Identity API: Add token cache and identity.invalidateAuthToken.

chrome/browser/extensions/api/identity/identity_apitest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/extensions/api/identity/identity_api.h"
 #include "chrome/browser/extensions/api/identity/web_auth_flow.h"
 #include "chrome/browser/extensions/extension_apitest.h"
 #include "chrome/browser/extensions/extension_browsertest.h"
 #include "chrome/browser/extensions/extension_function_test_utils.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_window.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/extensions/api/identity/oauth2_manifest_handler.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/test/test_utils.h"
+#include "extensions/common/id_util.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_mint_token_flow.h"
 #include "googleurl/src/gurl.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 using testing::_;
 using testing::Return;
 using testing::ReturnRef;
 
 namespace extensions {
 
 namespace {
 
 namespace errors = identity_constants;
 namespace utils = extension_function_test_utils;
 
 static const char kAccessToken[] = "auth_token";
+static const char kExtensionId[] = "ext_id";
 
 // This helps us be able to wait until an AsyncExtensionFunction calls
 // SendResponse.
 class SendResponseDelegate
     : public UIThreadExtensionFunction::DelegateForTests {
  public:
   SendResponseDelegate() : should_post_quit_(false) {}
 
   virtual ~SendResponseDelegate() {}
 
@@ skipping 101 matching lines @@
   }
 
   virtual void Start() OVERRIDE {
     switch (result_) {
       case ISSUE_ADVICE_SUCCESS: {
         IssueAdviceInfo info;
         delegate_->OnIssueAdviceSuccess(info);
         break;
       }
       case MINT_TOKEN_SUCCESS: {
-        delegate_->OnMintTokenSuccess(kAccessToken);
+        delegate_->OnMintTokenSuccess(kAccessToken, 3600);
         break;
       }
       case MINT_TOKEN_FAILURE: {
         GoogleServiceAuthError error(GoogleServiceAuthError::CONNECTION_FAILED);
         delegate_->OnMintTokenFailure(error);
         break;
       }
       case MINT_TOKEN_BAD_CREDENTIALS: {
         GoogleServiceAuthError error(
             GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
@@ skipping 94 matching lines @@
         OAuth2Info::GetOAuth2Info(ext));
     if ((fields_to_set & CLIENT_ID) != 0)
       oauth2_info.client_id = "client1";
     if ((fields_to_set & SCOPES) != 0) {
       oauth2_info.scopes.push_back("scope1");
       oauth2_info.scopes.push_back("scope2");
     }
     return ext;
   }
 
