The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/8a54d5b95ebbfa260ece9a3db7a871e318a0d6c7

commit 8a54d5b95ebbfa260ece9a3db7a871e318a0d6c7
Author: Xiyuan Xia <xiyuan@google.com>
Date: Tue Feb 07 03:06:52 2017

common-assets: Remove obsolete gaia_auth reference

BUG=chromium:688565
TEST=Manual. ChromeOS builds fine and Gaia sign-in works.

Change-Id: I7713c90b2c96bac856e0731c6e8a389be7fe8b09
Reviewed-on: https://chromium-review.googlesource.com/438625
Commit-Ready: Xiyuan Xia <xiyuan@chromium.org>
Tested-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>

[modify] https://crrev.com/8a54d5b95ebbfa260ece9a3db7a871e318a0d6c7/chromeos-base/common-assets/common-assets-9999.ebuild

It turns out that we could not 100% scrape gaia_auth. Its success.html is used as the landing page for successful sign-in. I would keep that and remove all other files.

Can we pull that file into Chrome and get rid of it from chromeos-assets?

The files in chromeos-assets are obsolete. We already have all gaia_auth bunlded as a component extension. My comment in #2 is that we could not get rid of the component extension fully because its success.html is still used as a landing page. If we want to get rid of that, we need to figure out a replacement landing page and might need to coordinate some server side page too.

Gotcha.
CC'ing Zach for help figuring out a replacement landing page.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/assets/+/240e6bd185241e1c2ecc19ecf1c763fd88752d7c

commit 240e6bd185241e1c2ecc19ecf1c763fd88752d7c
Author: Xiyuan Xia <xiyuan@google.com>
Date: Wed Feb 08 04:14:32 2017

assets: Remove obsolete gaia_auth files.

BUG=chromium:688565
TEST=Manual. ChromeOS builds fine and gaia sign-in works.

Change-Id: Iaabd81038f98ffa98899474bbe38ca5d929ad3f6
Reviewed-on: https://chromium-review.googlesource.com/438665
Commit-Ready: Xiyuan Xia <xiyuan@chromium.org>
Tested-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>

[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/offline.css
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/offline.html
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/main.html
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/success.js
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/offline.js
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/main.css
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/test/content.js
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/util.js
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/success.html
[delete] https://crrev.com/bdb7e6e2a97c6db589fdfed3ba4fa6c6d1b22b0a/gaia_auth/main.js

I'll check with GAIA team if this will be covered in webview with new MinuteMaid.

Re #7: If Gaia takes the continue URL from "continue" param only and there is no hard coded URL like the following:

chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html

then we just need to figure out a new landing URL to get rid of the extension completely.

+omrilio 
Is there a historical or technical reason for the success page? Could we not just take the user directly to the next step in new user flow upon successful login?

In old days, this url is used as a signal of auth success. But I don't think it is needed in new code now as we use http headers and oauth code cookie to indicate the auth success. Not sure whether it is still needed for Gaia code though because server side might need to do a redirect somewhere after the auth.

+1 to what xiyuan@ said. I don't have context beyond that.
I would recommend talking to GAIA team to make sure we are not breaking anything.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d9c901b89a037d1fe9e44bf2f203400c1f51f444

commit d9c901b89a037d1fe9e44bf2f203400c1f51f444
Author: xiyuan <xiyuan@chromium.org>
Date: Thu Feb 09 18:07:49 2017

Deprecate most of gaia_auth extension

- Reduce gaia_auth extension to just serve success landing page;
- Move channel.js and saml_injected to gaia_auth_host;
- new_inline_login.html -> inline_login.html;
- Remove unused member from GaiaAuthExtensionLoader;

BUG=688565
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2686683002
Cr-Commit-Position: refs/heads/master@{#449349}

[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/browser_resources.grd
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/extensions/signin/gaia_auth_extension_loader.cc
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/extensions/signin/gaia_auth_extension_loader.h
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/resources/component_extension_resources.grd
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/background.js
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/main.css
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/main.html
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/main.js
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/resources/gaia_auth/manifest.json
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/offline.css
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/offline.html
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/offline.js
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/gaia_auth/util.js
[rename] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/resources/gaia_auth_host/channel.js
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/resources/gaia_auth_host/post_message_channel.js
[rename] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/resources/gaia_auth_host/saml_injected.js
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/resources/gaia_auth_host/webview_saml_injected.js
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/resources/inline_login/inline_login.html
[delete] https://crrev.com/15ffa4689839fa575de38a25c89780450b83e9d0/chrome/browser/resources/inline_login/new_inline_login.html
[modify] https://crrev.com/d9c901b89a037d1fe9e44bf2f203400c1f51f444/chrome/browser/ui/webui/signin/inline_login_ui.cc

File http://b/35200280 to track server side work (if any).

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c448b9749b459fa598b61ce55f2f8b67474b17bc

commit c448b9749b459fa598b61ce55f2f8b67474b17bc
Author: Lucas Furukawa Gadani <lfg@chromium.org>
Date: Wed Oct 18 23:04:18 2017

Remove CSP override for child frames in the signin page.

Bug: 688565
Change-Id: I70f9e8b1ea785ff72cc41829b9348bf310605127
Reviewed-on: https://chromium-review.googlesource.com/726325
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Commit-Queue: Lucas Gadani <lfg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509913}
[modify] https://crrev.com/c448b9749b459fa598b61ce55f2f8b67474b17bc/chrome/browser/ui/webui/signin/inline_login_ui.cc