REAUTH = 2,

    // Checked account exists but it is in unknown state.
    [MinVersion=9] UNKNOWN = 3,

    // Account check has failed.
    [MinVersion=9] CHECK_FAILED = 4,

    // NOTE: If you add any entries to this enum, you must also update the
    // corresponding UMA callsite in Chrome arc::UpdateAuthAccountCheckStatus.
};

// These values describe AndroidId source during ARC provisioning.
// These values are persisted to logs. Entries should not be renumbered and
// numeric values should never be reused.
[Extensible]
enum AndroidIdSource {
    // AndroidId was not found.
    [MinVersion=28] MISSING = 0,

    // AndroidId was cached.
    [MinVersion=28] CACHED = 1,

    // AndroidId was found via GService flag.
    [MinVersion=28] GSERVICE_FLAG = 2,

    // AndroidId was found via GmsProxy api.
    [MinVersion=28] GMS_PROXY = 3,
};

// These values describe the reason for reauth.
[Extensible]
enum ReauthReason {
    // Device is provisioned but Android id is not set.
    [MinVersion=27] ANDROID_ID_MISSING = 0,

    // Main account set in system properties is not found in Android
    // Account Manager.
    [MinVersion=27] MAIN_ACCOUNT_UNKNOWN = 1,

    // Device Policy Controller account info is out of sync.
    [MinVersion=30] DPC_OUT_OF_SYNC = 2,

    // Used as a baseline to capture when reauth is not needed.
    [MinVersion=30] NOT_NEEDED = 3,
};

[Extensible]
enum MainAccountResolutionStatus {
    // No hash code was set for the main account. System contains no account of
    // required type.
    [MinVersion=22] NO_HASH_CODE_NO_ACCOUNT = 0,

    // No hash code was set for the main account. System contains only single
    // account of required type.
    [MinVersion=22] NO_HASH_CODE_SINGLE_ACCOUNT = 1,

    // No hash code was set for the main account. System contains multiple
    // accounts of required type.
    [MinVersion=22] NO_HASH_CODE_MULTIPLE_ACCOUNTS = 2,

    // Hash code was set but no account currently available.
    [MinVersion=22] HASH_CODE_NO_ACCOUNT = 3,

    // Hash code was set but it does not match single account of required type.
    [MinVersion=22] HASH_CODE_DO_NOT_MATCH_SINGLE_ACCOUNT = 4,

    // Hash code was set but it does not match multiple accounts of required
    // type.
    [MinVersion=22] HASH_CODE_DO_NOT_MATCH_MULTIPLE_ACCOUNTS = 5,

    // Hash code was set and it matches single account of required type.
    [MinVersion=22] HASH_CODE_MATCH_SINGLE_ACCOUNT = 6,

    // Hash code was set and it matches one of multiple accounts of required
    // type.
    [MinVersion=22] HASH_CODE_MATCH_MULTIPLE_ACCOUNTS = 7,

    // Hash code collides with multiple accounts of required type.
    [MinVersion=22] HASH_CODE_COLLIDE_FOR_MULTIPLE_ACCOUNTS = 8,

    // NOTE: If you add any entries to this enum, you must also update the
    // corresponding UMA ArcAuthMainAccountResolutionStatus at
    // tools/metrics/histograms/enums.xml.
};

// These values describe the result of ARC attempting to change management
// state after an account type change.
[Extensible]
enum ManagementChangeStatus {
  // CloudDPC was disabled successfully.
  [MinVersion=13] CLOUD_DPC_DISABLED = 0,

  // CloudDPC was already disabled.
  [MinVersion=13] CLOUD_DPC_ALREADY_DISABLED = 1,

  // CloudDPC was enabled successfully.
  [MinVersion=13] CLOUD_DPC_ENABLED = 2,

  // CloudDPC was already enabled.
  [MinVersion=13] CLOUD_DPC_ALREADY_ENABLED = 3,

  // Invalid state returned from Chrome.
  [MinVersion=13] INVALID_MANAGEMENT_STATE = 4,

  // Failed to disable CloudDPC due to an unspecified error.
  [MinVersion=13] CLOUD_DPC_DISABLING_FAILED = 5,

  // Failed to enable CloudDPC due to an unspecified error.
  [MinVersion=13] CLOUD_DPC_ENABLING_FAILED = 6,
};

// These values describe the type of the Chrome account to provision.
// Next enum ID: 6.
// Deprecated enum ID: 3 (was used for `ACTIVE_DIRECTORY_ACCOUNT`).
[Extensible]
enum ChromeAccountType {
  UNKNOWN = 0,

  // Chrome login account type is a user account.
  USER_ACCOUNT = 1,

  // Chrome login account type is a robot (service) account.
  ROBOT_ACCOUNT = 2,

  // Chrome login account type is a child account.
  CHILD_ACCOUNT = 4,

  // Chrome login account is a demo session account that was enrolled offline,
  // using policies bundled with ChromeOS, and thus does not have a working
  // robot account associated with it.
  [MinVersion=14] OFFLINE_DEMO_ACCOUNT = 5,
};

// These values describe the type of the metrics to report.
[Extensible]
enum MetricsType {
  // Duration of waiting for network connection in milliseconds.
  NETWORK_WAITING_TIME_MILLISECONDS = 0,

  // Number of attempts to wait for Checkin task completed. 0 indicates that
  // Checkin task was already completed prior to GMS SignIn.
  CHECKIN_ATTEMPTS = 1,

  // Duration of waiting for Checkin task completed in milliseconds.
  CHECKIN_TIME_MILLISECONDS = 2,

  // Duration of waiting for sign-in completed in milliseconds.
  SIGNIN_TIME_MILLISECONDS = 3,

  // Duration of checking the status of account.
  [MinVersion=9] ACCOUNT_CHECK_MILLISECONDS = 4,
};

// These values describe the type of account update.
[Extensible]
enum AccountUpdateType {
  // An account was updated or inserted in ChromeOS Account Manager.
  UPSERT = 0,

  // An account was removed from ChromeOS Account Manager.
  REMOVAL = 1,
};

// The necessary information for Android to sign in and provision itself.
// Next field ID: 5.
struct AccountInfo {
  // The authorization code that can be used in Android to sign in when
  // account_type is USER_ACCOUNT, ROBOT_ACCOUNT or CHILD_ACCOUNT. If it is
  // null in these cases, sign-in will be skipped.
  string? auth_code@0;

  // The type of Chrome account to provision.
  ChromeAccountType account_type@1;

  // Whether the account is managed from ChromeOS.
  bool is_managed@2;

  // This deprecated enrollment token was used for Active Directory users.
  [MinVersion=6] string? DEPRECATED_enrollment_token@3;

  // Name of account, used to map to existing Android account.
  [MinVersion=9] string? account_name@4;
};

// Information about an account in ARC.
struct ArcAccountInfo {
  // Account's email id.
  string email;

  // Account's obfuscated Gaia id.
  string gaia_id;
};

// Next Method ID: 22.
// Deprecated method IDs: 21.
interface AuthHost {
  // Notifies Chrome that the authorization flow is completed and provides
  // |result| and |account| that was authorized.
  [MinVersion=26] OnAuthorizationResult@19(
      ArcSignInResult result,
      ArcSignInAccount account);

  // Reports metrics to Chrome to be recorded in UMA.
  [MinVersion=7] ReportMetrics@8(MetricsType metrics_type, int32 value);

  // Reports result of account check.
  [MinVersion=9] ReportAccountCheckStatus@9(AccountCheckStatus status);

  // Reports to Chrome the result of changing the management state.
  // Chrome informs ARC on every boot if a management transition is necessary
  // or not (see https://crrev.com/c/1069031). ARC should report back only if
  // a transition was necessary.
  [MinVersion=13] ReportManagementChangeStatus@11(
      ManagementChangeStatus status);

  // Returns the primary account from Chrome.
  // |account_name| is the email address of the primary account for consumer and
  // managed Gaia accounts and empty for all other cases (e.g. demo sessions).
  [MinVersion=23] RequestPrimaryAccount@18()
      => (string account_name, ChromeAccountType account_type);