-  void InitializeTestAPIFactory() {
-    IdentityAPI::GetFactoryInstance()->SetTestingFactory(
-        browser()->profile(), &IdentityAPITestFactory);
+  IdentityAPI* id_api() {
+    return IdentityAPI::GetFactoryInstance()->GetForProfile(
+        browser()->profile());
   }
 };
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                        NoClientId) {
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
   func->set_extension(CreateExtension(SCOPES));
   std::string error = utils::RunFunctionAndReturnError(
       func.get(), "[{}]", browser());
   EXPECT_EQ(std::string(errors::kInvalidClientId), error);
@@ skipping 34 matching lines @@
       TestOAuth2MintTokenFlow::MINT_TOKEN_FAILURE, func.get());
   EXPECT_CALL(*func.get(), CreateMintTokenFlow(_)).WillOnce(Return(flow));
   std::string error = utils::RunFunctionAndReturnError(
       func.get(), "[{}]", browser());
   EXPECT_TRUE(StartsWithASCII(error, errors::kAuthFailure, false));
   EXPECT_FALSE(func->login_ui_shown());
   EXPECT_FALSE(func->install_ui_shown());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
+                       NonInteractiveMintAdviceSuccess) {
+  scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
+  scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
+  func->set_extension(extension);
+  EXPECT_CALL(*func.get(), HasLoginToken())
+      .WillOnce(Return(true));
+  TestOAuth2MintTokenFlow* flow = new TestOAuth2MintTokenFlow(
+      TestOAuth2MintTokenFlow::ISSUE_ADVICE_SUCCESS, func.get());
+  EXPECT_CALL(*func.get(), CreateMintTokenFlow(_)).WillOnce(Return(flow));
+  std::string error = utils::RunFunctionAndReturnError(
+      func.get(), "[{}]", browser());
+  EXPECT_TRUE(StartsWithASCII(error, errors::kNoGrant, false));
+  EXPECT_FALSE(func->login_ui_shown());
+  EXPECT_FALSE(func->install_ui_shown());
+
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_ADVICE,
+            id_api()->GetCachedToken(extension->id(),
+                                     oauth2_info.scopes).status());
+}
+
+IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                        NonInteractiveMintBadCredentials) {
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
   func->set_extension(CreateExtension(CLIENT_ID | SCOPES));
   EXPECT_CALL(*func.get(), HasLoginToken())
       .WillOnce(Return(true));
   TestOAuth2MintTokenFlow* flow = new TestOAuth2MintTokenFlow(
       TestOAuth2MintTokenFlow::MINT_TOKEN_BAD_CREDENTIALS, func.get());
   EXPECT_CALL(*func.get(), CreateMintTokenFlow(_)).WillOnce(Return(flow));
   std::string error = utils::RunFunctionAndReturnError(
       func.get(), "[{}]", browser());
   EXPECT_TRUE(StartsWithASCII(error, errors::kAuthFailure, false));
   EXPECT_FALSE(func->login_ui_shown());
   EXPECT_FALSE(func->install_ui_shown());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                        NonInteractiveSuccess) {
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
-  func->set_extension(CreateExtension(CLIENT_ID | SCOPES));
+  scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
+  func->set_extension(extension);
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
   EXPECT_CALL(*func.get(), HasLoginToken())
       .WillOnce(Return(true));
   TestOAuth2MintTokenFlow* flow = new TestOAuth2MintTokenFlow(
       TestOAuth2MintTokenFlow::MINT_TOKEN_SUCCESS, func.get());
   EXPECT_CALL(*func.get(), CreateMintTokenFlow(_)).WillOnce(Return(flow));
   scoped_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult(
       func.get(), "[{}]", browser()));
   std::string access_token;
   EXPECT_TRUE(value->GetAsString(&access_token));
   EXPECT_EQ(std::string(kAccessToken), access_token);
   EXPECT_FALSE(func->login_ui_shown());
   EXPECT_FALSE(func->install_ui_shown());
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_TOKEN,
+            id_api()->GetCachedToken(extension->id(),
+                                     oauth2_info.scopes).status());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                        InteractiveLoginCanceled) {
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
   func->set_extension(CreateExtension(CLIENT_ID | SCOPES));
   EXPECT_CALL(*func.get(), HasLoginToken()).WillOnce(Return(false));
   func->set_login_ui_result(false);
   std::string error = utils::RunFunctionAndReturnError(
       func.get(), "[{\"interactive\": true}]", browser());
@@ skipping 105 matching lines @@
   std::string error = utils::RunFunctionAndReturnError(
       func.get(), "[{\"interactive\": true}]", browser());
   EXPECT_TRUE(StartsWithASCII(error, errors::kAuthFailure, false));
   EXPECT_TRUE(func->login_ui_shown());
   EXPECT_TRUE(func->install_ui_shown());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                        InteractiveLoginSuccessApprovalDoneMintSuccess) {
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
-  func->set_extension(CreateExtension(CLIENT_ID | SCOPES));
+  scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
+  func->set_extension(extension);
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
   EXPECT_CALL(*func.get(), HasLoginToken())
       .WillOnce(Return(false));
   func->set_login_ui_result(true);
   TestOAuth2MintTokenFlow* flow1 = new TestOAuth2MintTokenFlow(
       TestOAuth2MintTokenFlow::ISSUE_ADVICE_SUCCESS, func.get());
   TestOAuth2MintTokenFlow* flow2 = new TestOAuth2MintTokenFlow(
       TestOAuth2MintTokenFlow::MINT_TOKEN_SUCCESS, func.get());
   EXPECT_CALL(*func.get(), CreateMintTokenFlow(_))
       .WillOnce(Return(flow1))
       .WillOnce(Return(flow2));
 
