Upstream iOS implementation of ProfileOAuth2TokenService

components/signin/ios/browser/profile_oauth2_token_service_ios.h

Index: components/signin/ios/browser/profile_oauth2_token_service_ios.h
diff --git a/components/signin/ios/browser/profile_oauth2_token_service_ios.h b/components/signin/ios/browser/profile_oauth2_token_service_ios.h
new file mode 100644
index 0000000000000000000000000000000000000000..860edcf5cb62f0f26d24c94f3837ec84dcf2bfc1
--- /dev/null
+++ b/components/signin/ios/browser/profile_oauth2_token_service_ios.h
@@ -0,0 +1,163 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
+#define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
+
+#include <string>
+
+#include "base/threading/thread_checker.h"
+#include "components/signin/core/browser/mutable_profile_oauth2_token_service.h"
+
+class OAuth2AccessTokenFetcher;
+
+namespace ios{
+class ProfileOAuth2TokenServiceIOSProvider;
+}
+
+// A specialization of ProfileOAuth2TokenService for OS_IOS. It fetches access
+// tokens from the SSOAuth library if the user is signed in using shared
+// authentication or defaults to the parent class
+// |MutableProfileOAuth2TokenService| for pre-SSO signed in users.
+//
+// See |ProfileOAuth2TokenService| for usage details.
+class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService {
+ public:
+  virtual ~ProfileOAuth2TokenServiceIOS();
+
+  // KeyedService
+  virtual void Shutdown() OVERRIDE;
+
+  // OAuth2TokenService
+  virtual bool RefreshTokenIsAvailable(
+      const std::string& account_id) const OVERRIDE;
+
+  virtual void InvalidateOAuth2Token(const std::string& account_id,
+                                     const std::string& client_id,
+                                     const ScopeSet& scopes,
+                                     const std::string& access_token) OVERRIDE;
+
+  // ProfileOAuth2TokenService
+  virtual void Initialize(SigninClient* client) OVERRIDE;
+  virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE;
+  virtual std::vector<std::string> GetAccounts() OVERRIDE;
+  virtual void UpdateAuthError(const std::string& account_id,
+                               const GoogleServiceAuthError& error) OVERRIDE;
+
+  // This method should not be called when using shared authentication.
+  virtual void UpdateCredentials(const std::string& account_id,
+                                 const std::string& refresh_token) OVERRIDE;
+
+  // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
+  // however, it does not revoke the identities from the device.
+  // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
+  virtual void RevokeAllCredentials() OVERRIDE;
+
+  // Returns the refresh token for |account_id| .
+  // Must only be called when |ShouldUseIOSSharedAuthentication| returns false.
+  std::string GetRefreshTokenWhenNotUsingSharedAuthentication(
+      const std::string& account_id);
+
+  // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
+  // each new account. Fires |OnRefreshTokenRevoked| for each account that was
+  // removed.
+  void ReloadCredentials();
+
+  // Upgrades to using shared authentication token service.
+  //
+  // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token
+  // service, then this call also revokes all tokens from the parent
+  // |MutableProfileOAuth2TokenService|.
+  void StartUsingSharedAuthentication();
+
+  // Sets |use_legacy_token_service_| to |use_legacy_token_service|.
+  //
+  // Should only be called for testing.
+  void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service);
+
+  // Revokes the OAuth2 refresh tokens for all accounts from the parent
+  // |MutableProfileOAuth2TokenService|.
+  //
+  // Note: This method should only be called if the legacy pre-SSOAuth token
+  // service is used.
+  void ForceInvalidGrantResponses();
+
+ protected:
+  friend class ProfileOAuth2TokenServiceFactory;
+
+  ProfileOAuth2TokenServiceIOS();
+
+  virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
+      const std::string& account_id,
+      net::URLRequestContextGetter* getter,
+      OAuth2AccessTokenConsumer* consumer) OVERRIDE;
+
+  // Protected and virtual to be overriden by fake for testing.
+
+  // Adds |account_id| to |accounts_| if it does not exist or udpates
+  // the auth error state of |account_id| if it exists. Fires
+  // |OnRefreshTokenAvailable| if the account info is updated.
+  virtual void AddOrUpdateAccount(const std::string& account_id);
+
+  // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
+  // if the account info is removed.
+  virtual void RemoveAccount(const std::string& account_id);
+
+ private:
+  class AccountInfo : public SigninErrorController::AuthStatusProvider {
+   public:
+    AccountInfo(ProfileOAuth2TokenService* token_service,
+                const std::string& account_id);
+    virtual ~AccountInfo();
+
+    void SetLastAuthError(const GoogleServiceAuthError& error);
+
+    // SigninErrorController::AuthStatusProvider implementation.
+    virtual std::string GetAccountId() const OVERRIDE;
+    virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
+
+   private:
+    ProfileOAuth2TokenService* token_service_;
+    std::string account_id_;
+    GoogleServiceAuthError last_auth_error_;
+
+    DISALLOW_COPY_AND_ASSIGN(AccountInfo);
+  };

[Roger Tawa OOO till Jul 10th, 2014/04/10 15:04:08]

Is the only reason to duplicate this class here is because the one in MO2TS has
a refresh token member, and here we don't?

[msarda, 2014/04/10 15:13:36]

You are pretty much true, but I think this is just an implementation detail.
This may diverge in the long run.

+
+  // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
+  // to information about the account.
+  typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
+
+  // MutableProfileOAuth2TokenService
+  virtual std::string GetRefreshToken(
+      const std::string& account_id) const OVERRIDE;
+
+  // Returns the iOS provider;
+  ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
+
+  // Info about the existing accounts.
+  AccountInfoMap accounts_;

[Roger Tawa OOO till Jul 10th, 2014/04/10 15:04:08]

Are all the following true?
|accounts_| is only used when use_legacy_token_service_== false.
When we switch from legacy to non-legacy, we always revoke all creds first.
Chrome does not allow switching from non-legacy to legacy.

[msarda, 2014/04/10 15:13:36]

True.
True. This is done in the iOS downstream call though, so it is not visible on
the .
True. The method that can change use_legacy_token_service_ is 
StartUsingSharedAuthentication which is from legacy to non-legacy.

+
+  // Calls to this class are expected to be made from the browser UI thread.
+  // The purpose of this  this checker is to warn us if the upstream usage of
+  // ProfileOAuth2TokenService ever gets changed to have it be used across
+  // multiple threads.
+  base::ThreadChecker thread_checker_;
+
+  // Whether to use the legacy pre-SSOAuth token service.
+  //
+  // |use_legacy_token_service_| is true iff the provider is not using shared
+  // authentication during |LoadCredentials|. Note that |LoadCredentials| is
+  // called exactly once after the PO2TS initialization iff the user is signed
+  // in.
+  //
+  // If |use_legacy_token_service_| is true, then this
+  // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent
+  // |MutableProfileOAuth2TokenService|.
+  bool use_legacy_token_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
+};
+
+#endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_