Blimp OAuth2 token retreival on application start up.

blimp/client/core/authenticator.cc

Index: blimp/client/core/authenticator.cc
diff --git a/blimp/client/core/authenticator.cc b/blimp/client/core/authenticator.cc
new file mode 100644
index 0000000000000000000000000000000000000000..5ebd467acfc2dcead22cd7c9fa2b7e203d43867f
--- /dev/null
+++ b/blimp/client/core/authenticator.cc
@@ -0,0 +1,93 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "blimp/client/core/authenticator.h"
+
+namespace blimp {
+namespace client {
+
+// OAuth2 token scope.
+const char kOAuth2TokenScope[] =

[nyquist, 2016/08/10 01:20:33]

This should be in an anonymous namespace.

[xingliu, 2016/08/10 21:03:14]

Done.

+    "https://www.googleapis.com/auth/userinfo.email";
+
+Authenticator::Authenticator(
+    std::unique_ptr<IdentityProvider> identity_provider)
+              : OAuth2TokenService::Consumer("blimp_client"),
+                identity_provider_(std::move(identity_provider)) {
+  DCHECK(identity_provider_);
+
+  identity_provider_->AddObserver(this);
+}
+
+Authenticator::~Authenticator() {
+    identity_provider_->RemoveActiveAccountRefreshTokenObserver(this);
+    identity_provider_->RemoveObserver(this);
+}
+
+void Authenticator::Connect() {
+  const std::string& account_id = identity_provider_->GetActiveAccountId();
+
+  // User must sign in first.
+  if (account_id.empty()) {
+    return;

[nyquist, 2016/08/10 01:20:33]

For now, maybe at least log?
But I'm thinking that maybe that this should inform the
BlimpClientContextDelegate about this state?

[xingliu, 2016/08/10 21:03:14]

Added VLOG, moved this to delegate's OnError

+  }
+
+  account_id_ = account_id;
+  FetchAuthToken();
+}
+
+void Authenticator::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const base::Time& expiration_time) {
+
+  token_request_.reset();
+
+  // TODO(xingliu): Use the token in assignment source.
+}
+
+// Fail to get the token after retries attempts in native layer and Java layer.
+void Authenticator::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  token_request_.reset();
+
+  // TODO(xingliu): Alert the user in UI.

[nyquist, 2016/08/10 01:20:33]

Like above, I think this could call out to the delegate for now. Then maybe you
could move this TODO up to the ChromeBlimpClientContextDelegate in //chrome?

[xingliu, 2016/08/10 21:03:14]

Done.

+  // There is an known issue that when Android layer fires
+  // OnRefreshTokenAvailable to listeners, ProfileOAuth2TokenService will
+  // revoke all refresh tokens, cancel request and bypass the
+  // retry mechanism in native code and call this function with
+  // GoogleServiceAuthError.REQUEST_CANCELED.
+}
+
+void Authenticator::OnRefreshTokenAvailable(const std::string& account_id) {

[nyquist, 2016/08/10 01:20:33]

Is there any requirement to when this is created? As in, when you're adding
yourself as an observer, will you automatically get a callback, if the call has
already gone out?

[xingliu, 2016/08/10 21:03:14]

This is added only when no refresh token. If we have refresh token, then
directly start to fetch instead of listening this. No automatic callback in this
case.

+  if (account_id != account_id_)

[nyquist, 2016/08/10 01:20:33]

I think we should be consistent about using { or not. In chromium in general we
do not use them, but for //blimp we should use {} to be consistent for
one-liners like this.

[xingliu, 2016/08/10 21:03:14]

Done.

+    return;
+
+  identity_provider_->RemoveActiveAccountRefreshTokenObserver(this);
+  FetchAuthToken();
+}
+
+void Authenticator::OnActiveAccountLogin() {
+}
+
+void Authenticator::OnActiveAccountLogout() {
+}
+
+void Authenticator::FetchAuthToken() {
+  OAuth2TokenService* token_service = identity_provider_->GetTokenService();
+  DCHECK(token_service);
+
+  if (token_service->RefreshTokenIsAvailable(account_id_)) {
+      OAuth2TokenService::ScopeSet scopes;
+      scopes.insert(kOAuth2TokenScope);
+      token_request_ = token_service->StartRequest(
+          account_id_, scopes, this);
+    } else {

[nyquist, 2016/08/10 01:20:33]

I think something happened to the indent here? You should be able to just run
'git cl format' before you upload, and such things magically go away :-)

[xingliu, 2016/08/10 21:03:14]

Oh, that's cool.

+      identity_provider_->AddActiveAccountRefreshTokenObserver(this);
+    }
+}
+
+}  // namespace client
+}  // namespace blimp