Host-side third party token validation

remoting/protocol/third_party_host_authenticator.h

Index: remoting/protocol/third_party_host_authenticator.h
diff --git a/remoting/protocol/third_party_host_authenticator.h b/remoting/protocol/third_party_host_authenticator.h
index b72ac054b13d37af1a391ba89cb23078ec32a312..6aeb1f74dfdffd59707b4acaf1766044dade8989 100644
--- a/remoting/protocol/third_party_host_authenticator.h
+++ b/remoting/protocol/third_party_host_authenticator.h
@@ -8,6 +8,7 @@
 #include <string>
 
 #include "base/callback.h"
+#include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "googleurl/src/gurl.h"
 #include "remoting/protocol/third_party_authenticator_base.h"
@@ -54,6 +55,22 @@ class ThirdPartyHostAuthenticator : public ThirdPartyAuthenticatorBase {
     virtual const std::string& token_scope() const = 0;
   };
 
+  class TokenValidatorFactory : public base::RefCounted<TokenValidatorFactory> {
+   public:
+    // Creates a TokenValidator. |local_jid| and |remote_jid| are used to create
+    // a token scope that is restricted to the current connection's JIDs.
+    virtual scoped_ptr<TokenValidator> CreateTokenValidator(
+        const std::string& local_jid,
+        const std::string& remote_jid) = 0;
+
+    // Returns true if third party authentication is enabled for this host.
+    virtual bool is_enabled() const = 0;
+
+   protected:
+    friend class base::RefCounted<TokenValidatorFactory>;
+    virtual ~TokenValidatorFactory() {}
+  };
+
   // Creates a third-party host authenticator. |local_cert| and |key_pair| are
   // used by the underlying V2Authenticator to create the SSL channels.
   // |token_validator| contains the token parameters to be sent to the client