Multiple account support in chrome.identity.getAuthToken

chrome/browser/extensions/api/identity/identity_api.cc

Index: chrome/browser/extensions/api/identity/identity_api.cc
diff --git a/chrome/browser/extensions/api/identity/identity_api.cc b/chrome/browser/extensions/api/identity/identity_api.cc
index d3571e9504a33791de7672f57c409a35fe6250e3..54685e5952a7c80f3c609d2c4372b84eba0a4800 100644
--- a/chrome/browser/extensions/api/identity/identity_api.cc
+++ b/chrome/browser/extensions/api/identity/identity_api.cc
@@ -169,6 +169,7 @@ const IdentityAPI::CachedTokens& IdentityAPI::GetAllCachedTokens() {
 }
 
 std::vector<std::string> IdentityAPI::GetAccounts() const {
+  const std::string primary_account_id = GetPrimaryAccountId(browser_context_);
   const std::vector<AccountIds> ids = account_tracker_.GetAccounts();
   std::vector<std::string> gaia_ids;
 
@@ -185,6 +186,10 @@ std::vector<std::string> IdentityAPI::GetAccounts() const {
   return gaia_ids;
 }
 
+std::string IdentityAPI::FindAccountKeyByGaiaId(const std::string& gaia_id) {
+  return account_tracker_.FindAccountKeyByGaiaId(gaia_id);
+}
+
 void IdentityAPI::ReportAuthError(const GoogleServiceAuthError& error) {
   account_tracker_.ReportAuthError(GetPrimaryAccountId(browser_context_),
                                    error);
@@ -317,8 +322,28 @@ bool IdentityGetAuthTokenFunction::RunAsync() {
 
   std::set<std::string> scopes(oauth2_info.scopes.begin(),
                                oauth2_info.scopes.end());
-  token_key_.reset(new ExtensionTokenKey(
-      GetExtension()->id(), GetPrimaryAccountId(GetProfile()), scopes));
+
+  std::string account_key = GetPrimaryAccountId(GetProfile());
+
+  if (params->details->account.get()) {
+    std::string detail_key =
+        extensions::IdentityAPI::GetFactoryInstance()
+            ->Get(GetProfile())
+            ->FindAccountKeyByGaiaId(params->details->account->id);
+
+    if (detail_key != account_key) {
+      if (detail_key.empty() || !switches::IsExtensionsMultiAccount()) {
+        // TODO(courage): should this be a different error?
+        error_ = identity_constants::kUserNotSignedIn;
+        return false;
+      }
+
+      account_key = detail_key;
+    }
+  }
+
+  token_key_.reset(
+      new ExtensionTokenKey(GetExtension()->id(), account_key, scopes));
 
   // From here on out, results must be returned asynchronously.
   StartAsyncRun();
@@ -652,6 +677,7 @@ void IdentityGetAuthTokenFunction::StartLoginAccessTokenRequest() {
     std::string app_client_secret;
     if (chromeos::UserManager::Get()->GetAppModeChromeClientOAuthInfo(
            &app_client_id, &app_client_secret)) {
+      // TODO(courage): figure out what account should be here

[fgorski, 2014/06/03 23:46:40]

I'd check with bartfab, but based on my exchange with him re: gcm services, it
should be whatever comes from identity provider. (as in the device case it would
use robot account) -> qualified guess

[Michael Courage, 2014/06/04 23:37:38]

Right thing to do here is use the account established in RunAsync. Right now it
does no kiosk specific filtering, and I don't think it needs to.

       login_token_request_ =
           service->StartRequestForClient(primary_account_id,
                                          app_client_id,
@@ -663,7 +689,7 @@ void IdentityGetAuthTokenFunction::StartLoginAccessTokenRequest() {
   }
 #endif
   login_token_request_ = service->StartRequest(
-      primary_account_id, OAuth2TokenService::ScopeSet(), this);
+      token_key_->account_id, OAuth2TokenService::ScopeSet(), this);
 }
 
 void IdentityGetAuthTokenFunction::StartGaiaRequest(
@@ -684,8 +710,12 @@ void IdentityGetAuthTokenFunction::ShowOAuthApprovalDialog(
   const std::string locale = g_browser_process->local_state()->GetString(
       prefs::kApplicationLocale);
 
-  gaia_web_auth_flow_.reset(new GaiaWebAuthFlow(
-      this, GetProfile(), GetExtension()->id(), oauth2_info, locale));
+  gaia_web_auth_flow_.reset(new GaiaWebAuthFlow(this,
+                                                GetProfile(),
+                                                token_key_->account_id,
+                                                GetExtension()->id(),
+                                                oauth2_info,
+                                                locale));
   gaia_web_auth_flow_->Start();
 }
 
@@ -707,8 +737,7 @@ OAuth2MintTokenFlow* IdentityGetAuthTokenFunction::CreateMintTokenFlow(
 bool IdentityGetAuthTokenFunction::HasLoginToken() const {
   ProfileOAuth2TokenService* token_service =
       ProfileOAuth2TokenServiceFactory::GetForProfile(GetProfile());
-  return token_service->RefreshTokenIsAvailable(
-      GetPrimaryAccountId(GetProfile()));
+  return token_service->RefreshTokenIsAvailable(token_key_->account_id);
 }
 
 std::string IdentityGetAuthTokenFunction::MapOAuth2ErrorToDescription(