Public API for signing in to ChromeWebView

Bug: 753660
Change-Id: I52b05e132bde91651fc4c8cae944fc650812d72e
Reviewed-on: https://chromium-review.googlesource.com/659481
Commit-Queue: John Wu <jzw@chromium.org>
Reviewed-by: Eugene But <eugenebut@chromium.org>
Reviewed-by: Hiroshi Ichikawa <ichikawa@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506627}

ios/web_view/BUILD.gn

@@ -43,6 +43,15 @@ ios_web_view_public_headers = [
   "public/cwv_web_view.h",
   "public/cwv_web_view_configuration.h",
 ]
+if (ios_web_view_enable_sync) {
+  ios_web_view_public_headers += [
+    "public/ChromeSync.h",
+    "public/cwv_authentication_controller.h",
+    "public/cwv_authentication_controller_delegate.h",
+    "public/cwv_identity.h",
+    "public/cwv_web_view_configuration+sync.h",
+  ]
+}
 
 ios_web_view_sources = [
   "internal/app/application_context.cc",
@@ -127,6 +136,14 @@ ios_web_view_sources = [
   "internal/web_view_web_state_policy_decider.mm",
 ]
 ios_web_view_sources += ios_web_view_public_headers
+if (ios_web_view_enable_sync) {
+  ios_web_view_sources += [
+    "internal/cwv_web_view_configuration+sync.mm",
+    "internal/signin/cwv_authentication_controller.mm",
+    "internal/signin/cwv_authentication_controller_internal.h",
+    "internal/signin/cwv_identity.mm",
+  ]
+}
 
 ios_web_view_deps = [
   ":packed_resources",
@@ -142,6 +159,7 @@ ios_web_view_deps = [
   "//components/proxy_config",
   "//components/signin/core/browser",
   "//components/signin/ios/browser",
+  "//components/signin/ios/browser:active_state_manager",
   "//components/ssl_config",
   "//components/translate/core/browser",
   "//components/translate/core/common",
@@ -174,6 +192,9 @@ ios_framework_bundle("web_view") {
   public = [
     "public/ChromeWebView.h",
   ]
+  if (ios_web_view_enable_sync) {
+    public += [ "public/ChromeSync.h" ]
+  }
 
   sources = ios_web_view_sources
   if (ios_web_view_include_cronet) {

ios/web_view/features.gni

@@ -7,7 +7,7 @@ declare_args() {
   ios_web_view_include_cronet = false
 
   # Controls if sign and sync APIs are exposed.
-  ios_web_view_enable_sync = false
+  ios_web_view_enable_sync = true
 
   # Controls the output name of the built framework.
   ios_web_view_output_name = "ChromeWebView"

ios/web_view/internal/app/application_context.cc

@@ -15,6 +15,7 @@
 #include "components/prefs/pref_service.h"
 #include "components/prefs/pref_service_factory.h"
 #include "components/proxy_config/pref_proxy_config_tracker_impl.h"
+#include "components/signin/core/browser/signin_manager_base.h"
 #include "components/ssl_config/ssl_config_service_manager.h"
 #include "components/translate/core/browser/translate_download_manager.h"
 #include "ios/web/public/web_thread.h"
@@ -70,6 +71,7 @@ PrefService* ApplicationContext::GetLocalState() {
     flags_ui::PrefServiceFlagsStorage::RegisterPrefs(pref_registry.get());
     PrefProxyConfigTrackerImpl::RegisterPrefs(pref_registry.get());
     ssl_config::SSLConfigServiceManager::RegisterPrefs(pref_registry.get());
+    SigninManagerBase::RegisterPrefs(pref_registry.get());
 
     base::FilePath local_state_path;
     PathService::Get(base::DIR_APP_DATA, &local_state_path);

ios/web_view/internal/cwv_web_view_configuration+sync.mm

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#import "ios/web_view/internal/cwv_web_view_configuration_internal.h"
+
+#import <objc/runtime.h>
+
+#import "ios/web_view/internal/signin/cwv_authentication_controller_internal.h"
+#include "ios/web_view/internal/web_view_browser_state.h"
+
+@implementation CWVWebViewConfiguration (Sync)
+
+- (CWVAuthenticationController*)authenticationController {
+  CWVAuthenticationController* authenticationController =
+      objc_getAssociatedObject(self, @selector(authenticationController));
+  ios_web_view::WebViewBrowserState* browserState = self.browserState;
+  if (!authenticationController && !browserState->IsOffTheRecord()) {
+    authenticationController =
+        [[CWVAuthenticationController alloc] initWithBrowserState:browserState];
+    objc_setAssociatedObject(self, @selector(authenticationController),
+                             authenticationController,
+                             OBJC_ASSOCIATION_RETAIN_NONATOMIC);
+  }
+  return authenticationController;
+}
+
+@end

