revoke unused OAuth2 tokens on signout

chrome/browser/signin/signin_manager.cc

Index: chrome/browser/signin/signin_manager.cc
diff --git a/chrome/browser/signin/signin_manager.cc b/chrome/browser/signin/signin_manager.cc
index 18a41dfd68bc512be87a0316bceef751cc661da5..a8bc0819236676b11e3c04a912e79461d105ce5e 100644
--- a/chrome/browser/signin/signin_manager.cc
+++ b/chrome/browser/signin/signin_manager.cc
@@ -328,6 +328,7 @@ bool SigninManager::PrepareForSignin(SigninType type,
   // need to try again, but take care to leave state around tracking that the
   // user has successfully signed in once before with this username, so that on
   // restart we don't think sync setup has never completed.
+  RevokeOAuthLoginToken();

[tim (not reviewing), 2013/03/29 22:41:25]

Note that as of M26+ we won't actually go through this
StartSignin/PrepareForSignin flow. This path is only used for client-login. 
(Anecdotally https://codereview.chromium.org/12502017/ will remove it from
chrome os altogether).

OneClickSigninHelper has most of the code responsible for the new flows. A fair
chunk of that should likely be moved to SigninManager since that is now the
primary signin flow, but for now it still lives there.  Roger, do you know where
we should put this revocation code?

[Roger Tawa OOO till Jul 10th, 2013/03/31 18:16:30]

All sign in flows go through PrepareForSignin(), so putting code here will run
in M26+.

   ClearTransientSigninData();
   type_ = type;
   possibly_invalid_username_.assign(username);
@@ -558,10 +559,27 @@ void SigninManager::SignOut() {
       chrome::NOTIFICATION_GOOGLE_SIGNED_OUT,
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceSignoutDetails>(&details));
+  RevokeOAuthLoginToken();
   token_service->ResetCredentialsInMemory();
   token_service->EraseTokensFromDB();
 }
 
+void SigninManager::RevokeOAuthLoginToken() {
+  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
+  if (token_service->HasOAuthLoginToken()) {
+    revoke_token_fetcher_.reset(
+        new GaiaAuthFetcher(this,
+                            GaiaConstants::kChromeSource,
+                            profile_->GetRequestContext()));
+    revoke_token_fetcher_->StartRevokeOAuth2Token(
+        token_service->GetOAuth2LoginRefreshToken());
+  }
+}
+
+void SigninManager::OnOAuth2RevokeTokenCompleted() {
+  revoke_token_fetcher_.reset(NULL);
+}
+
 bool SigninManager::AuthInProgress() const {
   return !possibly_invalid_username_.empty();
 }