New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 877935 link

Starred by 1 user
Status: Untriaged
Owner:
poromov@chromium.org
Cc:
ljusten@chromium.org
bartfab@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Need a way for kiosk admins to whitelist apps to access various scopes

Project Member Reported by atwilson@chromium.org, Aug 27 
Kiosk apps often use a client-side service/robot account to talk to google backends. Currently, minting auth tokens requires user consent - this doesn't make sense for service accounts/kiosk apps, so we should come up with some way for admins/DPCs to whitelist apps to mint various scopes.

bartfab/poromov/ljusten - not sure which of you would be the right owner for this.

Comment 1 by bartfab@chromium.org, Aug 27 

Is this for Chrome or Android kiosk apps? If it is for the latter, b/111384878 is the correct long-term approach. We would need a different workaround for the P time frame though.

Comment 2 by atwilson@chromium.org, Aug 27 

Android kiosk apps. Is the idea this "you are in kiosk mode" flag will be queried by various pieces of the system (like GMSCore) to skip permissions/consent dialogs?

Comment 3 by bartfab@chromium.org, Aug 27 

Yes. We already have a proposal underway to do this for USB access (b/111069395). We should do the same thing for OAuth prompts.

Comment 4 by bartfab@chromium.org, Aug 30 

As is being discussed by e-mail, GAIA token minting is controlled by GmsCore, not the Android system. This is a GmsCore FR and should be filed in b/.

Sign in to add a comment