ios/web_view/internal/cwv_web_view_configuration.mm

@@ -38,8 +38,8 @@
   dispatch_once(&onceToken, ^{
     auto browserState =
         base::MakeUnique<ios_web_view::WebViewBrowserState>(false);
-    defaultConfiguration =
-        [[self alloc] initWithBrowserState:std::move(browserState)];
+    defaultConfiguration = [[CWVWebViewConfiguration alloc]
+        initWithBrowserState:std::move(browserState)];
   });
   return defaultConfiguration;
 }
@@ -50,8 +50,8 @@
   dispatch_once(&onceToken, ^{
     auto browserState =
         base::MakeUnique<ios_web_view::WebViewBrowserState>(true);
-    incognitoConfiguration =
-        [[self alloc] initWithBrowserState:std::move(browserState)];
+    incognitoConfiguration = [[CWVWebViewConfiguration alloc]
+        initWithBrowserState:std::move(browserState)];
   });
   return incognitoConfiguration;
 }

ios/web_view/internal/signin/cwv_authentication_controller.mm

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#import "ios/web_view/internal/signin/cwv_authentication_controller_internal.h"
+
+#include "base/strings/sys_string_conversions.h"
+#include "components/signin/core/browser/account_info.h"
+#include "components/signin/core/browser/account_tracker_service.h"
+#include "components/signin/core/browser/profile_oauth2_token_service.h"
+#include "components/signin/core/browser/signin_manager.h"
+#include "components/signin/ios/browser/profile_oauth2_token_service_ios_delegate.h"
+#include "ios/web_view/internal/signin/web_view_account_tracker_service_factory.h"
+#include "ios/web_view/internal/signin/web_view_oauth2_token_service_factory.h"
+#include "ios/web_view/internal/signin/web_view_signin_manager_factory.h"
+#include "ios/web_view/internal/web_view_browser_state.h"
+#import "ios/web_view/public/cwv_authentication_controller_delegate.h"
+#import "ios/web_view/public/cwv_identity.h"
+
+#if !defined(__has_feature) || !__has_feature(objc_arc)
+#error "This file requires ARC support."
+#endif
+
+@implementation CWVAuthenticationController {
+  ios_web_view::WebViewBrowserState* _browserState;
+}
+
+@synthesize delegate = _delegate;
+
+- (instancetype)initWithBrowserState:
+    (ios_web_view::WebViewBrowserState*)browserState {
+  self = [super init];
+  if (self) {
+    _browserState = browserState;
+  }
+  return self;
+}
+
+#pragma mark - Public Methods
+
+- (void)setDelegate:(id<CWVAuthenticationControllerDelegate>)delegate {
+  _delegate = delegate;
+
+  std::string authenticatedAccountID = [self authenticatedAccountID];
+  if (!authenticatedAccountID.empty()) {
+    [self tokenService]->LoadCredentials(authenticatedAccountID);
+  }
+}
+
+- (CWVIdentity*)currentIdentity {
+  AccountInfo accountInfo =
+      [self accountInfoForAccountID:[self authenticatedAccountID]];
+  if (!accountInfo.IsValid()) {
+    return nil;
+  }
+  NSString* email = base::SysUTF8ToNSString(accountInfo.email);
+  NSString* fullName = base::SysUTF8ToNSString(accountInfo.full_name);
+  NSString* gaiaID = base::SysUTF8ToNSString(accountInfo.gaia);
+  return
+      [[CWVIdentity alloc] initWithEmail:email fullName:fullName gaiaID:gaiaID];
+}
+
+- (void)signInWithIdentity:(CWVIdentity*)identity {
+  AccountTrackerService* accountTracker =
+      ios_web_view::WebViewAccountTrackerServiceFactory::GetForBrowserState(
+          _browserState);
+  AccountInfo info;
+  info.gaia = base::SysNSStringToUTF8(identity.gaiaID);
+  info.email = base::SysNSStringToUTF8(identity.email);
+  info.full_name = base::SysNSStringToUTF8(identity.fullName);
+  std::string newAuthenticatedAccountID = accountTracker->SeedAccountInfo(info);
+  std::string oldAuthenticatedAccountID = [self authenticatedAccountID];
+  ios_web_view::WebViewSigninManagerFactory::GetForBrowserState(_browserState)
+      ->GetAuthenticatedAccountId();
+
+  // Assert if already signed in as a different user.
+  if (!oldAuthenticatedAccountID.empty())
+    CHECK_EQ(newAuthenticatedAccountID, oldAuthenticatedAccountID);
+
+  std::string newAuthenticatedEmail =
+      [self accountInfoForAccountID:newAuthenticatedAccountID].email;
+  ios_web_view::WebViewSigninManagerFactory::GetForBrowserState(_browserState)
+      ->OnExternalSigninCompleted(newAuthenticatedEmail);
+
+  [self tokenServiceDelegate]->ReloadCredentials(newAuthenticatedAccountID);
+}
+
+- (void)signOut {
+  ios_web_view::WebViewSigninManagerFactory::GetForBrowserState(_browserState)
+      ->SignOut(signin_metrics::ProfileSignout::USER_CLICKED_SIGNOUT_SETTINGS,
+                signin_metrics::SignoutDelete::IGNORE_METRIC);
+}
+
+#pragma mark - Private Methods
+
+- (ProfileOAuth2TokenService*)tokenService {
+  return ios_web_view::WebViewOAuth2TokenServiceFactory::GetForBrowserState(
+      _browserState);
+}
+
+- (ProfileOAuth2TokenServiceIOSDelegate*)tokenServiceDelegate {
+  return static_cast<ProfileOAuth2TokenServiceIOSDelegate*>(
+      [self tokenService]->GetDelegate());
+}
+
+- (std::string)authenticatedAccountID {
+  return ios_web_view::WebViewSigninManagerFactory::GetForBrowserState(
+             _browserState)
+      ->GetAuthenticatedAccountId();
+}
+
+- (AccountInfo)accountInfoForAccountID:(const std::string&)accountID {
+  AccountTrackerService* accountTracker =
+      ios_web_view::WebViewAccountTrackerServiceFactory::GetForBrowserState(
+          _browserState);
+  return accountTracker->GetAccountInfo(accountID);
+}
+
+@end

