Pass signin_scoped_device_id to refresh token request on ChromeOS

chrome/browser/chromeos/login/signin/oauth2_token_fetcher.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SIGNIN_OAUTH2_TOKEN_FETCHER_H_
 #define CHROME_BROWSER_CHROMEOS_LOGIN_SIGNIN_OAUTH2_TOKEN_FETCHER_H_
 
 #include <string>
 
 #include "base/basictypes.h"
@@ skipping 20 matching lines @@
     virtual ~Delegate() {}
     virtual void OnOAuth2TokensAvailable(
         const GaiaAuthConsumer::ClientOAuthResult& oauth2_tokens) = 0;
     virtual void OnOAuth2TokensFetchFailed() = 0;
   };
 
   OAuth2TokenFetcher(OAuth2TokenFetcher::Delegate* delegate,
                      net::URLRequestContextGetter* context_getter);
   virtual ~OAuth2TokenFetcher();
 
-  void StartExchangeFromCookies(const std::string& session_index);
+  void StartExchangeFromCookies(const std::string& session_index,
+                                const std::string& signin_scoped_device_id);
   void StartExchangeFromAuthCode(const std::string& auth_code);

[dzhioev (left Google), 2014/07/18 13:31:52]

Don't we need device id for auth code authentication?

[pavely, 2014/07/18 22:30:04]

The way how (I think) exchange with gaia works is:
- Chrome shows user signin form where user enters credentials. This form sends
requests to gaia. Result of this interaction is cookie jar that can be exchanged
for auth_code.
- Cookie jar is exchanged for auth_code (one time short lived grant) by sending
request to programmatic_auth endpoint. This is the place where I can pass device
information (device_id, device_name, etc.)
- auth_code is exchanged for token pair (access_token/refresh_token) using
o/oauth2/token endpoint. I cannot pass device_id there today, api doesn't accept
it. 

StartExchangeFromCookies is 2 step exchange: cookies->auth_code->token pair.
StartEachangeFromAuthCode is shortcut into this flow skipping first exchange,
the one I use to pass device_id. That's the reason I don't pass device_id to
StartExchangeFromAuthCode.

The code that calls StartExchangeFromAuthCode should have obtained this code
from gaia in some way. I guess device_id should be injected into that process
somehow, but I don't know how to do it.

I tested two main scenarios: signing in for the first time and signing in after
token revocation (password change). In both cases code goes through
StartExchangeFromCookies. Do you know how I can trigger code to call
StartExchangeFromAuthCode instead? I'd love to understand it better.

 
  private:
   // Decides how to proceed on GAIA |error|. If the error looks temporary,
   // retries |task| until max retry count is reached.
   // If retry count runs out, or error condition is unrecoverable, it runs
   // |error_handler|.
   void RetryOnError(const GoogleServiceAuthError& error,
                     const base::Closure& task,
                     const base::Closure& error_handler);
 
   // GaiaAuthConsumer overrides.
   virtual void OnClientOAuthSuccess(
       const GaiaAuthConsumer::ClientOAuthResult& result) OVERRIDE;
   virtual void OnClientOAuthFailure(
       const GoogleServiceAuthError& error) OVERRIDE;
 
   OAuth2TokenFetcher::Delegate* delegate_;
   GaiaAuthConsumer::ClientOAuthResult oauth_tokens_;
   GaiaAuthFetcher auth_fetcher_;
 
   // The retry counter. Increment this only when failure happened.
   int retry_count_;
   std::string session_index_;
+  std::string signin_scoped_device_id_;
   std::string auth_code_;
 
   DISALLOW_COPY_AND_ASSIGN(OAuth2TokenFetcher);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_SIGNIN_OAUTH2_TOKEN_FETCHER_H_