OAuth2 sign-in flow for ChromeOS

chrome/browser/signin/token_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/token_service.h"
 
 #include "base/basictypes.h"
 #include "base/command_line.h"
 #include "base/string_util.h"
 #include "chrome/browser/prefs/pref_service.h"
@@ skipping 95 matching lines @@
 // store tokens and fetch them.  Move the key-value storage out of
 // token_service, and leave the token fetching in token_service.
 
 void TokenService::AddAuthTokenManually(const std::string& service,
                                         const std::string& auth_token) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   VLOG(1) << "Got an authorization token for " << service;
   token_map_[service] = auth_token;
   FireTokenAvailableNotification(service, auth_token);
   SaveAuthTokenToDB(service, auth_token);
+
+#if defined(OS_CHROMEOS)
+  // We don't ever want to fetch OAuth2 tokens from LSO service token in case
+  // when ChromeOS is in forced OAuth2 use mode. OAuth2 token should only
+  // arrive into token service exclusively through UpdateCredentialsWithOAuth2.
+  if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceOAuth1))
+    return;
+#endif
+
   // If we got ClientLogin token for "lso" service, and we don't already have
   // OAuth2 tokens, start fetching OAuth2 login scoped token pair.
   if (service == GaiaConstants::kLSOService && !HasOAuthLoginToken()) {
     int index = GetServiceIndex(service);
     CHECK_GE(index, 0);
     fetchers_[index]->StartLsoForOAuthLoginTokenExchange(auth_token);
   }
 }
 
 
@@ skipping 29 matching lines @@
     fetchers_[i].reset();
   }
 
   // Notify AboutSigninInternals that a new lsid and sid are available.
   FOR_DIAGNOSTICS_OBSERVERS(NotifySigninValueChanged(
       signin_internals_util::SID, credentials.sid));
   FOR_DIAGNOSTICS_OBSERVERS(NotifySigninValueChanged(LSID, credentials.lsid));
 }
 
 void TokenService::UpdateCredentialsWithOAuth2(
-    const GaiaAuthConsumer::ClientOAuthResult& credentials) {
-  // Will be implemented once the ClientOAuth signin is complete.  Not called
-  // yet by any code.
-  NOTREACHED();
+    const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) {
+  SaveOAuth2Credentials(oauth2_tokens);
 }
 
 void TokenService::LoadTokensFromDB() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   if (web_data_service_.get())
     token_loading_query_ = web_data_service_->GetAllTokens(this);
 }
 
 void TokenService::SaveAuthTokenToDB(const std::string& service,
                                      const std::string& auth_token) {
@@ skipping 70 matching lines @@
     // Note map[key] is not const.
     return (*token_map_.find(service)).second;
   }
   return EmptyString();
 }
 
 bool TokenService::HasOAuthLoginToken() const {
   return HasTokenForService(GaiaConstants::kGaiaOAuth2LoginRefreshToken);
 }
 
+bool TokenService::HasOAuthLoginAccessToken() const {
+  return HasTokenForService(GaiaConstants::kGaiaOAuth2LoginAccessToken);
+}
+
 const std::string& TokenService::GetOAuth2LoginRefreshToken() const {
   return GetTokenForService(GaiaConstants::kGaiaOAuth2LoginRefreshToken);
 }
 
 const std::string& TokenService::GetOAuth2LoginAccessToken() const {
   return GetTokenForService(GaiaConstants::kGaiaOAuth2LoginAccessToken);
 }
 
 // static
 void TokenService::GetServiceNamesForTesting(std::vector<std::string>* names) {
@@ skipping 67 matching lines @@
   LOG(WARNING) << "Auth token issuing failed for service:" << service
                << ", error: " << error.ToString();
   FOR_DIAGNOSTICS_OBSERVERS(
       NotifyTokenReceivedFailure(service, error.ToString()));
   FireTokenRequestFailedNotification(service, error);
 }
 
 void TokenService::OnClientOAuthSuccess(const ClientOAuthResult& result) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   VLOG(1) << "Got OAuth2 login token pair";
+  SaveOAuth2Credentials(result);
+}
+
+void TokenService::SaveOAuth2Credentials(const ClientOAuthResult& result) {
   token_map_[GaiaConstants::kGaiaOAuth2LoginRefreshToken] =
       result.refresh_token;
   token_map_[GaiaConstants::kGaiaOAuth2LoginAccessToken] = result.access_token;
+  // Save refresh token only since access token is transient anyway.
   SaveAuthTokenToDB(GaiaConstants::kGaiaOAuth2LoginRefreshToken,
       result.refresh_token);
-  SaveAuthTokenToDB(GaiaConstants::kGaiaOAuth2LoginAccessToken,
-      result.access_token);
   // We don't save expiration information for now.
 
   FOR_DIAGNOSTICS_OBSERVERS(
       NotifyTokenReceivedSuccess(GaiaConstants::kGaiaOAuth2LoginAccessToken,
                                  result.access_token, true));
   FOR_DIAGNOSTICS_OBSERVERS(
       NotifyTokenReceivedSuccess(GaiaConstants::kGaiaOAuth2LoginRefreshToken,
                                  result.refresh_token, true));
 
   FireTokenAvailableNotification(GaiaConstants::kGaiaOAuth2LoginRefreshToken,
@@ skipping 108 matching lines @@
 
 void TokenService::AddSigninDiagnosticsObserver(
     SigninDiagnosticsObserver* observer) {
   signin_diagnostics_observers_.AddObserver(observer);
 }
 
 void TokenService::RemoveSigninDiagnosticsObserver(
     SigninDiagnosticsObserver* observer) {
   signin_diagnostics_observers_.RemoveObserver(observer);
 }