OAuth2 sign-in flow for ChromeOS

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 112 matching lines @@
     profile->GetPrefs()->ClearPref(prefs::kGoogleServicesUsername);
 
   std::string user = profile_->GetPrefs()->GetString(
       prefs::kGoogleServicesUsername);
   if (!user.empty())
     SetAuthenticatedUsername(user);
   // TokenService can be null for unit tests.
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   if (token_service) {
     token_service->Initialize(GaiaConstants::kChromeSource, profile_);
+    // ChromeOS will kick off TokenService::LoadTokensFromDB from
+    // OAuthLoginManager once the rest of the Profile is fully initialized.
+    // Starting it from here would cause OAuthLoginManager mismatch the origin
+    // of OAuth2 tokens.
+#if !defined(OS_CHROMEOS)

[tim (not reviewing), 2013/01/15 02:36:34]

fwiw, we've been trying to get rid of ifdefs like this in this code due to the
subtle behavior differences / bugs that have cropped up, and test
cumbersomeness, but I suppose there's no way around it at the moment.  

It'd be nice if we could factor out the cros specificness into a separate class
or delegate some day, so TokenService & SigninManager (and in general, "the code
responsible for getting auth tokens") are less fragmented.

It'd also be nice to hook things up to about:signin.  We had an intern working
on parts of this for Chrome OS, although the patch never did land
(https://codereview.chromium.org/11618024/)

     if (!authenticated_username_.empty()) {
       token_service->LoadTokensFromDB();
     }
+#endif
   }
   if (!user.empty() && !IsAllowedUsername(user)) {
     // User is signed in, but the username is invalid - the administrator must
     // have changed the policy since the last signin, so sign out the user.
     SignOut();
   }
 }
 
 bool SigninManager::IsInitialized() const {
   return profile_ != NULL;
@@ skipping 401 matching lines @@
   DisableOneClickSignIn(profile_);  // Don't ever offer again.
 
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   token_service->UpdateCredentials(last_result_);
   DCHECK(token_service->AreCredentialsValid());
   token_service->StartFetchingTokens();
 
   // If we have oauth2 tokens, tell token service about them so it does not
   // need to fetch them again.
   if (!temp_oauth_login_tokens_.refresh_token.empty()) {
-    token_service->OnClientOAuthSuccess(temp_oauth_login_tokens_);
+    token_service->UpdateCredentialsWithOAuth2(temp_oauth_login_tokens_);
     temp_oauth_login_tokens_ = ClientOAuthResult();
   }
 }
 
 void SigninManager::OnGetUserInfoFailure(const GoogleServiceAuthError& error) {
   LOG(ERROR) << "Unable to retreive the canonical email address. Login failed.";
   NotifyDiagnosticsObservers(GET_USER_INFO_STATUS, error.ToString());
   // REVIEW: why does this call OnClientLoginFailure?
   OnClientLoginFailure(error);
 }
@@ skipping 58 matching lines @@
                     NotifySigninValueChanged(field, value));
 }
 
 void SigninManager::NotifyDiagnosticsObservers(
     const TimedSigninStatusField& field,
     const std::string& value) {
   FOR_EACH_OBSERVER(SigninDiagnosticsObserver,
                     signin_diagnostics_observers_,
                     NotifySigninValueChanged(field, value));
 }