Send a notification when the signed-in user is about to sign out.

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 343 matching lines @@
   DCHECK(IsInitialized());
   if (authenticated_username_.empty() && !client_login_.get()) {
     // Just exit if we aren't signed in (or in the process of signing in).
     // This avoids a perf regression because SignOut() is invoked on startup to
     // clean up any incomplete previous signin attempts.
     return;
   }
 
   GoogleServiceSignoutDetails details(authenticated_username_);
 
+  content::NotificationService::current()->Notify(
+      chrome::NOTIFICATION_GOOGLE_WILL_SIGN_OUT,
+      content::Source<Profile>(profile_),
+      content::Details<const GoogleServiceSignoutDetails>(&details));

[Andrew T Wilson (Slow), 2012/11/08 13:43:54]

I'm not a huge fan of having this extra notification.

Instead, can we just move the calls to ResetCredentialsInMemory() and
EraseTokensFromDB() below until *after* GOOGLE_SIGNED_OUT is called?

Also, what if we change TokenService to invalidate its oauth login token when
the user logs out (as I think has been discussed) - will that impact services
that now rely on access tokens living past the logout process?

Finally, if that service has a cached access token, won't it do something like
this:

1) Get GOOGLE_SIGNED_OUT
2) Try using the access token (async network call)
3) TokenService blows away tokens
4) Server returns "token expired" error
5) Service tries to mint a new access token, but TokenService no longer has a
login token due to step #3, so it can't.

This attempt to hit the server after logout seems destined to be pretty
unreliable - so much so that I am unconvinced we should be doing it.

I don't see a downside to clearing the tokens post-notification, though, even
though I don't think your intended use is valid.

   ClearTransientSigninData();
   authenticated_username_.clear();
   profile_->GetPrefs()->ClearPref(prefs::kGoogleServicesUsername);
   profile_->GetPrefs()->ClearPref(prefs::kIsGooglePlusUser);
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   token_service->ResetCredentialsInMemory();
   token_service->EraseTokensFromDB();
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNED_OUT,
       content::Source<Profile>(profile_),
@@ skipping 166 matching lines @@
 void SigninManager::OnPreferenceChanged(PrefServiceBase* service,
                                         const std::string& pref_name) {
   DCHECK_EQ(std::string(prefs::kGoogleServicesUsernamePattern), pref_name);
   if (!authenticated_username_.empty() &&
       !IsAllowedUsername(authenticated_username_)) {
     // Signed in user is invalid according to the current policy so sign
     // the user out.
     SignOut();
   }
 }