ios/web_view/internal/signin/cwv_authentication_controller_internal.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_VIEW_INTERNAL_SIGNIN_CWV_AUTHENTICATION_CONTROLLER_INTERNAL_H
+#define IOS_WEB_VIEW_INTERNAL_SIGNIN_CWV_AUTHENTICATION_CONTROLLER_INTERNAL_H
+
+#import "ios/web_view/public/cwv_authentication_controller.h"
+
+namespace ios_web_view {
+class WebViewBrowserState;
+}  // namespace ios_web_view
+
+@interface CWVAuthenticationController ()
+
+// |browserState| must outlive this class.
+- (instancetype)initWithBrowserState:
+    (ios_web_view::WebViewBrowserState*)browserState NS_DESIGNATED_INITIALIZER;
+
+@end
+
+#endif  // IOS_WEB_VIEW_INTERNAL_CWV_AUTHENTICATION_CONTROLLER_INTERNAL_H

ios/web_view/internal/signin/cwv_identity.mm

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#import "ios/web_view/public/cwv_identity.h"
+
+#if !defined(__has_feature) || !__has_feature(objc_arc)
+#error "This file requires ARC support."
+#endif
+
+@implementation CWVIdentity
+
+@synthesize email = _email;
+@synthesize fullName = _fullName;
+@synthesize gaiaID = _gaiaID;
+
+- (instancetype)initWithEmail:(NSString*)email
+                     fullName:(nullable NSString*)fullName
+                       gaiaID:(NSString*)gaiaID {
+  self = [super init];
+  if (self) {
+    _email = [email copy];
+    _fullName = [fullName copy];
+    _gaiaID = [gaiaID copy];
+  }
+  return self;
+}
+
+@end

