[s13n] Convert ArcAuthContext away from ProfileOAuth2TokenService

CL converts ArcAuthContext away from PO2TS, as part of the
IdentityManager servicification effort (//services/identity).
No functionality change is expected.

Note that there is still one reference to PO2TS left, that is used to
construct UbertokenFetcher. It will be removed on a follow up pass.

CL also takes the opportunity to migrate ArcBackgroundAuthCodeFetcher
away from OAuth2TokenService::Consumer, since it is tied to
ArcAuthContext.

BUG=905243

TEST=Run on test device.
TEST=Run browser_tests --gtest_filter=Arc*
TEST=Run unit_tests --gtest_filter=Arc*

Change-Id: I1a74df3b79a7753e96dc7993d636692efa18d1a0
Reviewed-on: https://chromium-review.googlesource.com/c/1345130
Commit-Queue: Antonio Gomes <tonikitoo@igalia.com>
Reviewed-by: Yury Khmel <khmel@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610189}

chrome/browser/chromeos/arc/auth/arc_auth_context.cc

@@ -11,11 +11,13 @@
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/chromeos/arc/arc_support_host.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/identity_manager_factory.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/ui/app_list/arc/arc_app_utils.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "content/public/common/url_constants.h"
 #include "google_apis/gaia/gaia_auth_fetcher.h"
+#include "services/identity/public/cpp/access_token_fetcher.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 
 namespace arc {
@@ -58,13 +60,13 @@ constexpr net::BackoffEntry::Policy kRetryBackoffPolicy = {
 ArcAuthContext::ArcAuthContext(Profile* profile, const std::string& account_id)
     : profile_(profile),
       account_id_(account_id),
-      token_service_(ProfileOAuth2TokenServiceFactory::GetForProfile(profile)),
+      identity_manager_(IdentityManagerFactory::GetForProfile(profile)),
       retry_backoff_(&kRetryBackoffPolicy) {
-  DCHECK(base::ContainsValue(token_service_->GetAccounts(), account_id_));
+  DCHECK(identity_manager_->HasAccountWithRefreshToken(account_id));
 }
 
 ArcAuthContext::~ArcAuthContext() {
-  token_service_->RemoveObserver(this);
+  identity_manager_->RemoveObserver(this);
 }
 
 void ArcAuthContext::Prepare(const PrepareCallback& callback) {
@@ -74,13 +76,14 @@ void ArcAuthContext::Prepare(const PrepareCallback& callback) {
   }
 
   callback_ = callback;
-  token_service_->RemoveObserver(this);
+  identity_manager_->RemoveObserver(this);
   refresh_token_timeout_.Stop();
   ResetFetchers();
   retry_backoff_.Reset();
 
-  if (!token_service_->RefreshTokenIsAvailable(account_id_)) {
-    token_service_->AddObserver(this);
+  if (!identity_manager_->HasAccountWithRefreshToken(account_id_)) {
+    identity_manager_->AddObserver(this);
+    VLOG(1) << "Waiting for refresh token for account " << account_id_;
     refresh_token_timeout_.Start(FROM_HERE, kRefreshTokenTimeout, this,
                                  &ArcAuthContext::OnRefreshTokenTimeout);
     return;
@@ -89,29 +92,38 @@ void ArcAuthContext::Prepare(const PrepareCallback& callback) {
   StartFetchers();
 }
 
-std::unique_ptr<OAuth2TokenService::Request>
-ArcAuthContext::StartAccessTokenRequest(
-    const OAuth2TokenService::ScopeSet& scopes,
-    OAuth2TokenService::Consumer* consumer) {
-  DCHECK(token_service_->RefreshTokenIsAvailable(account_id_));
-  return token_service_->StartRequest(account_id_, scopes, consumer);
+std::unique_ptr<identity::AccessTokenFetcher>
+ArcAuthContext::CreateAccessTokenFetcher(
+    const std::string& consumer_name,
+    const identity::ScopeSet& scopes,
+    identity::AccessTokenFetcher::TokenCallback callback) {
+  DCHECK(identity_manager_->HasAccountWithRefreshToken(account_id_));
+  return identity_manager_->CreateAccessTokenFetcherForAccount(
+      account_id_, consumer_name, scopes, std::move(callback),
+      identity::AccessTokenFetcher::Mode::kImmediate);
 }
 
-void ArcAuthContext::OnRefreshTokenAvailable(const std::string& account_id) {
-  if (account_id != account_id_)
+void ArcAuthContext::OnRefreshTokenUpdatedForAccount(
+    const AccountInfo& account_info,
+    bool is_valid) {
+  // There is no need to check |is_valid| here. It is intended to avoid
+  // adding the ability to query the persistent error state to the
+  // IdentityManager API, which is irrelevant for this case.
+  if (account_info.account_id != account_id_)
     return;
   OnRefreshTokensLoaded();
 }
 
 void ArcAuthContext::OnRefreshTokensLoaded() {
-  token_service_->RemoveObserver(this);
+  identity_manager_->RemoveObserver(this);
+  VLOG(1) << "Refresh token for account " << account_id_ << " loaded.";
   refresh_token_timeout_.Stop();
   StartFetchers();
 }
 
 void ArcAuthContext::OnRefreshTokenTimeout() {
   LOG(WARNING) << "Failed to wait for refresh token.";
-  token_service_->RemoveObserver(this);
+  identity_manager_->RemoveObserver(this);
   std::move(callback_).Run(nullptr);
 }
 