   func->set_install_ui_result(true);
   scoped_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult(
       func.get(), "[{\"interactive\": true}]", browser()));
   std::string access_token;
   EXPECT_TRUE(value->GetAsString(&access_token));
   EXPECT_EQ(std::string(kAccessToken), access_token);
   EXPECT_TRUE(func->login_ui_shown());
   EXPECT_TRUE(func->install_ui_shown());
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_TOKEN,
+            id_api()->GetCachedToken(extension->id(),
+                                     oauth2_info.scopes).status());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                        InteractiveApprovalAborted) {
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
   func->set_extension(CreateExtension(CLIENT_ID | SCOPES));
   EXPECT_CALL(*func.get(), HasLoginToken())
       .WillOnce(Return(true));
   TestOAuth2MintTokenFlow* flow = new TestOAuth2MintTokenFlow(
       TestOAuth2MintTokenFlow::ISSUE_ADVICE_SUCCESS, func.get());
@@ skipping 46 matching lines @@
 
   func->set_install_ui_result(true);
   std::string error = utils::RunFunctionAndReturnError(
       func.get(), "[{\"interactive\": true}]", browser());
   EXPECT_TRUE(StartsWithASCII(error, errors::kAuthFailure, false));
   EXPECT_FALSE(func->login_ui_shown());
   EXPECT_TRUE(func->install_ui_shown());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest, NoninteractiveQueue) {
-  InitializeTestAPIFactory();
   scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
   func->set_extension(extension);
 
   // Create a fake request to block the queue.
   const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
   std::set<std::string> scopes(oauth2_info.scopes.begin(),
                                oauth2_info.scopes.end());
   IdentityAPI* id_api =
       extensions::IdentityAPI::GetFactoryInstance()->GetForProfile(
@@ skipping 22 matching lines @@
 
   scoped_ptr<base::Value> value(WaitForSingleResult(func));
   std::string access_token;
   EXPECT_TRUE(value->GetAsString(&access_token));
   EXPECT_EQ(std::string(kAccessToken), access_token);
   EXPECT_FALSE(func->login_ui_shown());
   EXPECT_FALSE(func->install_ui_shown());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest, InteractiveQueue) {
-  InitializeTestAPIFactory();
   scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
   func->set_extension(extension);
 
   // Create a fake request to block the queue.
   const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
   std::set<std::string> scopes(oauth2_info.scopes.begin(),
                                oauth2_info.scopes.end());
   IdentityAPI* id_api =
       extensions::IdentityAPI::GetFactoryInstance()->GetForProfile(
@@ skipping 29 matching lines @@
   scoped_ptr<base::Value> value(WaitForSingleResult(func));
   std::string access_token;
   EXPECT_TRUE(value->GetAsString(&access_token));
   EXPECT_EQ(std::string(kAccessToken), access_token);
   EXPECT_FALSE(func->login_ui_shown());
   EXPECT_TRUE(func->install_ui_shown());
 }
 
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                        InteractiveQueuedNoninteractiveFails) {
-  InitializeTestAPIFactory();
   scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
   scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
   func->set_extension(extension);
 
   // Create a fake request to block the interactive queue.
   const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
   std::set<std::string> scopes(oauth2_info.scopes.begin(),
                                oauth2_info.scopes.end());
   IdentityAPI* id_api =
       extensions::IdentityAPI::GetFactoryInstance()->GetForProfile(
@@ skipping 11 matching lines @@
   EXPECT_CALL(*func.get(), HasLoginToken()).WillOnce(Return(true));
   std::string error = utils::RunFunctionAndReturnError(
       func.get(), "[{}]", browser());
   EXPECT_EQ(std::string(errors::kNoGrant), error);
   EXPECT_FALSE(func->login_ui_shown());
   EXPECT_FALSE(func->install_ui_shown());
 