ios/web_view/internal/signin/web_view_oauth2_token_service_factory.mm

@@ -10,11 +10,13 @@
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/ios/browser/profile_oauth2_token_service_ios_delegate.h"
+#import "ios/web_view/internal/cwv_web_view_configuration_internal.h"
 #include "ios/web_view/internal/signin/web_view_account_tracker_service_factory.h"
 #include "ios/web_view/internal/signin/web_view_profile_oauth2_token_service_ios_provider_impl.h"
 #include "ios/web_view/internal/signin/web_view_signin_client_factory.h"
 #include "ios/web_view/internal/signin/web_view_signin_error_controller_factory.h"
 #include "ios/web_view/internal/web_view_browser_state.h"
+#import "ios/web_view/public/cwv_web_view_configuration+sync.h"
 
 namespace ios_web_view {
 
@@ -49,9 +51,13 @@ WebViewOAuth2TokenServiceFactory::BuildServiceInstanceFor(
     web::BrowserState* context) const {
   WebViewBrowserState* browser_state =
       WebViewBrowserState::FromBrowserState(context);
+  CWVWebViewConfiguration* web_view_configuration =
+      [CWVWebViewConfiguration defaultConfiguration];
+  DCHECK_EQ(web_view_configuration.browserState, browser_state);
   auto delegate = base::MakeUnique<ProfileOAuth2TokenServiceIOSDelegate>(
       WebViewSigninClientFactory::GetForBrowserState(browser_state),
-      base::MakeUnique<WebViewProfileOAuth2TokenServiceIOSProviderImpl>(),
+      base::MakeUnique<WebViewProfileOAuth2TokenServiceIOSProviderImpl>(
+          web_view_configuration.authenticationController),
       WebViewAccountTrackerServiceFactory::GetForBrowserState(browser_state),
       WebViewSigninErrorControllerFactory::GetForBrowserState(browser_state));
   return base::MakeUnique<ProfileOAuth2TokenService>(std::move(delegate));

ios/web_view/internal/signin/web_view_profile_oauth2_token_service_ios_provider_impl.h

@@ -8,15 +8,19 @@
 #include <string>
 #include <vector>
 
+#include "base/ios/weak_nsobject.h"
 #include "base/macros.h"
 #include "components/signin/ios/browser/profile_oauth2_token_service_ios_provider.h"
 
+@class CWVAuthenticationController;
+
 // Implementation of ProfileOAuth2TokenServiceIOSProvider.
 class WebViewProfileOAuth2TokenServiceIOSProviderImpl
     : public ProfileOAuth2TokenServiceIOSProvider {
  public:
-  WebViewProfileOAuth2TokenServiceIOSProviderImpl() = default;
-  ~WebViewProfileOAuth2TokenServiceIOSProviderImpl() override = default;
+  WebViewProfileOAuth2TokenServiceIOSProviderImpl(
+      CWVAuthenticationController* controller);
+  ~WebViewProfileOAuth2TokenServiceIOSProviderImpl() override;
 
   // ios::ProfileOAuth2TokenServiceIOSProvider
   void GetAccessToken(const std::string& gaia_id,
@@ -30,6 +34,8 @@ class WebViewProfileOAuth2TokenServiceIOSProviderImpl
       NSError* error) const override;
 
  private:
+  base::WeakNSObject<CWVAuthenticationController> controller_;
+
   DISALLOW_COPY_AND_ASSIGN(WebViewProfileOAuth2TokenServiceIOSProviderImpl);
 };
 

ios/web_view/internal/signin/web_view_profile_oauth2_token_service_ios_provider_impl.mm

@@ -6,21 +6,70 @@
 
 #include "base/logging.h"
 #include "base/strings/sys_string_conversions.h"
+#import "ios/web_view/internal/signin/cwv_authentication_controller_internal.h"
+#import "ios/web_view/public/cwv_authentication_controller_delegate.h"
+#import "ios/web_view/public/cwv_identity.h"
 
 #if !defined(__has_feature) || !__has_feature(objc_arc)
 #error "This file requires ARC support."
 #endif
 
