Added OAuth support to TokenService

chrome/browser/net/gaia/token_service.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // The TokenService will supply authentication tokens for any service that
 // needs it, such as sync. Whenever the user logs in, a controller watching
-// the token service is expected to call ClientLogin to derive a new SID and
-// LSID. Whenever such credentials are available, the TokenService should be
-// updated with new credentials. The controller should then start fetching
-// tokens, which will be written to the database after retrieval, as well as
-// provided to listeners.
+// the token service is expected either to call ClientLogin to derive a new
+// SID and LSID, or to use GAIA OAuth requests to derive an OAuth1 access
+// token for the OAuthLogin scope.  Whenever such credentials are available,
+// the TokenService should be updated with new credentials.  The controller
+// should then start fetching tokens, which will be written to the database
+// after retrieval, as well as provided to listeners.
 //
 // A token service controller like the ChromiumOS login is expected to:
 //
 // Initialize()  // Soon as you can
 // LoadTokensFromDB()  // When it's OK to talk to the database
 // UpdateCredentials()  // When user logs in
 // StartFetchingTokens()  // When it's safe to start fetching
 //
 // Typically a user of the TokenService is expected just to call:
 //
@@ skipping 11 matching lines @@
 
 #ifndef CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_H_
 #define CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_H_
 #pragma once
 
 #include <map>
 #include <string>
 
 #include "base/gtest_prod_util.h"
 #include "base/memory/scoped_ptr.h"
+#include "chrome/browser/net/gaia/gaia_oauth_consumer.h"
+#include "chrome/browser/net/gaia/gaia_oauth_fetcher.h"
 #include "chrome/browser/webdata/web_data_service.h"
 #include "chrome/common/net/gaia/gaia_auth_consumer.h"
 #include "chrome/common/net/gaia/gaia_auth_fetcher.h"
 #include "chrome/common/net/gaia/google_service_auth_error.h"
 #include "content/common/notification_observer.h"
 #include "content/common/notification_registrar.h"
 
 class Profile;
 
 namespace net {
 class URLRequestContextGetter;
 }
 
 // The TokenService is a Profile member, so all calls are expected
 // from the UI thread.
 class TokenService : public GaiaAuthConsumer,
+                     public GaiaOAuthConsumer,
                      public WebDataServiceConsumer,
                      public NotificationObserver {
  public:
    TokenService();
    virtual ~TokenService();
 
   // Notification classes
   class TokenAvailableDetails {
    public:
     TokenAvailableDetails() {}
@@ skipping 22 matching lines @@
   };
 
   // Initialize this token service with a request source
   // (usually from a GaiaAuthConsumer constant), and the profile.
   // Typically you'd then update the credentials.
   void Initialize(const char* const source, Profile* profile);
 
   // Used to determine whether Initialize() has been called.
   bool Initialized() const { return !source_.empty(); }
 
-  // Update the credentials in the token service.
+  // Update ClientLogin credentials in the token service.
   // Afterwards you can StartFetchingTokens.
   void UpdateCredentials(
       const GaiaAuthConsumer::ClientLoginResult& credentials);
 
+  // Update OAuth credentials in the token service.
+  // Afterwards you can StartFetchingOAuthTokens.
+  void UpdateOAuthCredentials(
+      const std::string& oauth_token,
+      const std::string& oauth_secret);
+
   // Terminate any running requests and reset the TokenService to a clean
   // slate. Resets in memory structures. Does not modify the DB.
   // When this is done, no tokens will be left in memory and no
   // user credentials will be left. Useful if a user is logging out.
-  // Initialize doesn't need to be called again but UpdateCredentials does.
+  // Initialize doesn't need to be called again but UpdateCredentials and
+  // UpdateOAuthCredentials do.
   void ResetCredentialsInMemory();
 
   // Async load all tokens for services we know of from the DB.
   // You should do this at startup. Optionally you can do it again
   // after you reset in memory credentials.
   void LoadTokensFromDB();
 
   // Clear all DB stored tokens for the current profile. Tokens may still be
   // available in memory. If a DB load is pending it may still be serviced.
   void EraseTokensFromDB();
 
   // For legacy services with their own auth routines, they can just read
   // the LSID out directly. Deprecated.
   bool HasLsid() const;
   const std::string& GetLsid() const;
   // Did we get a proper LSID?
   bool AreCredentialsValid() const;
+  // Do we have an OAuth access token and secret.
+  bool AreOAuthCredentialsValid() const;
 
   // Tokens will be fetched for all services(sync, talk) in the background.
   // Results come back via event channel. Services can also poll before events
   // are issued.
   void StartFetchingTokens();
+  void StartFetchingOAuthTokens();
   bool HasTokenForService(const char* const service) const;
   const std::string& GetTokenForService(const char* const service) const;
 
   // For tests only. Doesn't save to the WebDB.
   void IssueAuthTokenForTest(const std::string& service,
                              const std::string& auth_token);
 
   // GaiaAuthConsumer implementation.
   virtual void OnIssueAuthTokenSuccess(const std::string& service,
-                                       const std::string& auth_token);
+                                       const std::string& auth_token) OVERRIDE;
   virtual void OnIssueAuthTokenFailure(const std::string& service,
-                                       const GoogleServiceAuthError& error);
+                                       const GoogleServiceAuthError& error)
+      OVERRIDE;
+
+  // GaiaOAuthConsumer implementation.
+  virtual void OnOAuthGetAccessTokenSuccess(const std::string& token,
+                                            const std::string& secret) OVERRIDE;
+  virtual void OnOAuthGetAccessTokenFailure(
+      const GoogleServiceAuthError& error) OVERRIDE;
+
+  virtual void OnOAuthWrapBridgeSuccess(const std::string& service_scope,
+                                        const std::string& token,
+                                        const std::string& expires_in) OVERRIDE;
+  virtual void OnOAuthWrapBridgeFailure(const std::string& service_name,
+                                        const GoogleServiceAuthError& error)
+      OVERRIDE;
 
