profile_oauth2_token_service_ios.h revision 46d4c2bc3267f3f028f39e7e311b0f89aba2e4fd
1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file. 4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_ 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_ 7eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 8eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include <string> 9eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/threading/thread_checker.h" 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "components/signin/core/browser/mutable_profile_oauth2_token_service.h" 12eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 13eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass OAuth2AccessTokenFetcher; 145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 15eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochnamespace ios{ 164e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)class ProfileOAuth2TokenServiceIOSProvider; 17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 18c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 19eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// A specialization of ProfileOAuth2TokenService that will be returned by 20eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service 21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// is used to lookup OAuth2 tokens. 22eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// 23eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// See |ProfileOAuth2TokenService| for usage details. 24eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// 25eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// Note: Requests should be started from the UI thread. To start a 2668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// request from aother thread, please use OAuth2TokenServiceRequest. 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService { 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ProfileOAuth2TokenServiceIOS(); 30eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual ~ProfileOAuth2TokenServiceIOS(); 31eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 3268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) // KeyedService 33558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch virtual void Shutdown() OVERRIDE; 34558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch 35eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // OAuth2TokenService 36eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual bool RefreshTokenIsAvailable( 3768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const std::string& account_id) const OVERRIDE; 38eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 39eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void InvalidateOAuth2Token(const std::string& account_id, 40eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& client_id, 41f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const ScopeSet& scopes, 42eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& access_token) OVERRIDE; 43eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 44eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // ProfileOAuth2TokenService 4568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) virtual void Initialize(SigninClient* client) OVERRIDE; 46eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE; 47eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual std::vector<std::string> GetAccounts() OVERRIDE; 48eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void UpdateAuthError(const std::string& account_id, 49eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const GoogleServiceAuthError& error) OVERRIDE; 50eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 51eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // This method should not be called when using shared authentication. 52eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void UpdateCredentials(const std::string& account_id, 53eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& refresh_token) OVERRIDE; 54eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 55eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Removes all credentials from this instance of |ProfileOAuth2TokenService|, 56eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // however, it does not revoke the identities from the device. 57eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Subsequent calls to |RefreshTokenIsAvailable| will return |false|. 58eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void RevokeAllCredentials() OVERRIDE; 595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Returns the refresh token for |account_id| . 61eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Must only be called when |ShouldUseIOSSharedAuthentication| returns false. 62eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch std::string GetRefreshTokenWhenNotUsingSharedAuthentication( 63eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& account_id); 64eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 65eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for 66eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // each new account. Fires |OnRefreshTokenRevoked| for each account that was 67eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // removed. 68eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void ReloadCredentials(); 69eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 70eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Upgrades to using shared authentication token service. 71eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 72eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token 73eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // service, then this call also revokes all tokens from the parent 74eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |MutableProfileOAuth2TokenService|. 75eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void StartUsingSharedAuthentication(); 76eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 77eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Sets |use_legacy_token_service_| to |use_legacy_token_service|. 78eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 79eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Should only be called for testing. 80eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service); 81558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch 82eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Revokes the OAuth2 refresh tokens for all accounts from the parent 83eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |MutableProfileOAuth2TokenService|. 84eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 85eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Note: This method should only be called if the legacy pre-SSOAuth token 86eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // service is used. 87eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void ForceInvalidGrantResponses(); 88eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 89f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) protected: 90eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher( 915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& account_id, 925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::URLRequestContextGetter* getter, 9368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) OAuth2AccessTokenConsumer* consumer) OVERRIDE; 94eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 95eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Protected and virtual to be overriden by fake for testing. 96eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 97558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch // Adds |account_id| to |accounts_| if it does not exist or udpates 98eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // the auth error state of |account_id| if it exists. Fires 99eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |OnRefreshTokenAvailable| if the account info is updated. 100eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void AddOrUpdateAccount(const std::string& account_id); 101eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 102eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked| 10368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) // if the account info is removed. 104eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void RemoveAccount(const std::string& account_id); 105eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 106eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch private: 107eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch class AccountInfo : public SigninErrorController::AuthStatusProvider { 108eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch public: 109eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AccountInfo(ProfileOAuth2TokenService* token_service, 110eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& account_id); 111eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual ~AccountInfo(); 112eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 113eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void SetLastAuthError(const GoogleServiceAuthError& error); 114eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 11568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) // SigninErrorController::AuthStatusProvider implementation. 116eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual std::string GetAccountId() const OVERRIDE; 117eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual std::string GetUsername() const OVERRIDE; 118eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE; 119eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 120eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch private: 121eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ProfileOAuth2TokenService* token_service_; 122eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch std::string account_id_; 123eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GoogleServiceAuthError last_auth_error_; 124eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 125eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch DISALLOW_COPY_AND_ASSIGN(AccountInfo); 126eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch }; 127eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 128eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Maps the |account_id| of accounts known to ProfileOAuth2TokenService 129eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // to information about the account. 130eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap; 1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 132eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // MutableProfileOAuth2TokenService 133eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual std::string GetRefreshToken( 134eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& account_id) const OVERRIDE; 135eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 136eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Returns the iOS provider; 137eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider(); 138eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 139eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Info about the existing accounts. 140eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AccountInfoMap accounts_; 141eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 142eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Calls to this class are expected to be made from the browser UI thread. 143a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // The purpose of this this checker is to warn us if the upstream usage of 144a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // ProfileOAuth2TokenService ever gets changed to have it be used across 145eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // multiple threads. 146eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch base::ThreadChecker thread_checker_; 147eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 148eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Whether to use the legacy pre-SSOAuth token service. 149eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 150eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |use_legacy_token_service_| is true iff the provider is not using shared 151eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // authentication during |LoadCredentials|. Note that |LoadCredentials| is 152eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // called exactly once after the PO2TS initialization iff the user is signed 153eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // in. 154eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 155eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // If |use_legacy_token_service_| is true, then this 156eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent 157eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |MutableProfileOAuth2TokenService|. 158eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch bool use_legacy_token_service_; 159eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 160eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS); 161eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch}; 162eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 16368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#endif // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_ 164558790d6acca3451cf3a6b497803a5f07d0bec58Ben Murdoch