1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
content / public / browser / identity_request_account.h [blame]
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_PUBLIC_BROWSER_IDENTITY_REQUEST_ACCOUNT_H_
#define CONTENT_PUBLIC_BROWSER_IDENTITY_REQUEST_ACCOUNT_H_
#include <optional>
#include <string>
#include <vector>
#include "base/memory/ref_counted.h"
#include "base/time/time.h"
#include "content/common/content_export.h"
#include "third_party/skia/include/core/SkColor.h"
#include "ui/gfx/image/image.h"
#include "url/gurl.h"
namespace content {
class IdentityProviderData;
// Represents a federated user account which is used when displaying the FedCM
// account selector.
class CONTENT_EXPORT IdentityRequestAccount
: public base::RefCounted<IdentityRequestAccount> {
public:
enum class LoginState {
// This is a returning user signing in with RP/IDP in this browser.
kSignIn,
// This is a new user sign up for RP/IDP in *this browser*. Note that this
// is the browser's notion of login state which may not match that of the
// IDP. For example the user may actually be a returning user having
// previously signed-up with this RP/IDP outside this browser. This is a
// consequence of not relying the IDP's login state. This means that we
// should be mindful to *NOT* rely on this value to mean definitely a new
// user when using it to customize the UI.
kSignUp,
};
enum class SignInMode {
// This is the default sign in mode for returning users.
kExplicit,
// This represents the auto re-authn flow. Currently it's only available
// when RP specifies |autoReauthn = true| AND there is only one signed in
// account.
kAuto,
};
IdentityRequestAccount(
const std::string& id,
const std::string& email,
const std::string& name,
const std::string& given_name,
const GURL& picture,
std::vector<std::string> login_hints,
std::vector<std::string> domain_hints,
std::vector<std::string> labels,
std::optional<LoginState> login_state = std::nullopt,
LoginState browser_trusted_login_state = LoginState::kSignUp,
std::optional<base::Time> last_used_timestamp = std::nullopt);
// The identity provider to which the account belongs to. This is not set in
// the constructor but instead set later.
scoped_refptr<IdentityProviderData> identity_provider = nullptr;
std::string id;
std::string email;
std::string name;
std::string given_name;
GURL picture;
// This will be an empty image if fetching failed.
gfx::Image decoded_picture;
std::vector<std::string> login_hints;
std::vector<std::string> domain_hints;
std::vector<std::string> labels;
// The account login state. Unlike the other fields this one can be populated
// either by the IDP or by the browser based on its stored permission grants.
std::optional<LoginState> login_state;
// The account login state that the browser can trust.
LoginState browser_trusted_login_state;
// The last used timestamp, or nullopt if the account has not been used
// before.
std::optional<base::Time> last_used_timestamp;
// Whether this account is filtered out or not. An account may be filtered out
// due to login hint, domain hint, or account label.
bool is_filtered_out = false;
private:
friend class base::RefCounted<IdentityRequestAccount>;
~IdentityRequestAccount();
};
} // namespace content
#endif // CONTENT_PUBLIC_BROWSER_IDENTITY_REQUEST_ACCOUNT_H_