blob: 3d054a915ba4ee34b06227425250dbc95a9b2e29 [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <set>
#include <string>
#include <vector>
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/observer_list.h"
#include "google_apis/gaia/gaia_auth_util.h"
#include "google_apis/gaia/oauth2_token_service.h"
#include "net/base/backoff_entry.h"
namespace network {
class SharedURLLoaderFactory;
// Abstract base class to fetch and maintain refresh tokens from various
// entities. Concrete subclasses should implement RefreshTokenIsAvailable and
// CreateAccessTokenFetcher properly.
class OAuth2TokenServiceDelegate {
// Refresh token guaranteed to be invalid. Can be passed to
// UpdateCredentials() to force an authentication error.
static const char kInvalidRefreshToken[];
enum LoadCredentialsState {
virtual ~OAuth2TokenServiceDelegate();
virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
const std::string& account_id,
scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
OAuth2AccessTokenConsumer* consumer) = 0;
// Returns |true| if a refresh token is available for |account_id|, and
// |false| otherwise.
// Note: Implementations must make sure that |RefreshTokenIsAvailable| returns
// |true| if and only if |account_id| is contained in the list of accounts
// returned by |GetAccounts|.
virtual bool RefreshTokenIsAvailable(const std::string& account_id) const = 0;
virtual GoogleServiceAuthError GetAuthError(
const std::string& account_id) const;
virtual void UpdateAuthError(const std::string& account_id,
const GoogleServiceAuthError& error) {}
// Returns a list of accounts for which a refresh token is maintained by
// |this| instance.
// Note: If tokens have not been fully loaded yet, an empty list is returned.
// Also, see |RefreshTokenIsAvailable|.
virtual std::vector<std::string> GetAccounts();
virtual void RevokeAllCredentials() {}
virtual void InvalidateAccessToken(const std::string& account_id,
const std::string& client_id,
const std::set<std::string>& scopes,
const std::string& access_token) {}
// If refresh token is accessible (on Desktop) sets error for it to
// INVALID_GAIA_CREDENTIALS and notifies the observers. Otherwise
// does nothing.
virtual void InvalidateTokenForMultilogin(const std::string& failed_account) {
virtual void Shutdown() {}
virtual void UpdateCredentials(const std::string& account_id,
const std::string& refresh_token) {}
virtual void RevokeCredentials(const std::string& account_id) {}
virtual scoped_refptr<network::SharedURLLoaderFactory> GetURLLoaderFactory()
// Returns refresh token if the platform allows it (on Desktop) and if it is
// available and doesn't have error. Otherwise returns empty string (for iOS
// and Android).
virtual std::string GetTokenForMultilogin(
const std::string& account_id) const;
bool ValidateAccountId(const std::string& account_id) const;
// Add or remove observers of this token service.
void AddObserver(OAuth2TokenService::Observer* observer);
void RemoveObserver(OAuth2TokenService::Observer* observer);
// Returns a pointer to its instance of net::BackoffEntry if it has one, or
// a nullptr otherwise.
virtual const net::BackoffEntry* BackoffEntry() const;
// -----------------------------------------------------------------------
// Methods that are only used by ProfileOAuth2TokenService.
// -----------------------------------------------------------------------
// Loads the credentials from disk. Called only once when the token service
// is initialized. Default implementation is NOTREACHED - subsclasses that
// are used by the ProfileOAuth2TokenService must provide an implementation
// for this method.
virtual void LoadCredentials(const std::string& primary_account_id);
// Returns the state of the load credentials operation.
LoadCredentialsState load_credentials_state() const {
return load_credentials_state_;
// Removes the credentials associated to account_id from the internal storage,
// and moves them to |to_service|. The credentials are not revoked on the
// server, but the OnRefreshTokenRevoked() notification is sent to the
// observers.
virtual void ExtractCredentials(OAuth2TokenService* to_service,
const std::string& account_id);
// Attempts to fix the error if possible. Returns true if the error was fixed
// and false otherwise.
virtual bool FixRequestErrorIfPossible();
// -----------------------------------------------------------------------
// End of methods that are only used by ProfileOAuth2TokenService
// -----------------------------------------------------------------------
void set_load_credentials_state(LoadCredentialsState state) {
load_credentials_state_ = state;
// Called by subclasses to notify observers. Some are virtual to allow Android
// to broadcast the notifications to Java code.
virtual void FireRefreshTokenAvailable(const std::string& account_id);
virtual void FireRefreshTokenRevoked(const std::string& account_id);
virtual void FireRefreshTokensLoaded();
void FireAuthErrorChanged(const std::string& account_id,
const GoogleServiceAuthError& error);
// Helper class to scope batch changes.
class ScopedBatchChange {
explicit ScopedBatchChange(OAuth2TokenServiceDelegate* delegate);
OAuth2TokenServiceDelegate* delegate_; // Weak.
// List of observers to notify when refresh token availability changes.
// Makes sure list is empty on destruction.
base::ObserverList<OAuth2TokenService::Observer, true>::Unchecked
// The state of the load credentials operation.
LoadCredentialsState load_credentials_state_ = LOAD_CREDENTIALS_NOT_STARTED;
void StartBatchChanges();
void EndBatchChanges();
// The depth of batch changes.
int batch_change_depth_;