+WebViewProfileOAuth2TokenServiceIOSProviderImpl::
+    WebViewProfileOAuth2TokenServiceIOSProviderImpl(
+        CWVAuthenticationController* controller)
+    : controller_(controller) {}
+
+WebViewProfileOAuth2TokenServiceIOSProviderImpl::
+    ~WebViewProfileOAuth2TokenServiceIOSProviderImpl() = default;
+
 void WebViewProfileOAuth2TokenServiceIOSProviderImpl::GetAccessToken(
     const std::string& gaia_id,
     const std::string& client_id,
     const std::string& client_secret,
     const std::set<std::string>& scopes,
-    const AccessTokenCallback& callback) {}
+    const AccessTokenCallback& callback) {
+  if (![controller_ delegate]) {
+    return;
+  }
+  AccessTokenCallback scoped_callback = callback;
+
+  NSString* ns_gaia_id = base::SysUTF8ToNSString(gaia_id);
+  NSString* ns_client_id = base::SysUTF8ToNSString(client_id);
+  NSString* ns_client_secret = base::SysUTF8ToNSString(client_secret);
+  NSMutableArray* scopes_array = [[NSMutableArray alloc] init];
+  for (const auto& scope : scopes) {
+    [scopes_array addObject:base::SysUTF8ToNSString(scope)];
+  }
+  void (^token_callback)(NSString*, NSDate*, NSError*) =
+      ^void(NSString* token, NSDate* expiration, NSError* error) {
+        if (!scoped_callback.is_null()) {
+          scoped_callback.Run(token, expiration, error);
+        }
+      };
+
+  [[controller_ delegate] authenticationController:controller_.get()
+                           getAccessTokenForGaiaID:ns_gaia_id
+                                          clientID:ns_client_id
+                                      clientSecret:ns_client_secret
+                                            scopes:scopes_array
+                                 completionHandler:token_callback];
+}
 
 std::vector<ProfileOAuth2TokenServiceIOSProvider::AccountInfo>
 WebViewProfileOAuth2TokenServiceIOSProviderImpl::GetAllAccounts() const {
-  return {};
+  if (![controller_ delegate]) {
+    return {};
+  }
+  NSArray<CWVIdentity*>* identities = [[controller_ delegate]
+      allIdentitiesForAuthenticationController:controller_.get()];
+  std::vector<ProfileOAuth2TokenServiceIOSProvider::AccountInfo> accounts;
+  for (CWVIdentity* identity in identities) {
+    ProfileOAuth2TokenServiceIOSProvider::AccountInfo account;
+    account.email = base::SysNSStringToUTF8(identity.email);
+    account.gaia = base::SysNSStringToUTF8(identity.gaiaID);
+    accounts.push_back(account);
+  }
+  return accounts;
 }
 
 AuthenticationErrorCategory

ios/web_view/internal/web_view_browser_state.mm

@@ -12,11 +12,13 @@
 #include "base/message_loop/message_loop.h"
 #include "base/path_service.h"
 #include "base/threading/thread_restrictions.h"
+#include "components/keyed_service/ios/browser_state_dependency_manager.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/prefs/in_memory_pref_store.h"
 #include "components/prefs/json_pref_store.h"
 #include "components/prefs/pref_filter.h"
 #include "components/prefs/pref_service_factory.h"
+#include "components/signin/ios/browser/active_state_manager.h"
 #include "components/translate/core/browser/translate_pref_names.h"
 #include "components/translate/core/browser/translate_prefs.h"
 #include "ios/web/public/web_thread.h"
@@ -66,9 +68,19 @@ WebViewBrowserState::WebViewBrowserState(bool off_the_record)
   prefs_ = factory.Create(pref_registry.get());
 
   base::ThreadRestrictions::SetIOAllowed(wasIOAllowed);
+
+  ActiveStateManager* active_state_manager =
+      ActiveStateManager::FromBrowserState(this);
+  active_state_manager->SetActive(true);
+
+  BrowserStateDependencyManager::GetInstance()->CreateBrowserStateServices(
+      this);
 }
 
-WebViewBrowserState::~WebViewBrowserState() = default;
+WebViewBrowserState::~WebViewBrowserState() {
+  BrowserStateDependencyManager::GetInstance()->DestroyBrowserStateServices(
+      this);
+}
 
 PrefService* WebViewBrowserState::GetPrefs() {
   DCHECK(prefs_);
@@ -102,6 +114,9 @@ void WebViewBrowserState::RegisterPrefs(
                                     l10n_util::GetLocaleOverride());
   pref_registry->RegisterBooleanPref(prefs::kEnableTranslate, true);
   translate::TranslatePrefs::RegisterProfilePrefs(pref_registry);
+
+  BrowserStateDependencyManager::GetInstance()
+      ->RegisterBrowserStatePrefsForServices(this, pref_registry);
 }
 