   queue->RequestComplete(type, extension->id(), scopes, &queued_request);
 }
 
+IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
+                       NonInteractiveCacheHit) {
+  scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
+  scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
+  func->set_extension(extension);
+
+  // pre-populate the cache with a token
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
+  IdentityTokenCacheValue token(kAccessToken,
+                                base::TimeDelta::FromSeconds(3600));
+  id_api()->SetCachedToken(extension->id(), oauth2_info.scopes, token);
+
+  // Get a token. Should not require a GAIA request.
+  EXPECT_CALL(*func.get(), HasLoginToken())
+      .WillOnce(Return(true));
+  scoped_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult(
+      func.get(), "[{}]", browser()));
+  std::string access_token;
+  EXPECT_TRUE(value->GetAsString(&access_token));
+  EXPECT_EQ(std::string(kAccessToken), access_token);
+  EXPECT_FALSE(func->login_ui_shown());
+  EXPECT_FALSE(func->install_ui_shown());
+}
+
+IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
+                       NonInteractiveIssueAdviceCacheHit) {
+  scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
+  scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
+  func->set_extension(extension);
+
+  // pre-populate the cache with advice
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
+  IssueAdviceInfo info;
+  IdentityTokenCacheValue token(info);
+  id_api()->SetCachedToken(extension->id(), oauth2_info.scopes, token);
+
+  // Should return an error without a GAIA request.
+  EXPECT_CALL(*func.get(), HasLoginToken())
+      .WillOnce(Return(true));
+  std::string error = utils::RunFunctionAndReturnError(
+      func.get(), "[{}]", browser());
+  EXPECT_EQ(std::string(errors::kNoGrant), error);
+  EXPECT_FALSE(func->login_ui_shown());
+  EXPECT_FALSE(func->install_ui_shown());
+}
+
+IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
+                       InteractiveCacheHit) {
+  scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
+  scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
+  func->set_extension(extension);
+
+  // Create a fake request to block the queue.
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
+  std::set<std::string> scopes(oauth2_info.scopes.begin(),
+                               oauth2_info.scopes.end());
+  IdentityMintRequestQueue* queue = id_api()->mint_queue();
+  MockQueuedMintRequest queued_request;
+  IdentityMintRequestQueue::MintType type =
+      IdentityMintRequestQueue::MINT_TYPE_INTERACTIVE;
+
+  EXPECT_CALL(queued_request, StartMintToken(type)).Times(1);
+  queue->RequestStart(type, extension->id(), scopes, &queued_request);
+
+  // The real request will start processing, but wait in the queue behind
+  // the blocker.
+  EXPECT_CALL(*func.get(), HasLoginToken()).WillOnce(Return(true));
+  TestOAuth2MintTokenFlow* flow = new TestOAuth2MintTokenFlow(
+      TestOAuth2MintTokenFlow::ISSUE_ADVICE_SUCCESS, func.get());
+  EXPECT_CALL(*func.get(), CreateMintTokenFlow(_)).WillOnce(Return(flow));
+  RunFunctionAsync(func, "[{\"interactive\": true}]");
+
+  // Populate the cache with a token while the request is blocked.
+  IdentityTokenCacheValue token(kAccessToken,
+                                base::TimeDelta::FromSeconds(3600));
+  id_api()->SetCachedToken(extension->id(), oauth2_info.scopes, token);
+
+  // When we wake up the request, it returns the cached token without
+  // displaying a UI, or hitting GAIA.
+
+  queue->RequestComplete(type, extension->id(), scopes, &queued_request);
+
+  scoped_ptr<base::Value> value(WaitForSingleResult(func));
+  std::string access_token;
+  EXPECT_TRUE(value->GetAsString(&access_token));
+  EXPECT_EQ(std::string(kAccessToken), access_token);
+  EXPECT_FALSE(func->login_ui_shown());
+  EXPECT_FALSE(func->install_ui_shown());
+}
+
+IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
+                       LoginInvalidatesTokenCache) {
+  scoped_refptr<MockGetAuthTokenFunction> func(new MockGetAuthTokenFunction());
+  scoped_refptr<const Extension> extension(CreateExtension(CLIENT_ID | SCOPES));
+  func->set_extension(extension);
+
+  // pre-populate the cache with a token
+  const OAuth2Info& oauth2_info = OAuth2Info::GetOAuth2Info(extension);
