profile_oauth2_token_service_ios.h revision 46d4c2bc3267f3f028f39e7e311b0f89aba2e4fd 
1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved.
2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file.
4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
7eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
8eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include <string>
9eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/threading/thread_checker.h"
11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "components/signin/core/browser/mutable_profile_oauth2_token_service.h"
12eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
13eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass OAuth2AccessTokenFetcher;
145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
15eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochnamespace ios{
164e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)class ProfileOAuth2TokenServiceIOSProvider;
17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}
18c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)
19eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// A specialization of ProfileOAuth2TokenService that will be returned by
20eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service
21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// is used to lookup OAuth2 tokens.
22eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch//
23eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// See |ProfileOAuth2TokenService| for usage details.
24eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch//
25eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// Note: Requests should be started from the UI thread. To start a
2668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// request from aother thread, please use OAuth2TokenServiceRequest.
27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService {
28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public:
29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  ProfileOAuth2TokenServiceIOS();
30eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual ~ProfileOAuth2TokenServiceIOS();
31eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
3268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)  // KeyedService
33558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch  virtual void Shutdown() OVERRIDE;
34558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch
35eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // OAuth2TokenService
36eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual bool RefreshTokenIsAvailable(
3768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)      const std::string& account_id) const OVERRIDE;
38eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
39eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual void InvalidateOAuth2Token(const std::string& account_id,
40eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch                                     const std::string& client_id,
41f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)                                     const ScopeSet& scopes,
42eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch                                     const std::string& access_token) OVERRIDE;
43eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
44eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // ProfileOAuth2TokenService
4568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)  virtual void Initialize(SigninClient* client) OVERRIDE;
46eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE;
47eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual std::vector<std::string> GetAccounts() OVERRIDE;
48eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual void UpdateAuthError(const std::string& account_id,
49eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch                               const GoogleServiceAuthError& error) OVERRIDE;
50eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
51eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // This method should not be called when using shared authentication.
52eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual void UpdateCredentials(const std::string& account_id,
53eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch                                 const std::string& refresh_token) OVERRIDE;
54eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
55eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
56eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // however, it does not revoke the identities from the device.
57eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
58eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual void RevokeAllCredentials() OVERRIDE;
595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Returns the refresh token for |account_id| .
61eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Must only be called when |ShouldUseIOSSharedAuthentication| returns false.
62eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  std::string GetRefreshTokenWhenNotUsingSharedAuthentication(
63eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch      const std::string& account_id);
64eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
65eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
66eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // each new account. Fires |OnRefreshTokenRevoked| for each account that was
67eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // removed.
68eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  void ReloadCredentials();
69eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
70eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Upgrades to using shared authentication token service.
71eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  //
72eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token
73eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // service, then this call also revokes all tokens from the parent
74eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // |MutableProfileOAuth2TokenService|.
75eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  void StartUsingSharedAuthentication();
76eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
77eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Sets |use_legacy_token_service_| to |use_legacy_token_service|.
78eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  //
79eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Should only be called for testing.
80eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service);
81558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch
82eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Revokes the OAuth2 refresh tokens for all accounts from the parent
83eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // |MutableProfileOAuth2TokenService|.
84eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  //
85eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Note: This method should only be called if the legacy pre-SSOAuth token
86eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // service is used.
87eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  void ForceInvalidGrantResponses();
88eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
89f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) protected:
90eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      const std::string& account_id,
925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      net::URLRequestContextGetter* getter,
9368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)      OAuth2AccessTokenConsumer* consumer) OVERRIDE;
94eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
95eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Protected and virtual to be overriden by fake for testing.
96eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
97558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch  // Adds |account_id| to |accounts_| if it does not exist or udpates
98eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // the auth error state of |account_id| if it exists. Fires
99eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // |OnRefreshTokenAvailable| if the account info is updated.
100eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual void AddOrUpdateAccount(const std::string& account_id);
101eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
102eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
10368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)  // if the account info is removed.
104eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual void RemoveAccount(const std::string& account_id);
105eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
106eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch private:
107eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  class AccountInfo : public SigninErrorController::AuthStatusProvider {
108eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch   public:
109eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    AccountInfo(ProfileOAuth2TokenService* token_service,
110eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch                const std::string& account_id);
111eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    virtual ~AccountInfo();
112eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
113eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    void SetLastAuthError(const GoogleServiceAuthError& error);
114eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
11568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)    // SigninErrorController::AuthStatusProvider implementation.
116eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    virtual std::string GetAccountId() const OVERRIDE;
117eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    virtual std::string GetUsername() const OVERRIDE;
118eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
119eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
120eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch   private:
121eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    ProfileOAuth2TokenService* token_service_;
122eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    std::string account_id_;
123eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    GoogleServiceAuthError last_auth_error_;
124eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
125eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch    DISALLOW_COPY_AND_ASSIGN(AccountInfo);
126eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  };
127eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
128eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
129eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // to information about the account.
130eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
132eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // MutableProfileOAuth2TokenService
133eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  virtual std::string GetRefreshToken(
134eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch      const std::string& account_id) const OVERRIDE;
135eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
136eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Returns the iOS provider;
137eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
138eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
139eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Info about the existing accounts.
140eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  AccountInfoMap accounts_;
141eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
142eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Calls to this class are expected to be made from the browser UI thread.
143a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // The purpose of this  this checker is to warn us if the upstream usage of
144a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // ProfileOAuth2TokenService ever gets changed to have it be used across
145eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // multiple threads.
146eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  base::ThreadChecker thread_checker_;
147eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
148eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // Whether to use the legacy pre-SSOAuth token service.
149eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  //
150eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // |use_legacy_token_service_| is true iff the provider is not using shared
151eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // authentication during |LoadCredentials|. Note that |LoadCredentials| is
152eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // called exactly once after the PO2TS initialization iff the user is signed
153eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // in.
154eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  //
155eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // If |use_legacy_token_service_| is true, then this
156eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent
157eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  // |MutableProfileOAuth2TokenService|.
158eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  bool use_legacy_token_service_;
159eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
160eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch  DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
161eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch};
162eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch
16368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
164558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch