[Parent Access] Add production parent access OAuth Scopes

This includes: - The ParentApproval scope used to authenticate the ParentApproval web widget. - The Programmatic challenge scope used by the web widget. Bug: b/202292393 Change-Id: I1dc912410e89ab0dc0a578f9618b98ab3b09a5a8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3215016 Reviewed-by: Aga Wronska <agawronska@chromium.org> Reviewed-by: Alex Ilin <alexilin@chromium.org> Auto-Submit: Dan S <danan@chromium.org> Commit-Queue: Dan S <danan@chromium.org> Cr-Commit-Position: refs/heads/main@{#930734}
Denger-Network · Oct 12, 2021 · 9b889c2 · 9b889c2
1 parent 41e961c
commit 9b889c2
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/chrome/browser/ui/webui/chromeos/parent_access/parent_access_ui_handler_impl.cc b/chrome/browser/ui/webui/chromeos/parent_access/parent_access_ui_handler_impl.cc
@@ -31,7 +31,8 @@ ParentAccessUIHandlerImpl::~ParentAccessUIHandlerImpl() = default;
 
 void ParentAccessUIHandlerImpl::GetOAuthToken(GetOAuthTokenCallback callback) {
   signin::ScopeSet scopes;
-  scopes.insert(GaiaConstants::kKidsSupervisionSetupChildOAuth2Scope);
+  scopes.insert(GaiaConstants::kParentApprovalOAuth2Scope);
+  scopes.insert(GaiaConstants::kProgrammaticChallengeOAuth2Scope);
 
   if (oauth2_access_token_fetcher_) {
     // Only one GetOAuthToken call can happen at a time.

diff --git a/google_apis/gaia/gaia_constants.cc b/google_apis/gaia/gaia_constants.cc
@@ -63,10 +63,18 @@ const char kGoogleUserInfoEmail[] =
 const char kGoogleUserInfoProfile[] =
     "https://www.googleapis.com/auth/userinfo.profile";
 
+// OAuth2 scope for access to the parent approval widget.
+const char kParentApprovalOAuth2Scope[] =
+    "https://www.googleapis.com/auth/kids.parentapproval";
+
 // OAuth2 scope for access to the people API (read-only).
 const char kPeopleApiReadOnlyOAuth2Scope[] =
     "https://www.googleapis.com/auth/peopleapi.readonly";
 
+// OAuth2 scope for access to the programmatic challenge API (read-only).
+const char kProgrammaticChallengeOAuth2Scope[] =
+    "https://www.googleapis.com/auth/accounts.programmaticchallenge";
+
 // OAuth2 scope for access to the Reauth flow.
 const char kAccountsReauthOAuth2Scope[] =
     "https://www.googleapis.com/auth/accounts.reauth";

diff --git a/google_apis/gaia/gaia_constants.h b/google_apis/gaia/gaia_constants.h
@@ -34,7 +34,9 @@ extern const char kKidsSupervisionSetupChildOAuth2Scope[];
 extern const char kGoogleTalkOAuth2Scope[];
 extern const char kGoogleUserInfoEmail[];
 extern const char kGoogleUserInfoProfile[];
+extern const char kParentApprovalOAuth2Scope[];
 extern const char kPeopleApiReadOnlyOAuth2Scope[];
+extern const char kProgrammaticChallengeOAuth2Scope[];
 extern const char kAccountsReauthOAuth2Scope[];
 extern const char kAuditRecordingOAuth2Scope[];
 extern const char kClearCutOAuth2Scope[];