components/signin/ios/browser/profile_oauth2_token_service_ios.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
   6 #define COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_
   7
   8 #include <string>
   9
  10 #include "base/threading/thread_checker.h"
  11 #include "components/signin/core/browser/mutable_profile_oauth2_token_service.h"
  12
  13 class OAuth2AccessTokenFetcher;
  14
  15 namespace ios{
  16 class ProfileOAuth2TokenServiceIOSProvider;
  17 }
  18
  19 // A specialization of ProfileOAuth2TokenService that will be returned by
  20 // ProfileOAuth2TokenServiceFactory for OS_IOS when iOS authentication service
  21 // is used to lookup OAuth2 tokens.
  22 //
  23 // See |ProfileOAuth2TokenService| for usage details.
  24 //
  25 // Note: Requests should be started from the UI thread. To start a
  26 // request from aother thread, please use OAuth2TokenServiceRequest.
  27 class ProfileOAuth2TokenServiceIOS : public MutableProfileOAuth2TokenService {
  28  public:
  29   ProfileOAuth2TokenServiceIOS();
  30   virtual ~ProfileOAuth2TokenServiceIOS();
  31
  32   // KeyedService
  33   virtual void Shutdown() OVERRIDE;
  34
  35   // OAuth2TokenService
  36   virtual bool RefreshTokenIsAvailable(
  37       const std::string& account_id) const OVERRIDE;
  38
  39   virtual void InvalidateOAuth2Token(const std::string& account_id,
  40                                      const std::string& client_id,
  41                                      const ScopeSet& scopes,
  42                                      const std::string& access_token) OVERRIDE;
  43
  44   // ProfileOAuth2TokenService
  45   virtual void Initialize(SigninClient* client) OVERRIDE;
  46   virtual void LoadCredentials(const std::string& primary_account_id) OVERRIDE;
  47   virtual std::vector<std::string> GetAccounts() OVERRIDE;
  48   virtual void UpdateAuthError(const std::string& account_id,
  49                                const GoogleServiceAuthError& error) OVERRIDE;
  50
  51   // This method should not be called when using shared authentication.
  52   virtual void UpdateCredentials(const std::string& account_id,
  53                                  const std::string& refresh_token) OVERRIDE;
  54
  55   // Removes all credentials from this instance of |ProfileOAuth2TokenService|,
  56   // however, it does not revoke the identities from the device.
  57   // Subsequent calls to |RefreshTokenIsAvailable| will return |false|.
  58   virtual void RevokeAllCredentials() OVERRIDE;
  59
  60   // Returns the refresh token for |account_id| .
  61   // Must only be called when |ShouldUseIOSSharedAuthentication| returns false.
  62   std::string GetRefreshTokenWhenNotUsingSharedAuthentication(
  63       const std::string& account_id);
  64
  65   // Reloads accounts from the provider. Fires |OnRefreshTokenAvailable| for
  66   // each new account. Fires |OnRefreshTokenRevoked| for each account that was
  67   // removed.
  68   void ReloadCredentials();
  69
  70   // Upgrades to using shared authentication token service.
  71   //
  72   // Note: If this |ProfileOAuth2TokenServiceIOS| was using the legacy token
  73   // service, then this call also revokes all tokens from the parent
  74   // |MutableProfileOAuth2TokenService|.
  75   void StartUsingSharedAuthentication();
  76
  77   // Sets |use_legacy_token_service_| to |use_legacy_token_service|.
  78   //
  79   // Should only be called for testing.
  80   void SetUseLegacyTokenServiceForTesting(bool use_legacy_token_service);
  81
  82   // Revokes the OAuth2 refresh tokens for all accounts from the parent
  83   // |MutableProfileOAuth2TokenService|.
  84   //
  85   // Note: This method should only be called if the legacy pre-SSOAuth token
  86   // service is used.
  87   void ForceInvalidGrantResponses();
  88
  89  protected:
  90   virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
  91       const std::string& account_id,
  92       net::URLRequestContextGetter* getter,
  93       OAuth2AccessTokenConsumer* consumer) OVERRIDE;
  94
  95   // Protected and virtual to be overriden by fake for testing.
  96
  97   // Adds |account_id| to |accounts_| if it does not exist or udpates
  98   // the auth error state of |account_id| if it exists. Fires
  99   // |OnRefreshTokenAvailable| if the account info is updated.
 100   virtual void AddOrUpdateAccount(const std::string& account_id);
 101
 102   // Removes |account_id| from |accounts_|. Fires |OnRefreshTokenRevoked|
 103   // if the account info is removed.
 104   virtual void RemoveAccount(const std::string& account_id);
 105
 106  private:
 107   class AccountInfo : public SigninErrorController::AuthStatusProvider {
 108    public:
 109     AccountInfo(ProfileOAuth2TokenService* token_service,
 110                 const std::string& account_id);
 111     virtual ~AccountInfo();
 112
 113     void SetLastAuthError(const GoogleServiceAuthError& error);
 114
 115     // SigninErrorController::AuthStatusProvider implementation.
 116     virtual std::string GetAccountId() const OVERRIDE;
 117     virtual std::string GetUsername() const OVERRIDE;
 118     virtual GoogleServiceAuthError GetAuthStatus() const OVERRIDE;
 119
 120    private:
 121     ProfileOAuth2TokenService* token_service_;
 122     std::string account_id_;
 123     GoogleServiceAuthError last_auth_error_;
 124
 125     DISALLOW_COPY_AND_ASSIGN(AccountInfo);
 126   };
 127
 128   // Maps the |account_id| of accounts known to ProfileOAuth2TokenService
 129   // to information about the account.
 130   typedef std::map<std::string, linked_ptr<AccountInfo> > AccountInfoMap;
 131
 132   // MutableProfileOAuth2TokenService
 133   virtual std::string GetRefreshToken(
 134       const std::string& account_id) const OVERRIDE;
 135
 136   // Returns the iOS provider;
 137   ios::ProfileOAuth2TokenServiceIOSProvider* GetProvider();
 138
 139   // Info about the existing accounts.
 140   AccountInfoMap accounts_;
 141
 142   // Calls to this class are expected to be made from the browser UI thread.
 143   // The purpose of this  this checker is to warn us if the upstream usage of
 144   // ProfileOAuth2TokenService ever gets changed to have it be used across
 145   // multiple threads.
 146   base::ThreadChecker thread_checker_;
 147
 148   // Whether to use the legacy pre-SSOAuth token service.
 149   //
 150   // |use_legacy_token_service_| is true iff the provider is not using shared
 151   // authentication during |LoadCredentials|. Note that |LoadCredentials| is
 152   // called exactly once after the PO2TS initialization iff the user is signed
 153   // in.
 154   //
 155   // If |use_legacy_token_service_| is true, then this
 156   // |ProfileOAuth2TokenServiceIOS| delegates all calls to the parent
 157   // |MutableProfileOAuth2TokenService|.
 158   bool use_legacy_token_service_;
 159
 160   DISALLOW_COPY_AND_ASSIGN(ProfileOAuth2TokenServiceIOS);
 161 };
 162
 163 #endif  // COMPONENTS_SIGNIN_IOS_BROWSER_PROFILE_OAUTH2_TOKEN_SERVICE_IOS_H_