Added OAuth support to TokenService

chrome/browser/net/gaia/token_service.h

Index: chrome/browser/net/gaia/token_service.h
diff --git a/chrome/browser/net/gaia/token_service.h b/chrome/browser/net/gaia/token_service.h
index adeb977fec54b698444268e687f95a375c077c2f..8725c667f1118f273f2b3ce0a848af0cffd7e370 100644
--- a/chrome/browser/net/gaia/token_service.h
+++ b/chrome/browser/net/gaia/token_service.h
@@ -4,11 +4,12 @@
 //
 // The TokenService will supply authentication tokens for any service that
 // needs it, such as sync. Whenever the user logs in, a controller watching
-// the token service is expected to call ClientLogin to derive a new SID and
-// LSID. Whenever such credentials are available, the TokenService should be
-// updated with new credentials. The controller should then start fetching
-// tokens, which will be written to the database after retrieval, as well as
-// provided to listeners.
+// the token service is expected either to call ClientLogin to derive a new
+// SID and LSID, or to use GAIA OAuth requests to derive an OAuth1 access
+// token for the OAuthLogin scope.  Whenever such credentials are available,
+// the TokenService should be updated with new credentials.  The controller
+// should then start fetching tokens, which will be written to the database
+// after retrieval, as well as provided to listeners.
 //
 // A token service controller like the ChromiumOS login is expected to:
 //
@@ -40,6 +41,8 @@
 
 #include "base/gtest_prod_util.h"
 #include "base/memory/scoped_ptr.h"
+#include "chrome/browser/net/gaia/gaia_oauth_consumer.h"
+#include "chrome/browser/net/gaia/gaia_oauth_fetcher.h"
 #include "chrome/browser/webdata/web_data_service.h"
 #include "chrome/common/net/gaia/gaia_auth_consumer.h"
 #include "chrome/common/net/gaia/gaia_auth_fetcher.h"
@@ -56,6 +59,7 @@ class URLRequestContextGetter;
 // The TokenService is a Profile member, so all calls are expected
 // from the UI thread.
 class TokenService : public GaiaAuthConsumer,
+                     public GaiaOAuthConsumer,
                      public WebDataServiceConsumer,
                      public NotificationObserver {
  public:
@@ -98,16 +102,23 @@ class TokenService : public GaiaAuthConsumer,
   // Used to determine whether Initialize() has been called.
   bool Initialized() const { return !source_.empty(); }
 
-  // Update the credentials in the token service.
+  // Update ClientLogin credentials in the token service.
   // Afterwards you can StartFetchingTokens.
   void UpdateCredentials(
       const GaiaAuthConsumer::ClientLoginResult& credentials);
 
+  // Update OAuth credentials in the token service.
+  // Afterwards you can StartFetchingOAuthTokens.
+  void UpdateOAuthCredentials(
+      const std::string& oauth_token,
+      const std::string& oauth_secret);
+
   // Terminate any running requests and reset the TokenService to a clean
   // slate. Resets in memory structures. Does not modify the DB.
   // When this is done, no tokens will be left in memory and no
   // user credentials will be left. Useful if a user is logging out.
-  // Initialize doesn't need to be called again but UpdateCredentials does.
+  // Initialize doesn't need to be called again but UpdateCredentials and
+  // UpdateOAuthCredentials do.
   void ResetCredentialsInMemory();
 
   // Async load all tokens for services we know of from the DB.
@@ -125,11 +136,14 @@ class TokenService : public GaiaAuthConsumer,
   const std::string& GetLsid() const;
   // Did we get a proper LSID?
   bool AreCredentialsValid() const;
+  // Do we have an OAuth access token and secret.
+  bool AreOAuthCredentialsValid() const;
 
   // Tokens will be fetched for all services(sync, talk) in the background.
   // Results come back via event channel. Services can also poll before events
   // are issued.
   void StartFetchingTokens();
+  void StartFetchingOAuthTokens();
   bool HasTokenForService(const char* const service) const;
   const std::string& GetTokenForService(const char* const service) const;
 
