From 4744783f8889d0965597da3564b528096f16c610 Mon Sep 17 00:00:00 2001
From: Erik Jensen <rkjnsn@chromium.org>
Date: Thu, 9 May 2019 23:34:07 +0000
Subject: [PATCH] remoting: Update OAuth scopes for Android app.

The gRPC directory API use chromoting.directory instead of chromoting,
and FTL signaling requires an additional scope.

Change-Id: Ifbe3fe32fc30bbd94b71cac46810ebbfd77160cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1603769
Commit-Queue: Erik Jensen <rkjnsn@chromium.org>
Reviewed-by: Yuwei Huang <yuweih@chromium.org>
Reviewed-by: Joe Downing <joedow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#658338}
---
 .../java/src/org/chromium/chromoting/Chromoting.java      | 5 ++++-
 .../org/chromium/chromoting/jni/JniOAuthTokenGetter.java  | 8 +++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/remoting/android/java/src/org/chromium/chromoting/Chromoting.java b/remoting/android/java/src/org/chromium/chromoting/Chromoting.java
index 017a95262c9888..84f3a5369d11f4 100644
--- a/remoting/android/java/src/org/chromium/chromoting/Chromoting.java
+++ b/remoting/android/java/src/org/chromium/chromoting/Chromoting.java
@@ -60,7 +60,10 @@ public class Chromoting extends AppCompatActivity
     private static final String ACCOUNT_TYPE = "com.google";
 
     /** Scope to use when fetching the OAuth token. */
-    private static final String TOKEN_SCOPE = "oauth2:https://www.googleapis.com/auth/chromoting "
+    // To use these scopes in a debug build, your development account will need to be whitelisted.
+    private static final String TOKEN_SCOPE =
+            "oauth2:https://www.googleapis.com/auth/chromoting.directory "
+            + "https://www.googleapis.com/auth/tachyon "
             + "https://www.googleapis.com/auth/googletalk";
 
     /** Result code used for starting {@link DesktopActivity}. */
diff --git a/remoting/android/java/src/org/chromium/chromoting/jni/JniOAuthTokenGetter.java b/remoting/android/java/src/org/chromium/chromoting/jni/JniOAuthTokenGetter.java
index bba766cb4b3581..13d59429c3c98f 100644
--- a/remoting/android/java/src/org/chromium/chromoting/jni/JniOAuthTokenGetter.java
+++ b/remoting/android/java/src/org/chromium/chromoting/jni/JniOAuthTokenGetter.java
@@ -21,7 +21,13 @@
 @JNINamespace("remoting")
 public class JniOAuthTokenGetter {
     private static final String TAG = "Chromoting";
-    private static final String TOKEN_SCOPE = "oauth2:https://www.googleapis.com/auth/chromoting";
+    // Note: Any scope requested here must also be requested in Chromoting.java. (I.e., this must be
+    // a subset of Chromoting.java's TOKEN_SCOPE.) This is because the context passed to
+    // OAuthTokenFetcher below is not an activity, and thus it will not be possible to show a
+    // consent page requesting new scopes.
+    private static final String TOKEN_SCOPE =
+            "oauth2:https://www.googleapis.com/auth/chromoting.directory "
+            + "https://www.googleapis.com/auth/tachyon";
 
     private static String sAccount;
     private static String sLatestToken;