 }  // namespace ios_web_view

ios/web_view/internal/web_view_web_main_parts.mm

@@ -6,7 +6,17 @@
 
 #include "base/base_paths.h"
 #include "base/path_service.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
 #include "ios/web_view/internal/app/application_context.h"
+#include "ios/web_view/internal/content_settings/web_view_cookie_settings_factory.h"
+#include "ios/web_view/internal/content_settings/web_view_host_content_settings_map_factory.h"
+#include "ios/web_view/internal/signin/web_view_account_fetcher_service_factory.h"
+#include "ios/web_view/internal/signin/web_view_account_tracker_service_factory.h"
+#include "ios/web_view/internal/signin/web_view_gaia_cookie_manager_service_factory.h"
+#include "ios/web_view/internal/signin/web_view_oauth2_token_service_factory.h"
+#include "ios/web_view/internal/signin/web_view_signin_client_factory.h"
+#include "ios/web_view/internal/signin/web_view_signin_error_controller_factory.h"
+#include "ios/web_view/internal/signin/web_view_signin_manager_factory.h"
 #include "ios/web_view/internal/translate/web_view_translate_service.h"
 #include "ui/base/l10n/l10n_util_mac.h"
 #include "ui/base/resource/resource_bundle.h"
@@ -43,6 +53,19 @@ void WebViewWebMainParts::PreCreateThreads() {
 
 void WebViewWebMainParts::PreMainMessageLoopRun() {
   WebViewTranslateService::GetInstance()->Initialize();
+
+  WebViewCookieSettingsFactory::GetInstance();
+  WebViewHostContentSettingsMapFactory::GetInstance();
+  WebViewAccountFetcherServiceFactory::GetInstance();
+  WebViewAccountTrackerServiceFactory::GetInstance();
+  WebViewGaiaCookieManagerServiceFactory::GetInstance();
+  WebViewOAuth2TokenServiceFactory::GetInstance();
+  WebViewSigninClientFactory::GetInstance();
+  WebViewSigninErrorControllerFactory::GetInstance();
+  WebViewSigninManagerFactory::GetInstance();
+
+  ContentSettingsPattern::SetNonWildcardDomainNonPortSchemes(
+      /*schemes=*/nullptr, 0);
 }
 
 void WebViewWebMainParts::PostMainMessageLoopRun() {

ios/web_view/public/ChromeSync.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_VIEW_PUBLIC_CHROMESYNC_H_
+#define IOS_WEB_VIEW_PUBLIC_CHROMESYNC_H_
+
+// NOTE: Relative imports are used throughout the implementation of
+// ChromeWebView. Framework style imports can't be used because multiple
+// frameworks are built from ios/web_view with different output names.
+
+#import "cwv_authentication_controller.h"
+#import "cwv_authentication_controller_delegate.h"
+#import "cwv_identity.h"
+#import "cwv_web_view_configuration+sync.h"
+
+#endif  // IOS_WEB_VIEW_PUBLIC_CHROMESYNC_H_

ios/web_view/public/cwv_authentication_controller.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_VIEW_PUBLIC_CWV_AUTHENTICATION_CONTROLLER_H
+#define IOS_WEB_VIEW_PUBLIC_CWV_AUTHENTICATION_CONTROLLER_H
+
+#import <Foundation/Foundation.h>
+
+#import "cwv_export.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+@protocol CWVAuthenticationControllerDelegate;
+@class CWVIdentity;
+
+// Controller used to manage authentication.
+CWV_EXPORT
+@interface CWVAuthenticationController : NSObject
+
+// Delegate used to provide account information.
+@property(nonatomic, weak, nullable) id<CWVAuthenticationControllerDelegate>
+    delegate;
+
+// The signed in user, if any.
+@property(nonatomic, readonly, nullable) CWVIdentity* currentIdentity;
+
+- (instancetype)init NS_UNAVAILABLE;
+
+// Logs in with |identity| into ChromeWebView.
+// Causes an assertion failure if |currentIdentity| is non-nil and
+// different from |identity|.
+- (void)signInWithIdentity:(CWVIdentity*)identity;
+
+// Logs out |currentIdentity|.
+- (void)signOut;
+
+@end
+
+NS_ASSUME_NONNULL_END
+
+#endif  // IOS_WEB_VIEW_PUBLIC_CWV_AUTHENTICATION_CONTROLLER_H

