Signin/OAuth: Create an AccessTokenFetcher helper class

components/signin/core/browser/access_token_fetcher.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/signin/core/browser/access_token_fetcher.h"
+
+#include <utility>
+
+#include "base/logging.h"
+#include "base/threading/thread_task_runner_handle.h"
+#include "components/signin/core/browser/signin_manager_base.h"
+#include "google_apis/gaia/google_service_auth_error.h"
+
+AccessTokenFetcher::AccessTokenFetcher(
+    const std::string& oauth_consumer_name,
+    SigninManagerBase* signin_manager,
+    OAuth2TokenService* token_service,
+    const OAuth2TokenService::ScopeSet& scopes,
+    const TokenCallback& callback)
+    : OAuth2TokenService::Consumer(oauth_consumer_name),
+      signin_manager_(signin_manager),
+      token_service_(token_service),
+      scopes_(scopes),
+      callback_(callback),
+      waiting_for_sign_in_(false),
+      waiting_for_refresh_token_(false),
+      access_token_retried_(false),
+      weak_ptr_factory_(this) {
+  Start();
+}
+
+AccessTokenFetcher::~AccessTokenFetcher() {
+  if (waiting_for_sign_in_) {
+    signin_manager_->RemoveObserver(this);
+  }
+  if (waiting_for_refresh_token_) {
+    token_service_->RemoveObserver(this);
+  }
+}
+
+void AccessTokenFetcher::Start() {
+  if (signin_manager_->IsAuthenticated()) {
+    // Already signed in: Make sure we have a refresh token, then get the access
+    // token.
+    WaitForRefreshToken();

[msarda, 2017/01/23 17:08:09]

AuthInProgress is a state that I think we should ignore when we plan to fetch
access tokens:
* On mobile (iOS and Android), this does not exist
* On desktop, this is basically the state between the user finishing signing in
with Gaia and the state that sync is started.

I would basically avoid treating the auth in progress state different than
unauthenticated case for the following reason:  if the service starts fetching
access tokens at random moments, than it basically relies on chance to start
when auth is in progress.

I see 2 options to use the AccessTokenFetcher:
1. A service would listen for GoogleSignedIn events and then would start
fetching access tokens using this fetcher.
2. A service wants to get an access token soon after the user signs in. In this
case, this fetcher should listen for GoogleSignedIn and then start fetching an
access token (this means removing RunCallbackNotSignedIn).

[Marc Treib, 2017/01/24 10:17:33]

Ah, I didn't know that! I only knew about ChromeOS.
Okay, I see your reasoning. I removed the AuthInProgress handling.
Hm. I was hoping that clients wouldn't have to worry about sign-in state, and
could just rely on the Fetcher to return an empty token in the not-signed-in
case. But I guess that makes the API for the Fetcher too weird. And it's not
that much of a hassle to listen for signed-in events anyway. So, done.

[Marc Treib, 2017/01/25 14:35:43]

Reviving an old comment thread: Are you positive that AuthInProgress doesn't
exist on Android?
The reason I'm asking is: One of the future clients of this class (which is used
on Android only) does handle the AuthInProgress case, and I'd like to believe
there was some reason for adding that code ;)
Link:
https://cs.chromium.org/chromium/src/components/ntp_snippets/remote/remote_su...

+  } else if (signin_manager_->AuthInProgress()) {
+    // Currently signing in: Wait for auth to finish (to get the refresh token),
+    // then get the access token.
+    DCHECK(!waiting_for_sign_in_);
+    waiting_for_sign_in_ = true;
+    signin_manager_->AddObserver(this);
+  } else {
+    // Not signed in, no access token. Make sure not to run the callback
+    // synchronously, and not to run it if we get deleted in the meantime.
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&AccessTokenFetcher::RunCallbackNotSignedIn,
+                              weak_ptr_factory_.GetWeakPtr()));
+  }
+}
+
+void AccessTokenFetcher::RunCallbackNotSignedIn() {
+  callback_.Run(std::string());
+}
+
+void AccessTokenFetcher::WaitForRefreshToken() {
+  DCHECK(signin_manager_->IsAuthenticated());
+  DCHECK(!waiting_for_refresh_token_);
+
+  if (token_service_->RefreshTokenIsAvailable(
+          signin_manager_->GetAuthenticatedAccountId())) {
+    // Already have refresh token: Get the access token directly.
+    StartAccessTokenRequest();
+  } else {
+    // Signed in, but refresh token isn't there yet: Wait for the refresh
+    // token to be loaded, then get the access token.
+    waiting_for_refresh_token_ = true;
+    token_service_->AddObserver(this);
+  }
+}
+
+void AccessTokenFetcher::StartAccessTokenRequest() {
+  access_token_request_ = token_service_->StartRequest(
+      signin_manager_->GetAuthenticatedAccountId(), scopes_, this);
+}
+
+void AccessTokenFetcher::GoogleSigninSucceeded(const std::string& account_id,
+                                               const std::string& username,
+                                               const std::string& password) {
+  DCHECK(waiting_for_sign_in_);
+  waiting_for_sign_in_ = false;
+  signin_manager_->RemoveObserver(this);
+
+  DCHECK(signin_manager_->IsAuthenticated());
+
+  WaitForRefreshToken();
+}
+
+void AccessTokenFetcher::GoogleSigninFailed(
+    const GoogleServiceAuthError& error) {
+  DCHECK(waiting_for_sign_in_);
+  waiting_for_sign_in_ = false;
+  signin_manager_->RemoveObserver(this);
+
+  callback_.Run(std::string());
+}
+
+void AccessTokenFetcher::OnRefreshTokenAvailable(
+    const std::string& account_id) {
+  DCHECK(waiting_for_refresh_token_);
+  DCHECK(signin_manager_->IsAuthenticated());
+
+  // Only react on tokens for the account the user has signed in with.
+  if (account_id != signin_manager_->GetAuthenticatedAccountId()) {
+    return;
+  }
+
+  waiting_for_refresh_token_ = false;
+  token_service_->RemoveObserver(this);
+  StartAccessTokenRequest();
+}
+
+void AccessTokenFetcher::OnRefreshTokensLoaded() {
+  DCHECK(waiting_for_refresh_token_);
+
+  // All refresh tokens were loaded, but we didn't get one for the account we
+  // care about. We probably won't get one any time soon.
+  waiting_for_refresh_token_ = false;
+  token_service_->RemoveObserver(this);
+  callback_.Run(std::string());
+}
+
+void AccessTokenFetcher::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const base::Time& expiration_time) {
+  DCHECK_EQ(request, access_token_request_.get());
+  std::unique_ptr<OAuth2TokenService::Request> request_deleter(
+      std::move(access_token_request_));
+
+  callback_.Run(access_token);
+}
+
+void AccessTokenFetcher::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  DCHECK_EQ(request, access_token_request_.get());
+  std::unique_ptr<OAuth2TokenService::Request> request_deleter(
+      std::move(access_token_request_));
+
+  if (!access_token_retried_ &&
+      error.state() == GoogleServiceAuthError::State::REQUEST_CANCELED) {
+    // The request can get reset by loading the refresh token (happens during
+    // startup) - try one more time.
+    access_token_retried_ = true;
+    StartAccessTokenRequest();
+    return;
+  }
+
+  DLOG(WARNING) << "Unable to get token: " << error.ToString();
+  callback_.Run(std::string());
+}