profile_oauth2_token_service_ios.h revision cedac228d2dd51db4b79ea1e72c7f249408ee061
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_ 6#define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_ 7 8#include <string> 9 10#include "base/threading/thread_checker.h" 11#include "components/signin/core/browser/mutable_profile_oauth2_token_service.h" 12 13class OAuth2AccessTokenFetcher; 14 15namespace ios{ 16class ProfileOAuth2TokenServiceIOSProvider; 17} 18 19// A specialization of ProfileOAuth2TokenService that will be returned by 20// ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service 21// is used to lookup OAuth2 tokens. 22// 23// See |ProfileOAuth2TokenService| for usage details. 24// 25// Note: Requests should be started from the UI thread. To start a 26// request from aother thread, please use ProfileOAuth2TokenServiceRequest. 27class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService { 28 public: 29 ProfileOAuth2TokenServiceIOS(); 30 virtual ~ProfileOAuth2TokenServiceIOS(); 31 32 // KeyedService 33 virtual void Shutdown() OVERRIDE; 34 35 // OAuth2TokenService 36 virtual bool RefreshTokenIsAvailable( 37 const std::string& account_id) const OVERRIDE; 38 39 virtual void InvalidateOAuth2Token(const std::string& account_id, 40 const std::string& client_id, 41 const ScopeSet& scopes, 42 const std::string& access_token) OVERRIDE; 43 44 // ProfileOAuth2TokenService 45 virtual void Initialize(SigninClient* client) OVERRIDE; 46 virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE; 47 virtual std::vector<std::string> GetAccounts() OVERRIDE; 48 virtual void UpdateAuthError(const std::string& account_id, 49 const GoogleServiceAuthError& error) OVERRIDE; 50 51 // This method should not be called when using shared authentication. 52 virtual void UpdateCredentials(const std::string& account_id, 53 const std::string& refresh_token) OVERRIDE; 54 55 // Removes all credentials from this instance of |ProfileOAuth2TokenService|, 56 // however, it does not revoke the identities from the device. 57 // Subsequent calls to |RefreshTokenIsAvailable| will return |false|. 58 virtual void RevokeAllCredentials() OVERRIDE; 59 60 // Returns the refresh token for |account_id| . 61 // Must only be called when |ShouldUseIOSSharedAuthentication| returns false. 62 std::string GetRefreshTokenWhenNotUsingSharedAuthentication( 63 const std::string& account_id); 64 65 // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for 66 // each new account. Fires |OnRefreshTokenRevoked| for each account that was 67 // removed. 68 void ReloadCredentials(); 69 70 // Upgrades to using shared authentication token service. 71 // 72 // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token 73 // service, then this call also revokes all tokens from the parent 74 // |MutableProfileOAuth2TokenService|. 75 void StartUsingSharedAuthentication(); 76 77 // Sets |use_legacy_token_service_| to |use_legacy_token_service|. 78 // 79 // Should only be called for testing. 80 void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service); 81 82 // Revokes the OAuth2 refresh tokens for all accounts from the parent 83 // |MutableProfileOAuth2TokenService|. 84 // 85 // Note: This method should only be called if the legacy pre-SSOAuth token 86 // service is used. 87 void ForceInvalidGrantResponses(); 88 89 protected: 90 virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher( 91 const std::string& account_id, 92 net::URLRequestContextGetter* getter, 93 OAuth2AccessTokenConsumer* consumer) OVERRIDE; 94 95 // Protected and virtual to be overriden by fake for testing. 96 97 // Adds |account_id| to |accounts_| if it does not exist or udpates 98 // the auth error state of |account_id| if it exists. Fires 99 // |OnRefreshTokenAvailable| if the account info is updated. 100 virtual void AddOrUpdateAccount(const std::string& account_id); 101 102 // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked| 103 // if the account info is removed. 104 virtual void RemoveAccount(const std::string& account_id); 105 106 private: 107 class AccountInfo : public SigninErrorController::AuthStatusProvider { 108 public: 109 AccountInfo(ProfileOAuth2TokenService* token_service, 110 const std::string& account_id); 111 virtual ~AccountInfo(); 112 113 void SetLastAuthError(const GoogleServiceAuthError& error); 114 115 // SigninErrorController::AuthStatusProvider implementation. 116 virtual std::string GetAccountId() const OVERRIDE; 117 virtual std::string GetUsername() const OVERRIDE; 118 virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE; 119 120 private: 121 ProfileOAuth2TokenService* token_service_; 122 std::string account_id_; 123 GoogleServiceAuthError last_auth_error_; 124 125 DISALLOW_COPY_AND_ASSIGN(AccountInfo); 126 }; 127 128 // Maps the |account_id| of accounts known to ProfileOAuth2TokenService 129 // to information about the account. 130 typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap; 131 132 // MutableProfileOAuth2TokenService 133 virtual std::string GetRefreshToken( 134 const std::string& account_id) const OVERRIDE; 135 136 // Returns the iOS provider; 137 ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider(); 138 139 // Info about the existing accounts. 140 AccountInfoMap accounts_; 141 142 // Calls to this class are expected to be made from the browser UI thread. 143 // The purpose of this this checker is to warn us if the upstream usage of 144 // ProfileOAuth2TokenService ever gets changed to have it be used across 145 // multiple threads. 146 base::ThreadChecker thread_checker_; 147 148 // Whether to use the legacy pre-SSOAuth token service. 149 // 150 // |use_legacy_token_service_| is true iff the provider is not using shared 151 // authentication during |LoadCredentials|. Note that |LoadCredentials| is 152 // called exactly once after the PO2TS initialization iff the user is signed 153 // in. 154 // 155 // If |use_legacy_token_service_| is true, then this 156 // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent 157 // |MutableProfileOAuth2TokenService|. 158 bool use_legacy_token_service_; 159 160 DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS); 161}; 162 163#endif // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_ 164