ios/web_view/public/cwv_authentication_controller_delegate.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#import <Foundation/Foundation.h>
+
+#import "cwv_export.h"
+
+#ifndef IOS_WEB_VIEW_PUBLIC_CWV_AUTHENTICATION_CONTROLLER_DELEGATE_H
+#define IOS_WEB_VIEW_PUBLIC_CWV_AUTHENTICATION_CONTROLLER_DELEGATE_H
+
+NS_ASSUME_NONNULL_BEGIN
+
+// |accessToken| OAuth2 access token.
+// |expirationDate| Expiration date of |accessToken|.
+// |error| Error object to provide if |accessToken| was unable to fetched.
+typedef void (^TokenCompletionHandler)(NSString* _Nullable accessToken,
+                                       NSDate* _Nullable expirationDate,
+                                       NSError* _Nullable error);
+
+@class CWVAuthenticationController;
+
+CWV_EXPORT
+@protocol CWVAuthenticationControllerDelegate<NSObject>
+
+// Called when ChromeWebView needs an access token.
+// See go/ios-sso-library for documentation on the following parameters.
+// |gaiaID| The GaiaID of the user whose access token is requested.
+// |clientID| The clientID of ChromeWebView. Used to verify it is the same as
+// the one passed to CWVWebView and SSO.
+// |clientSecret| The clientSecret of ChromeWebView. Used like |clientID|.
+// |scopes| The OAuth scopes requested.
+// |completionHandler| Used to return access tokens, expiration date, and error.
+- (void)authenticationController:(CWVAuthenticationController*)controller
+         getAccessTokenForGaiaID:(NSString*)gaiaID
+                        clientID:(NSString*)clientID
+                    clientSecret:(NSString*)clientSecret
+                          scopes:(NSArray<NSString*>*)scopes
+               completionHandler:(TokenCompletionHandler)completionHandler;
+
+// Called when ChromeWebView needs a list of all SSO identities.
+// Every identity returned here may be reflected in google web properties.
+// This will not be called unless signed in.
+// Must at least contain signed in user.
+- (NSArray<CWVIdentity*>*)allIdentitiesForAuthenticationController:
+    (CWVAuthenticationController*)controller;
+
+@end
+
+NS_ASSUME_NONNULL_END
+
+#endif  // IOS_WEB_VIEW_PUBLIC_CWV_AUTHENTICATION_CONTROLLER_DELEGATE_H

ios/web_view/public/cwv_identity.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_VIEW_PUBLIC_CWV_IDENTITY_H_
+#define IOS_WEB_VIEW_PUBLIC_CWV_IDENTITY_H_
+
+#import <Foundation/Foundation.h>
+
+#import "cwv_export.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+CWV_EXPORT
+@interface CWVIdentity : NSObject
+
+- (instancetype)initWithEmail:(NSString*)email
+                     fullName:(nullable NSString*)fullName
+                       gaiaID:(NSString*)gaiaID NS_DESIGNATED_INITIALIZER;
+
+- (instancetype)init NS_UNAVAILABLE;
+
+// Identity/account email address. This can be shown to the user, but is not a
+// unique identifier (@see gaiaID).
+@property(nonatomic, copy, readonly) NSString* email;
+
+// Returns the full name of the identity.
+// Could be nil if no full name has been fetched for this account yet.
+@property(nonatomic, copy, readonly, nullable) NSString* fullName;
+
+// The unique GAIA user identifier for this identity/account.
+// Use this as a unique identifier to remember a particular identity.
+// Use SSOIdentity's |userID| property. See go/ios-sso-library for more info.
+@property(nonatomic, copy, readonly) NSString* gaiaID;
+
+@end
+
+NS_ASSUME_NONNULL_END
+
+#endif  // IOS_WEB_VIEW_PUBLIC_CWV_IDENTITY_H_

ios/web_view/public/cwv_web_view_configuration+sync.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_VIEW_PUBLIC_CWV_WEB_VIEW_CONFIGURATION_SYNC_H_
+#define IOS_WEB_VIEW_PUBLIC_CWV_WEB_VIEW_CONFIGURATION_SYNC_H_
+
+#import "ios/web_view/public/cwv_web_view_configuration.h"
+
+@class CWVAuthenticationController;
+
+@interface CWVWebViewConfiguration (Sync)
+
+// This web view configuration's authentication controller.
+// Nil if CWVWebViewConfiguration is created with +incognitoConfiguration.
+@property(nonatomic, readonly, nullable)
+    CWVAuthenticationController* authenticationController;
+
+@end
+
+#endif  // IOS_WEB_VIEW_PUBLIC_CWV_WEB_VIEW_CONFIGURATION_SYNC_H_