@@ -139,9 +153,23 @@ class TokenService : public GaiaAuthConsumer,
 
   // GaiaAuthConsumer implementation.
   virtual void OnIssueAuthTokenSuccess(const std::string& service,
-                                       const std::string& auth_token);
+                                       const std::string& auth_token) OVERRIDE;
   virtual void OnIssueAuthTokenFailure(const std::string& service,
-                                       const GoogleServiceAuthError& error);
+                                       const GoogleServiceAuthError& error)
+      OVERRIDE;
+
+  // GaiaOAuthConsumer implementation.
+  virtual void OnOAuthGetAccessTokenSuccess(const std::string& token,
+                                            const std::string& secret) OVERRIDE;
+  virtual void OnOAuthGetAccessTokenFailure(
+      const GoogleServiceAuthError& error) OVERRIDE;
+
+  virtual void OnOAuthWrapBridgeSuccess(const std::string& service_scope,
+                                        const std::string& token,
+                                        const std::string& expires_in) OVERRIDE;
+  virtual void OnOAuthWrapBridgeFailure(const std::string& service_name,
+                                        const GoogleServiceAuthError& error)
+      OVERRIDE;
 
   // WebDataServiceConsumer implementation.
   virtual void OnWebDataServiceRequestDone(WebDataService::Handle h,
@@ -166,6 +194,9 @@ class TokenService : public GaiaAuthConsumer,
   void SaveAuthTokenToDB(const std::string& service,
                          const std::string& auth_token);
 
+  // The profile with which this instance was initialized, or NULL.
+  Profile* profile_;

[Mattias Nissler (ping if slow), 2011/08/04 13:39:57]

I kind of dislike this, since Profile is a super-heavy-weight dependency. As far
as I can see, we only use it to get a request context (for which we could just
pass a bare pointer in Initialize) and for the OAuth fetcher (which I believe
doesn't actually require the profile's cookie store for the operations
TokenService issues, but I may be mistaken on this one). So if we could drop the
Profile dependency, that would make TokenService much more reusable.

Please regard this comment as FYI/non-scoring feedback. I only wanted to mention
my concerns since for policy we made the experience that Profile dependency of
TokenService is a show stopper, which is why we're not using it for e.g. device
policy and instead have our own token fetching logic. On the other hand, you can
argue that TokenService should only be designed to support Profile-bound
functionality. Just mentioning for your consideration! :)

[Rick Campbell, 2011/08/04 17:24:42]

My current thinking is to leave things as they are for now.  In revisiting
later, I would like to factor the Profile out of the GaiaOAuthFetcher first by
splitting the UI aspects from the more purely networking aspects, and then
reconsider removing it from the TokenService at that time.

+
   // Web data service to access tokens from.
   scoped_refptr<WebDataService> web_data_service_;
   // Getter to use for fetchers.
@@ -177,14 +208,37 @@ class TokenService : public GaiaAuthConsumer,
   std::string source_;
   // Credentials from ClientLogin for Issuing auth tokens.
   GaiaAuthConsumer::ClientLoginResult credentials_;
-
-  // Size of array of services (must be defined here).
+  // Credentials from Gaia OAuth (uber/login token)
+  std::string oauth_token_;
+  std::string oauth_secret_;
+
+  // Size of array of services capable of ClientLogin-based authentication.
+  // This value must be defined here.
+  // NOTE: The use of --enable-sync-oauth does not affect this count.  The
+  // TokenService can continue to do some degree of ClientLogin token
+  // management, mostly related to persistence while Sync and possibly other
+  // services are using OAuth-based authentication.
   static const int kNumServices = 4;
-  // List of services that we're performing operations for.
+  // List of services that we're performing operations for which are capable

[Roger Tawa OOO till Jul 10th, 2011/08/04 14:02:14]

remove "for" ?

[Rick Campbell, 2011/08/04 17:24:42]

Thanks.  I went for "List of services that are capable of ClientLogin-based
authentication." and similar wording in the OAuth case a bit further down.

+  // of ClientLogin-based authentication.
   static const char* kServices[kNumServices];
-  // A bunch of fetchers suitable for token issuing. We don't care about
-  // the ordering, nor do we care which is for which service.
+  // A bunch of fetchers suitable for ClientLogin token issuing. We don't care
+  // about the ordering, nor do we care which is for which service.
   scoped_ptr<GaiaAuthFetcher> fetchers_[kNumServices];
+
+  // Size of array of services capable of OAuth-based authentication.  This
+  // value must be defined here.
+  // NOTE: The use of --enable-sync-oauth does not affect this count.  The
+  // TokenService can continue to do some degree of OAuth token
+  // management, mostly related to persistence while Sync and possibly other
+  // services are using ClientLogin-based authentication.
+  static const int kNumOAuthServices = 1;
+  // List of services that we're performing operations for.
+  static const char* kOAuthServices[kNumOAuthServices];
+  // A bunch of fetchers suitable for OAuth token issuing. We don't care about
+  // the ordering, nor do we care which is for which service.
+  scoped_ptr<GaiaOAuthFetcher> oauth_fetchers_[kNumOAuthServices];
+
   // Map from service to token.
   std::map<std::string, std::string> token_map_;