+  IdentityTokenCacheValue token(kAccessToken,
+                                base::TimeDelta::FromSeconds(3600));
+  id_api()->SetCachedToken(extension->id(), oauth2_info.scopes, token);
+
+  // Because the user is not signed in, the token will be removed,
+  // and we'll hit GAIA for new tokens.
+  EXPECT_CALL(*func.get(), HasLoginToken())
+      .WillOnce(Return(false));
+  func->set_login_ui_result(true);
+  TestOAuth2MintTokenFlow* flow1 = new TestOAuth2MintTokenFlow(
+      TestOAuth2MintTokenFlow::ISSUE_ADVICE_SUCCESS, func.get());
+  TestOAuth2MintTokenFlow* flow2 = new TestOAuth2MintTokenFlow(
+      TestOAuth2MintTokenFlow::MINT_TOKEN_SUCCESS, func.get());
+  EXPECT_CALL(*func.get(), CreateMintTokenFlow(_))
+      .WillOnce(Return(flow1))
+      .WillOnce(Return(flow2));
+
+  func->set_install_ui_result(true);
+  scoped_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult(
+      func.get(), "[{\"interactive\": true}]", browser()));
+  std::string access_token;
+  EXPECT_TRUE(value->GetAsString(&access_token));
+  EXPECT_EQ(std::string(kAccessToken), access_token);
+  EXPECT_TRUE(func->login_ui_shown());
+  EXPECT_TRUE(func->install_ui_shown());
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_TOKEN,
+            id_api()->GetCachedToken(extension->id(),
+                                     oauth2_info.scopes).status());
+}
+
+class InvalidateAuthTokenFunctionTest : public ExtensionBrowserTest {
+ protected:
+  bool InvalidateDefaultToken() {
+    scoped_refptr<IdentityInvalidateAuthTokenFunction> func(
+        new IdentityInvalidateAuthTokenFunction);
+    func->set_extension(utils::CreateEmptyExtension(kExtensionId));
+    return utils::RunFunction(
+        func, std::string("[{\"token\": \"") + kAccessToken + "\"}]", browser(),
+        extension_function_test_utils::NONE);
+  }
+
+  IdentityAPI* id_api() {
+    return IdentityAPI::GetFactoryInstance()->GetForProfile(
+        browser()->profile());
+  }
+
+  void SetCachedToken(IdentityTokenCacheValue& token_data) {
+    id_api()->SetCachedToken(extensions::id_util::GenerateId(kExtensionId),
+                             std::vector<std::string>(), token_data);
+  }
+
+  const IdentityTokenCacheValue& GetCachedToken() {
+    return id_api()->GetCachedToken(
+        extensions::id_util::GenerateId(kExtensionId),
+        std::vector<std::string>());
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(InvalidateAuthTokenFunctionTest, NotFound) {
+  EXPECT_TRUE(InvalidateDefaultToken());
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_NOTFOUND,
+            GetCachedToken().status());
+}
+
+IN_PROC_BROWSER_TEST_F(InvalidateAuthTokenFunctionTest, Advice) {
+  IssueAdviceInfo info;
+  IdentityTokenCacheValue advice(info);
+  SetCachedToken(advice);
+  EXPECT_TRUE(InvalidateDefaultToken());
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_ADVICE,
+            GetCachedToken().status());
+}
+
+IN_PROC_BROWSER_TEST_F(InvalidateAuthTokenFunctionTest, NonMatchingToken) {
+  IdentityTokenCacheValue token("non_matching_token",
+                                base::TimeDelta::FromSeconds(3600));
+  SetCachedToken(token);
+  EXPECT_TRUE(InvalidateDefaultToken());
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_TOKEN,
+            GetCachedToken().status());
+  EXPECT_EQ("non_matching_token", GetCachedToken().token());
+}
+
+IN_PROC_BROWSER_TEST_F(InvalidateAuthTokenFunctionTest, MatchingToken) {
+  IdentityTokenCacheValue token(kAccessToken,
+                                base::TimeDelta::FromSeconds(3600));
+  SetCachedToken(token);
+  EXPECT_TRUE(InvalidateDefaultToken());
+  EXPECT_EQ(IdentityTokenCacheValue::CACHE_STATUS_NOTFOUND,
+            GetCachedToken().status());
+}
+
 class LaunchWebAuthFlowFunctionTest : public AsyncExtensionBrowserTest {
  protected:
   void RunAndCheckBounds(
       const std::string& extra_params,
       int expected_x,
       int expected_y,
       int expected_width,
       int expected_height) {
     content::WindowedNotificationObserver observer(
         chrome::NOTIFICATION_BROWSER_WINDOW_READY,
@@ skipping 151 matching lines @@
       "https://abcdefghij.chromiumapp.org/callback#test')</script>\"}]",
       browser()));
 
   std::string url;
   EXPECT_TRUE(value->GetAsString(&url));
   EXPECT_EQ(std::string("https://abcdefghij.chromiumapp.org/callback#test"),
             url);
 }
 
 }  // namespace extensions