revoke unused OAuth2 tokens on signout

chrome/browser/signin/signin_manager.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // The signin manager encapsulates some functionality tracking
 // which user is signed in. When a user is signed in, a ClientLogin
 // request is run on their behalf. Auth tokens are fetched from Google
 // and the results are stored in the TokenService.
 //
 // **NOTE** on semantics of SigninManager:
@@ skipping 167 matching lines @@
   // ever show it again in this profile (even if the user tries a new account).
   static void DisableOneClickSignIn(Profile* profile);
 
   // GaiaAuthConsumer
   virtual void OnClientLoginSuccess(const ClientLoginResult& result) OVERRIDE;
   virtual void OnClientLoginFailure(
       const GoogleServiceAuthError& error) OVERRIDE;
   virtual void OnClientOAuthSuccess(const ClientOAuthResult& result) OVERRIDE;
   virtual void OnClientOAuthFailure(
       const GoogleServiceAuthError& error) OVERRIDE;
+  virtual void OnOAuth2RevokeTokenCompleted() OVERRIDE;
   virtual void OnGetUserInfoSuccess(const UserInfoMap& data) OVERRIDE;
   virtual void OnGetUserInfoFailure(
       const GoogleServiceAuthError& error) OVERRIDE;
 
   // UbertokenConsumer
   virtual void OnUbertokenSuccess(const std::string& token) OVERRIDE;
   virtual void OnUbertokenFailure(const GoogleServiceAuthError& error) OVERRIDE;
 
   // content::NotificationObserver
   virtual void Observe(int type,
@@ skipping 77 matching lines @@
   // Will clear in memory data but leaves the db as such so when the browser
   // restarts we can use the old token(which might throw a password error).
   void ClearTransientSigninData();
 
   // Called to handle an error from a GAIA auth fetch.  Sets the last error
   // to |error|, sends out a notification of login failure, and clears the
   // transient signin data if |clear_transient_data| is true.
   void HandleAuthError(const GoogleServiceAuthError& error,
                        bool clear_transient_data);
 
+  // Called to tell GAIA that we will no longer be using the current refresh
+  // token.
+  void RevokeOAuthLoginToken();
+
 #if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
   // Callback invoked once policy registration is complete. If registration
   // fails, |client| will be null.
   void OnRegisteredForPolicy(scoped_ptr<policy::CloudPolicyClient> client);
 
   // Callback invoked when a policy fetch request has completed. |success| is
   // true if policy was successfully fetched.
   void OnPolicyFetchComplete(bool success);
 
   // Called to create a new profile, which is then signed in with the
@@ skipping 38 matching lines @@
 
   // Actual client login handler.
   scoped_ptr<GaiaAuthFetcher> client_login_;
 
   // Registrar for notifications from the TokenService.
   content::NotificationRegistrar registrar_;
 
   // UbertokenFetcher to login to user to the web property.
   scoped_ptr<UbertokenFetcher> ubertoken_fetcher_;
 
+  // OAuth revocation fetcher for sign outs.
+  scoped_ptr<GaiaAuthFetcher> revoke_token_fetcher_;
+
   // Helper object to listen for changes to signin preferences stored in non-
   // profile-specific local prefs (like kGoogleServicesUsernamePattern).
   PrefChangeRegistrar local_state_pref_registrar_;
 
   // Helper object to listen for changes to the signin allowed preference.
   BooleanPrefMember signin_allowed_;
 
   // Actual username after successful authentication.
   std::string authenticated_username_;
 
@@ skipping 20 matching lines @@
 #if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
   // CloudPolicyClient reference we keep while determining whether to create
   // a new profile for an enterprise user or not.
   scoped_ptr<policy::CloudPolicyClient> policy_client_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(SigninManager);
 };
 
 #endif  // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_