  // Requests an authorization code, as well as the account information for the
  // Primary/Device Account in ChromeOS Account Manager.
  // This is called for ARC's initial provisioning flow.
  // If the request completes successfully, |status| must be SUCCESS and
  // |account_info| is not null.
  // In case of an error, |status| must contain the reason of failure, other
  // than SUCCESS, and |account_info| is null.
  [MinVersion=15] RequestPrimaryAccountInfo@12()
      => (ArcAuthCodeStatus status, AccountInfo? account_info);

  // Requests an authorization code, as well as the account information for an
  // account in ChromeOS Account Manager.
  // This must be called after ARC's initial provisioning flow is complete.
  // If the request completes successfully, |status| must be SUCCESS and
  // |account_info| is not null.
  // In case of an error, |status| must contain the reason of failure, other
  // than SUCCESS, and |account_info| is null.
  // |persistent_error| flag set to true indicates that error cannot be
  // eliminated by retrying the request.
  [MinVersion=15] RequestAccountInfo@13(string account_name)
      => (ArcAuthCodeStatus status,
          AccountInfo? account_info,
          [MinVersion=24] bool persistent_error);

  // Returns |true| if ChromeOS Account Manager is available for this session.
  // Account Manager is not available in Guest Sessions and Public Sessions
  // among other cases. Returning |true| here has the effect of routing all
  // Google account management |Intent|s from Android to ChromeOS Account
  // Manager, instead of launching Android's account management flows.
  [MinVersion=20] IsAccountManagerAvailable@14() => (bool is_available);

  // Handles an Android |Intent| to add a Google account by displaying ChromeOS
  // Account Manager's account addition UI.
  [MinVersion=20] HandleAddAccountRequest@15();

  // Handles an Android |Intent| to remove a Google account. |account_name| is
  // the Google email id for the account. |account_name| cannot be null or
  // empty.
  // Note: Calling this API will not silently remove |account_name|. Currently
  // it redirects users to ChromeOS Account Manager's Settings Page.
  [MinVersion=20] HandleRemoveAccountRequest@16(string account_name);

  // Handles an Android |Intent| to update a Google account by displaying Chrome
  // OS Account Manager's re-authentication UI. |account_name| is the Google
  // email id for the account. |account_name| cannot be null or empty.
  [MinVersion=20] HandleUpdateCredentialsRequest@17(string account_name);

  // Reports the reason for doing auth despite device being provisioned earlier.
  [MinVersion=27] ReportAccountReauthReason@20(ReauthReason reason);
};

// Next Method ID: 7
interface AuthInstance {
  // Establishes full-duplex communication with the host.
  [MinVersion=12] Init@2(pending_remote<AuthHost> host_remote) => ();

  // A notification that an account was updated (or inserted, or removed; see
  // |AccountUpdateType|) in ChromeOS Account Manager.
  // This notification is sent for the Primary/Device Account and Secondary
  // Accounts, both.
  [MinVersion=17] OnAccountUpdated@3(
      string account_name, AccountUpdateType update_type);

  // Gets the list of Google accounts in ARC. Called during the one-time
  // migration of accounts from ARC to ChromeOS Account Manager.
  [MinVersion=19] GetGoogleAccounts@4() => (array<ArcAccountInfo> accounts);

  // Gets resolution status of main account for statistics reporting.
  [MinVersion=22] GetMainAccountResolutionStatus@5()
      => (MainAccountResolutionStatus status);

  // Pushes the `accounts` list to ARC on session start.
  // - Just after ARC provisioning, all accounts except the primary account
  // are pushed to ARC. Pushing the primary account is not required since ARC
  // was just provisioned and it may also cause performance issues, see
  // https://crrev.com/c/1796344.
  // - On the start of the following sessions all accounts (including the
  // primary account) are pushed to ARC.
  // ARC will remove any accounts in the Android account manager that are not
  // present in `accounts` (with an exception for the primary account as noted
  // above). Accounts in `accounts` will be added or updated to the Android
  // account manager.
  // During a session, subsequent changes to the list of accounts are still
  // managed through OnAccountUpdated.
  [MinVersion=29] SetAccounts@6(array<ArcAccountInfo> accounts);
};