profile_oauth2_token_service_ios.h revision cedac228d2dd51db4b79ea1e72c7f249408ee061 
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
6#define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
7
8#include <string>
9
10#include "base/threading/thread_checker.h"
11#include "components/signin/core/browser/mutable_profile_oauth2_token_service.h"
12
13class OAuth2AccessTokenFetcher;
14
15namespace ios{
16class ProfileOAuth2TokenServiceIOSProvider;
17}
18
19// A specialization of ProfileOAuth2TokenService that will be returned by
20// ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service
21// is used to lookup OAuth2 tokens.
22//
23// See |ProfileOAuth2TokenService| for usage details.
24//
25// Note: Requests should be started from the UI thread. To start a
26// request from aother thread, please use ProfileOAuth2TokenServiceRequest.
27class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService {
28 public:
29  ProfileOAuth2TokenServiceIOS();
30  virtual ~ProfileOAuth2TokenServiceIOS();
31
32  // KeyedService
33  virtual void Shutdown() OVERRIDE;
34
35  // OAuth2TokenService
36  virtual bool RefreshTokenIsAvailable(
37      const std::string& account_id) const OVERRIDE;
38
39  virtual void InvalidateOAuth2Token(const std::string& account_id,
40                                     const std::string& client_id,
41                                     const ScopeSet& scopes,
42                                     const std::string& access_token) OVERRIDE;
43
44  // ProfileOAuth2TokenService
45  virtual void Initialize(SigninClient* client) OVERRIDE;
46  virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE;
47  virtual std::vector<std::string> GetAccounts() OVERRIDE;
48  virtual void UpdateAuthError(const std::string& account_id,
49                               const GoogleServiceAuthError& error) OVERRIDE;
50
51  // This method should not be called when using shared authentication.
52  virtual void UpdateCredentials(const std::string& account_id,
53                                 const std::string& refresh_token) OVERRIDE;
54
55  // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
56  // however, it does not revoke the identities from the device.
57  // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
58  virtual void RevokeAllCredentials() OVERRIDE;
59
60  // Returns the refresh token for |account_id| .
61  // Must only be called when |ShouldUseIOSSharedAuthentication| returns false.
62  std::string GetRefreshTokenWhenNotUsingSharedAuthentication(
63      const std::string& account_id);
64
65  // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
66  // each new account. Fires |OnRefreshTokenRevoked| for each account that was
67  // removed.
68  void ReloadCredentials();
69
70  // Upgrades to using shared authentication token service.
71  //
72  // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token
73  // service, then this call also revokes all tokens from the parent
74  // |MutableProfileOAuth2TokenService|.
75  void StartUsingSharedAuthentication();
76
77  // Sets |use_legacy_token_service_| to |use_legacy_token_service|.
78  //
79  // Should only be called for testing.
80  void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service);
81
82  // Revokes the OAuth2 refresh tokens for all accounts from the parent
83  // |MutableProfileOAuth2TokenService|.
84  //
85  // Note: This method should only be called if the legacy pre-SSOAuth token
86  // service is used.
87  void ForceInvalidGrantResponses();
88
89 protected:
90  virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
91      const std::string& account_id,
92      net::URLRequestContextGetter* getter,
93      OAuth2AccessTokenConsumer* consumer) OVERRIDE;
94
95  // Protected and virtual to be overriden by fake for testing.
96
97  // Adds |account_id| to |accounts_| if it does not exist or udpates
98  // the auth error state of |account_id| if it exists. Fires
99  // |OnRefreshTokenAvailable| if the account info is updated.
100  virtual void AddOrUpdateAccount(const std::string& account_id);
101
102  // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
103  // if the account info is removed.
104  virtual void RemoveAccount(const std::string& account_id);
105
106 private:
107  class AccountInfo : public SigninErrorController::AuthStatusProvider {
108   public:
109    AccountInfo(ProfileOAuth2TokenService* token_service,
110                const std::string& account_id);
111    virtual ~AccountInfo();
112
113    void SetLastAuthError(const GoogleServiceAuthError& error);
114
115    // SigninErrorController::AuthStatusProvider implementation.
116    virtual std::string GetAccountId() const OVERRIDE;
117    virtual std::string GetUsername() const OVERRIDE;
118    virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
119
120   private:
121    ProfileOAuth2TokenService* token_service_;
122    std::string account_id_;
123    GoogleServiceAuthError last_auth_error_;
124
125    DISALLOW_COPY_AND_ASSIGN(AccountInfo);
126  };
127
128  // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
129  // to information about the account.
130  typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
131
132  // MutableProfileOAuth2TokenService
133  virtual std::string GetRefreshToken(
134      const std::string& account_id) const OVERRIDE;
135
136  // Returns the iOS provider;
137  ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
138
139  // Info about the existing accounts.
140  AccountInfoMap accounts_;
141
142  // Calls to this class are expected to be made from the browser UI thread.
143  // The purpose of this  this checker is to warn us if the upstream usage of
144  // ProfileOAuth2TokenService ever gets changed to have it be used across
145  // multiple threads.
146  base::ThreadChecker thread_checker_;
147
148  // Whether to use the legacy pre-SSOAuth token service.
149  //
150  // |use_legacy_token_service_| is true iff the provider is not using shared
151  // authentication during |LoadCredentials|. Note that |LoadCredentials| is
152  // called exactly once after the PO2TS initialization iff the user is signed
153  // in.
154  //
155  // If |use_legacy_token_service_| is true, then this
156  // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent
157  // |MutableProfileOAuth2TokenService|.
158  bool use_legacy_token_service_;
159
160  DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
161};
162
163#endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
164