• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
6 #define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
7 
8 #include <string>
9 
10 #include "base/threading/thread_checker.h"
11 #include "components/signin/core/browser/mutable_profile_oauth2_token_service.h"
12 
13 class OAuth2AccessTokenFetcher;
14 
15 namespace ios{
16 class ProfileOAuth2TokenServiceIOSProvider;
17 }
18 
19 // A specialization of ProfileOAuth2TokenService that will be returned by
20 // ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service
21 // is used to lookup OAuth2 tokens.
22 //
23 // See |ProfileOAuth2TokenService| for usage details.
24 //
25 // Note: Requests should be started from the UI thread. To start a
26 // request from aother thread, please use OAuth2TokenServiceRequest.
27 class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService {
28  public:
29   ProfileOAuth2TokenServiceIOS();
30   virtual ~ProfileOAuth2TokenServiceIOS();
31 
32   // KeyedService
33   virtual void Shutdown() OVERRIDE;
34 
35   // OAuth2TokenService
36   virtual bool RefreshTokenIsAvailable(
37       const std::string& account_id) const OVERRIDE;
38 
39   virtual void InvalidateOAuth2Token(const std::string& account_id,
40                                      const std::string& client_id,
41                                      const ScopeSet& scopes,
42                                      const std::string& access_token) OVERRIDE;
43 
44   // ProfileOAuth2TokenService
45   virtual void Initialize(SigninClient* client) OVERRIDE;
46   virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE;
47   virtual std::vector<std::string> GetAccounts() OVERRIDE;
48   virtual void UpdateAuthError(const std::string& account_id,
49                                const GoogleServiceAuthError& error) OVERRIDE;
50 
51   // This method should not be called when using shared authentication.
52   virtual void UpdateCredentials(const std::string& account_id,
53                                  const std::string& refresh_token) OVERRIDE;
54 
55   // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
56   // however, it does not revoke the identities from the device.
57   // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
58   virtual void RevokeAllCredentials() OVERRIDE;
59 
60   // Returns the refresh token for |account_id| .
61   // Must only be called when |ShouldUseIOSSharedAuthentication| returns false.
62   std::string GetRefreshTokenWhenNotUsingSharedAuthentication(
63       const std::string& account_id);
64 
65   // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
66   // each new account. Fires |OnRefreshTokenRevoked| for each account that was
67   // removed.
68   void ReloadCredentials();
69 
70   // Upgrades to using shared authentication token service.
71   //
72   // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token
73   // service, then this call also revokes all tokens from the parent
74   // |MutableProfileOAuth2TokenService|.
75   void StartUsingSharedAuthentication();
76 
77   // Sets |use_legacy_token_service_| to |use_legacy_token_service|.
78   //
79   // Should only be called for testing.
80   void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service);
81 
82   // Revokes the OAuth2 refresh tokens for all accounts from the parent
83   // |MutableProfileOAuth2TokenService|.
84   //
85   // Note: This method should only be called if the legacy pre-SSOAuth token
86   // service is used.
87   void ForceInvalidGrantResponses();
88 
89  protected:
90   virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
91       const std::string& account_id,
92       net::URLRequestContextGetter* getter,
93       OAuth2AccessTokenConsumer* consumer) OVERRIDE;
94 
95   // Protected and virtual to be overriden by fake for testing.
96 
97   // Adds |account_id| to |accounts_| if it does not exist or udpates
98   // the auth error state of |account_id| if it exists. Fires
99   // |OnRefreshTokenAvailable| if the account info is updated.
100   virtual void AddOrUpdateAccount(const std::string& account_id);
101 
102   // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
103   // if the account info is removed.
104   virtual void RemoveAccount(const std::string& account_id);
105 
106  private:
107   class AccountInfo : public SigninErrorController::AuthStatusProvider {
108    public:
109     AccountInfo(ProfileOAuth2TokenService* token_service,
110                 const std::string& account_id);
111     virtual ~AccountInfo();
112 
113     void SetLastAuthError(const GoogleServiceAuthError& error);
114 
115     // SigninErrorController::AuthStatusProvider implementation.
116     virtual std::string GetAccountId() const OVERRIDE;
117     virtual std::string GetUsername() const OVERRIDE;
118     virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
119 
120    private:
121     ProfileOAuth2TokenService* token_service_;
122     std::string account_id_;
123     GoogleServiceAuthError last_auth_error_;
124 
125     DISALLOW_COPY_AND_ASSIGN(AccountInfo);
126   };
127 
128   // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
129   // to information about the account.
130   typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
131 
132   // MutableProfileOAuth2TokenService
133   virtual std::string GetRefreshToken(
134       const std::string& account_id) const OVERRIDE;
135 
136   // Returns the iOS provider;
137   ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
138 
139   // Info about the existing accounts.
140   AccountInfoMap accounts_;
141 
142   // Calls to this class are expected to be made from the browser UI thread.
143   // The purpose of this  this checker is to warn us if the upstream usage of
144   // ProfileOAuth2TokenService ever gets changed to have it be used across
145   // multiple threads.
146   base::ThreadChecker thread_checker_;
147 
148   // Whether to use the legacy pre-SSOAuth token service.
149   //
150   // |use_legacy_token_service_| is true iff the provider is not using shared
151   // authentication during |LoadCredentials|. Note that |LoadCredentials| is
152   // called exactly once after the PO2TS initialization iff the user is signed
153   // in.
154   //
155   // If |use_legacy_token_service_| is true, then this
156   // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent
157   // |MutableProfileOAuth2TokenService|.
158   bool use_legacy_token_service_;
159 
160   DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
161 };
162 
163 #endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
164