@@ -124,9 +136,9 @@ void ArcAuthContext::StartFetchers() {
     return;
   }
 
-  ubertoken_fetcher_.reset(
-      new UbertokenFetcher(token_service_, this, gaia::GaiaSource::kChromeOS,
-                           profile_->GetURLLoaderFactory()));
+  ubertoken_fetcher_.reset(new UbertokenFetcher(
+      ProfileOAuth2TokenServiceFactory::GetForProfile(profile_), this,
+      gaia::GaiaSource::kChromeOS, profile_->GetURLLoaderFactory()));
   ubertoken_fetcher_->StartFetchingToken(account_id_);
 }
 

chrome/browser/chromeos/arc/auth/arc_auth_context.h

@@ -11,12 +11,11 @@
 #include "base/callback.h"
 #include "base/macros.h"
 #include "base/timer/timer.h"
-#include "google_apis/gaia/oauth2_token_service.h"
 #include "google_apis/gaia/ubertoken_fetcher.h"
 #include "net/base/backoff_entry.h"
+#include "services/identity/public/cpp/identity_manager.h"
 
 class Profile;
-class ProfileOAuth2TokenService;
 
 namespace net {
 class URLRequestContextGetter;
@@ -26,7 +25,7 @@ namespace arc {
 
 class ArcAuthContext : public UbertokenConsumer,
                        public GaiaAuthConsumer,
-                       public OAuth2TokenService::Observer {
+                       public identity::IdentityManager::Observer {
  public:
   // Creates an |ArcAuthContext| for the given |account_id|. This |account_id|
   // must be the |account_id| used by the OAuth Token Service chain.
@@ -44,15 +43,16 @@ class ArcAuthContext : public UbertokenConsumer,
   void Prepare(const PrepareCallback& callback);
 
   // Creates and starts a request to fetch an access token for the given
-  // |scopes|. The caller owns the returned request. |consumer| is the object
-  // that will be called back with results if the returned request is not
-  // deleted.
-  std::unique_ptr<OAuth2TokenService::Request> StartAccessTokenRequest(
-      const OAuth2TokenService::ScopeSet& scopes,
-      OAuth2TokenService::Consumer* consumer);
-
-  // OAuth2TokenService::Observer:
-  void OnRefreshTokenAvailable(const std::string& account_id) override;
+  // |scopes|. The caller owns the returned request. |callback| will be
+  // called with results if the returned request is not deleted.
+  std::unique_ptr<identity::AccessTokenFetcher> CreateAccessTokenFetcher(
+      const std::string& consumer_name,
+      const identity::ScopeSet& scopes,
+      identity::AccessTokenFetcher::TokenCallback callback);
+
+  // identity::IdentityManager::Observer:
+  void OnRefreshTokenUpdatedForAccount(const AccountInfo& account_info,
+                                       bool is_valid) override;
   void OnRefreshTokensLoaded() override;
 
   // UbertokenConsumer:
@@ -77,7 +77,7 @@ class ArcAuthContext : public UbertokenConsumer,
   // Unowned pointer.
   Profile* const profile_;
   const std::string account_id_;
-  ProfileOAuth2TokenService* const token_service_;
+  identity::IdentityManager* const identity_manager_;
 
   // Whether the merge session should be skipped. Set to true only in testing.
   bool skip_merge_session_for_testing_ = false;

chrome/browser/chromeos/arc/auth/arc_background_auth_code_fetcher.cc

@@ -21,6 +21,8 @@
 #include "net/base/load_flags.h"
 #include "net/http/http_status_code.h"
 #include "net/url_request/url_request_context_getter.h"
+#include "services/identity/public/cpp/access_token_fetcher.h"
+#include "services/identity/public/cpp/access_token_info.h"
 #include "services/network/public/cpp/resource_request.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 #include "services/network/public/cpp/simple_url_loader.h"
@@ -53,8 +55,7 @@ ArcBackgroundAuthCodeFetcher::ArcBackgroundAuthCodeFetcher(
     const std::string& account_id,
     bool initial_signin,
     bool is_primary_account)
-    : OAuth2TokenService::Consumer(kConsumerName),
-      url_loader_factory_(std::move(url_loader_factory)),
+    : url_loader_factory_(std::move(url_loader_factory)),
       profile_(profile),
       context_(profile_, account_id),
       initial_signin_(initial_signin),
@@ -77,22 +78,31 @@ void ArcBackgroundAuthCodeFetcher::OnPrepared(
     return;
   }
 
-  OAuth2TokenService::ScopeSet scopes;
+  identity::ScopeSet scopes;
   scopes.insert(GaiaConstants::kOAuth1LoginScope);
-  login_token_request_ = context_.StartAccessTokenRequest(scopes, this);
+  access_token_fetcher_ = context_.CreateAccessTokenFetcher(
+      kConsumerName, scopes,
+      base::BindOnce(&ArcBackgroundAuthCodeFetcher::OnAccessTokenFetchComplete,
+                     base::Unretained(this)));
 }
 
