[identity] Save user's choice of an account in the remote consent flow

At the end of the remote consent flow, Gaia returns Chrome a gaia id of
an account chosen by the user. This change makes Chrome reuse this
account for the next getAuthToken() calls for the same extension.

For now, accounts are stored in memory with a TODO to migrate them to
the user preferences.

Bug: 1026237
Change-Id: Ibe52424b7131fbe44324ecb7b1a0e54d04cdf747
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2119520
Commit-Queue: Alex Ilin <alexilin@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#754934}

chrome/browser/extensions/api/identity/identity_api.cc

@@ -176,6 +176,20 @@ const IdentityAPI::CachedTokens& IdentityAPI::GetAllCachedTokens() {
   return token_cache_;
 }
 
+void IdentityAPI::SetGaiaIdForExtension(const std::string& extension_id,
+                                        const std::string& gaia_id) {
+  gaia_id_cache_[extension_id] = gaia_id;
+}
+
+const std::string& IdentityAPI::GetGaiaIdForExtension(
+    const std::string& extension_id) {
+  return gaia_id_cache_[extension_id];
+}
+
+void IdentityAPI::EraseAllGaiaIds() {
+  gaia_id_cache_.clear();
+}
+
 void IdentityAPI::SetConsentResult(const std::string& result,
                                    const std::string& window_id) {
   on_set_consent_result_callback_list_.Notify(result, window_id);

chrome/browser/extensions/api/identity/identity_api.h

@@ -88,6 +88,7 @@ class IdentityAPI : public BrowserContextKeyedAPI,
                     public signin::IdentityManager::Observer {
  public:
   using CachedTokens = std::map<ExtensionTokenKey, IdentityTokenCacheValue>;
+  using CachedGaiaIds = std::map<std::string, std::string>;
   using OnSetConsentResultSignature = void(const std::string&,
                                            const std::string&);
 
@@ -97,16 +98,22 @@ class IdentityAPI : public BrowserContextKeyedAPI,
   // Request serialization queue for getAuthToken.
   IdentityMintRequestQueue* mint_queue();
 
-  // Token cache
+  // Token cache.
   void SetCachedToken(const ExtensionTokenKey& key,
                       const IdentityTokenCacheValue& token_data);
   void EraseCachedToken(const std::string& extension_id,
                         const std::string& token);
   void EraseAllCachedTokens();
   const IdentityTokenCacheValue& GetCachedToken(const ExtensionTokenKey& key);
-
   const CachedTokens& GetAllCachedTokens();
 
+  // GAIA id cache.
+  // TODO(https://crbug.com/1026237): migrate storage to the user preferences.
+  void SetGaiaIdForExtension(const std::string& extension_id,
+                             const std::string& gaia_id);
+  const std::string& GetGaiaIdForExtension(const std::string& extension_id);
+  void EraseAllGaiaIds();
+
   // Consent result.
   void SetConsentResult(const std::string& result,
                         const std::string& window_id);
@@ -156,6 +163,7 @@ class IdentityAPI : public BrowserContextKeyedAPI,
   Profile* profile_;
   IdentityMintRequestQueue mint_queue_;
   CachedTokens token_cache_;
+  CachedGaiaIds gaia_id_cache_;
 
   OnSignInChangedCallback on_signin_changed_callback_for_testing_;
 

chrome/browser/extensions/api/identity/identity_get_auth_token_function.cc

@@ -136,6 +136,12 @@ ExtensionFunction::ResponseAction IdentityGetAuthTokenFunction::Run() {
   token_key_.scopes = scopes;
   token_key_.extension_id = extension()->id();
 
+  if (gaia_id.empty()) {
+    gaia_id = IdentityAPI::GetFactoryInstance()
+                  ->Get(GetProfile())
+                  ->GetGaiaIdForExtension(token_key_.extension_id);
+  }
+
   // From here on out, results must be returned asynchronously.
   StartAsyncRun();
 
@@ -316,6 +322,7 @@ void IdentityGetAuthTokenFunction::StartSigninFlow() {
   IdentityAPI* id_api =
       extensions::IdentityAPI::GetFactoryInstance()->Get(GetProfile());
   id_api->EraseAllCachedTokens();
+  id_api->EraseAllGaiaIds();
 
   // If the signin flow fails, don't display the login prompt again.
   should_prompt_for_signin_ = false;
@@ -727,8 +734,6 @@ void IdentityGetAuthTokenFunction::OnGaiaRemoteConsentFlowFailed(
 void IdentityGetAuthTokenFunction::OnGaiaRemoteConsentFlowApproved(
     const std::string& consent_result,
     const std::string& gaia_id) {
-  // TODO(crbug.com/1026237): Reuse the same gaia id for this extension the next
-  // time.
   TRACE_EVENT_NESTABLE_ASYNC_INSTANT1(
       "identity", "OnGaiaRemoteConsentFlowApproved", this, "gaia_id", gaia_id);
   DCHECK(!consent_result.empty());
@@ -742,15 +747,16 @@ void IdentityGetAuthTokenFunction::OnGaiaRemoteConsentFlowApproved(
     return;
   }
 
+  IdentityAPI* id_api = IdentityAPI::GetFactoryInstance()->Get(GetProfile());
+  id_api->SetGaiaIdForExtension(token_key_.extension_id, gaia_id);
+
   token_key_.account_id = account->account_id;
   consent_result_ = consent_result;
   should_prompt_for_scopes_ = false;
   should_prompt_for_signin_ = false;
-  IdentityAPI::GetFactoryInstance()
-      ->Get(GetProfile())
-      ->SetCachedToken(
-          token_key_,
-          IdentityTokenCacheValue::CreateRemoteConsentApproved(consent_result));
+  id_api->SetCachedToken(
+      token_key_,
+      IdentityTokenCacheValue::CreateRemoteConsentApproved(consent_result));
   StartMintTokenFlow(IdentityMintRequestQueue::MINT_TYPE_NONINTERACTIVE);
 }