   // WebDataServiceConsumer implementation.
   virtual void OnWebDataServiceRequestDone(WebDataService::Handle h,
                                            const WDTypedResult* result);
 
   // NotificationObserver implementation.
   virtual void Observe(int type,
                        const NotificationSource& source,
                        const NotificationDetails& details);
 
  private:
 
   void FireTokenAvailableNotification(const std::string& service,
                                       const std::string& auth_token);
 
   void FireTokenRequestFailedNotification(const std::string& service,
                                           const GoogleServiceAuthError& error);
 
   void LoadTokensIntoMemory(const std::map<std::string, std::string>& in_toks,
                             std::map<std::string, std::string>* out_toks);
 
   void SaveAuthTokenToDB(const std::string& service,
                          const std::string& auth_token);
 
+  // The profile with which this instance was initialized, or NULL.
+  Profile* profile_;

[Mattias Nissler (ping if slow), 2011/08/04 13:39:57]

I kind of dislike this, since Profile is a super-heavy-weight dependency. As far
as I can see, we only use it to get a request context (for which we could just
pass a bare pointer in Initialize) and for the OAuth fetcher (which I believe
doesn't actually require the profile's cookie store for the operations
TokenService issues, but I may be mistaken on this one). So if we could drop the
Profile dependency, that would make TokenService much more reusable.

Please regard this comment as FYI/non-scoring feedback. I only wanted to mention
my concerns since for policy we made the experience that Profile dependency of
TokenService is a show stopper, which is why we're not using it for e.g. device
policy and instead have our own token fetching logic. On the other hand, you can
argue that TokenService should only be designed to support Profile-bound
functionality. Just mentioning for your consideration! :)

[Rick Campbell, 2011/08/04 17:24:42]

My current thinking is to leave things as they are for now.  In revisiting
later, I would like to factor the Profile out of the GaiaOAuthFetcher first by
splitting the UI aspects from the more purely networking aspects, and then
reconsider removing it from the TokenService at that time.

+
   // Web data service to access tokens from.
   scoped_refptr<WebDataService> web_data_service_;
   // Getter to use for fetchers.
   scoped_refptr<net::URLRequestContextGetter> getter_;
   // Request handle to load Gaia tokens from DB.
   WebDataService::Handle token_loading_query_;
 
   // Gaia request source for Gaia accounting.
   std::string source_;
   // Credentials from ClientLogin for Issuing auth tokens.
   GaiaAuthConsumer::ClientLoginResult credentials_;
+  // Credentials from Gaia OAuth (uber/login token)
+  std::string oauth_token_;
+  std::string oauth_secret_;
 
-  // Size of array of services (must be defined here).
+  // Size of array of services capable of ClientLogin-based authentication.
+  // This value must be defined here.
+  // NOTE: The use of --enable-sync-oauth does not affect this count.  The
+  // TokenService can continue to do some degree of ClientLogin token
+  // management, mostly related to persistence while Sync and possibly other
+  // services are using OAuth-based authentication.
   static const int kNumServices = 4;
+  // List of services that we're performing operations for which are capable

[Roger Tawa OOO till Jul 10th, 2011/08/04 14:02:14]

remove "for" ?

[Rick Campbell, 2011/08/04 17:24:42]

Thanks.  I went for "List of services that are capable of ClientLogin-based
authentication." and similar wording in the OAuth case a bit further down.

+  // of ClientLogin-based authentication.
+  static const char* kServices[kNumServices];
+  // A bunch of fetchers suitable for ClientLogin token issuing. We don't care
+  // about the ordering, nor do we care which is for which service.
+  scoped_ptr<GaiaAuthFetcher> fetchers_[kNumServices];
+
+  // Size of array of services capable of OAuth-based authentication.  This
+  // value must be defined here.
+  // NOTE: The use of --enable-sync-oauth does not affect this count.  The
+  // TokenService can continue to do some degree of OAuth token
+  // management, mostly related to persistence while Sync and possibly other
+  // services are using ClientLogin-based authentication.
+  static const int kNumOAuthServices = 1;
   // List of services that we're performing operations for.
-  static const char* kServices[kNumServices];
-  // A bunch of fetchers suitable for token issuing. We don't care about
+  static const char* kOAuthServices[kNumOAuthServices];
+  // A bunch of fetchers suitable for OAuth token issuing. We don't care about
   // the ordering, nor do we care which is for which service.
-  scoped_ptr<GaiaAuthFetcher> fetchers_[kNumServices];
+  scoped_ptr<GaiaOAuthFetcher> oauth_fetchers_[kNumOAuthServices];
+
   // Map from service to token.
   std::map<std::string, std::string> token_map_;
 
   NotificationRegistrar registrar_;
 
   FRIEND_TEST_ALL_PREFIXES(TokenServiceTest, LoadTokensIntoMemoryBasic);
   FRIEND_TEST_ALL_PREFIXES(TokenServiceTest, LoadTokensIntoMemoryAdvanced);
 
   DISALLOW_COPY_AND_ASSIGN(TokenService);
 };
 
 #endif  // CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_H_