-void ArcBackgroundAuthCodeFetcher::OnGetTokenSuccess(
-    const OAuth2TokenService::Request* request,
-    const OAuth2AccessTokenConsumer::TokenResponse& token_response) {
+void ArcBackgroundAuthCodeFetcher::OnAccessTokenFetchComplete(
+    GoogleServiceAuthError error,
+    identity::AccessTokenInfo token_info) {
   ResetFetchers();
 
+  if (error.state() != GoogleServiceAuthError::NONE) {
+    LOG(WARNING) << "Failed to get LST " << error.ToString() << ".";
+    ReportResult(std::string(), OptInSilentAuthCode::NO_LST_TOKEN);
+    return;
+  }
+
   const std::string device_id = user_manager::known_user::GetDeviceId(
       multi_user_util::GetAccountIdFromProfile(profile_));
   DCHECK(!device_id.empty());
 
   base::DictionaryValue request_data;
-  request_data.SetString(kLoginScopedToken, token_response.access_token);
+  request_data.SetString(kLoginScopedToken, token_info.token);
   request_data.SetString(kDeviceType, kDeviceTypeArc);
   request_data.SetString(kDeviceId, device_id);
   std::string request_string;
@@ -142,14 +152,6 @@ void ArcBackgroundAuthCodeFetcher::OnGetTokenSuccess(
                      base::Unretained(this)));
 }
 
-void ArcBackgroundAuthCodeFetcher::OnGetTokenFailure(
-    const OAuth2TokenService::Request* request,
-    const GoogleServiceAuthError& error) {
-  LOG(WARNING) << "Failed to get LST " << error.ToString() << ".";
-  ResetFetchers();
-  ReportResult(std::string(), OptInSilentAuthCode::NO_LST_TOKEN);
-}
-
 void ArcBackgroundAuthCodeFetcher::OnSimpleLoaderComplete(
     std::unique_ptr<std::string> response_body) {
   int response_code = -1;
@@ -218,7 +220,7 @@ void ArcBackgroundAuthCodeFetcher::OnSimpleLoaderComplete(
 }
 
 void ArcBackgroundAuthCodeFetcher::ResetFetchers() {
-  login_token_request_.reset();
+  access_token_fetcher_.reset();
   simple_url_loader_.reset();
 }
 

chrome/browser/chromeos/arc/auth/arc_background_auth_code_fetcher.h

@@ -14,11 +14,15 @@
 #include "chrome/browser/chromeos/arc/arc_optin_uma.h"
 #include "chrome/browser/chromeos/arc/auth/arc_auth_code_fetcher.h"
 #include "chrome/browser/chromeos/arc/auth/arc_auth_context.h"
-#include "google_apis/gaia/oauth2_token_service.h"
 #include "net/url_request/url_fetcher_delegate.h"
 
 class Profile;
 
+namespace identity {
+class AccessTokenFetcher;
+struct AccessTokenInfo;
+}  // namespace identity
+
 namespace net {
 class URLRequestContextGetter;
 }  // namespace net
@@ -35,8 +39,7 @@ extern const char kAuthTokenExchangeEndPoint[];
 
 // The instance is not reusable, so for each Fetch(), the instance must be
 // re-created. Deleting the instance cancels inflight operation.
-class ArcBackgroundAuthCodeFetcher : public ArcAuthCodeFetcher,
-                                     public OAuth2TokenService::Consumer {
+class ArcBackgroundAuthCodeFetcher : public ArcAuthCodeFetcher {
  public:
   // |account_id| is the id used by the OAuth Token Service chain.
   ArcBackgroundAuthCodeFetcher(
@@ -56,12 +59,8 @@ class ArcBackgroundAuthCodeFetcher : public ArcAuthCodeFetcher,
   void ResetFetchers();
   void OnPrepared(net::URLRequestContextGetter* request_context_getter);
 
-  // OAuth2TokenService::Consumer:
-  void OnGetTokenSuccess(
-      const OAuth2TokenService::Request* request,
-      const OAuth2AccessTokenConsumer::TokenResponse& token_response) override;
-  void OnGetTokenFailure(const OAuth2TokenService::Request* request,
-                         const GoogleServiceAuthError& error) override;
+  void OnAccessTokenFetchComplete(GoogleServiceAuthError error,
+                                  identity::AccessTokenInfo token_info);
 
   void OnSimpleLoaderComplete(std::unique_ptr<std::string> response_body);
 
@@ -74,7 +73,7 @@ class ArcBackgroundAuthCodeFetcher : public ArcAuthCodeFetcher,
   ArcAuthContext context_;
   FetchCallback callback_;
 
-  std::unique_ptr<OAuth2TokenService::Request> login_token_request_;
+  std::unique_ptr<identity::AccessTokenFetcher> access_token_fetcher_;
   std::unique_ptr<network::SimpleURLLoader> simple_url_loader_;
 
   // Keeps context of account code request. |initial_signin_| is true if request