Move the token validation from DeviceO2TSDelegate to DeviceO2TS

This CL is a part of moving access token management to
OAuth2AccessTokenManager.

It is specifically a step toward folding
DeviceO2TSDelegate into DeviceO2TS now that the latter
is no longer an O2TS subclass.

It moves the code for the token validation including
StartValidation() and RequestValidation(). DeviceO2TS
inherits from gaia::GaiaOAuthClient::Delegate and
implements methods. When StartValidation() is called,
it creates |gaia_oauth_client_| with |this| and gets
errors or responses.

Bug: 967598
Change-Id: I268e1a7f2909f77170279e178c95c354a45ca1a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1697126
Commit-Queue: Julie Jeongeun Kim <jkim@igalia.com>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#676368}

chrome/browser/chromeos/settings/device_oauth2_token_service.cc

@@ -21,6 +21,8 @@
 #include "components/policy/proto/device_management_backend.pb.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
+#include "google_apis/gaia/gaia_constants.h"
+#include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_fetcher.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
@@ -56,6 +58,10 @@ DeviceOAuth2TokenService::DeviceOAuth2TokenService(
     scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
     PrefService* local_state)
     : local_state_(local_state),
+      state_(STATE_LOADING),
+      max_refresh_token_validation_retries_(3),
+      validation_requested_(false),
+      validation_status_delegate_(nullptr),
       service_account_identity_subscription_(
           CrosSettings::Get()->AddSettingsObserver(
               kServiceAccountIdentity,
@@ -67,7 +73,7 @@ DeviceOAuth2TokenService::DeviceOAuth2TokenService(
       url_loader_factory, this);
   token_manager_ = std::make_unique<OAuth2AccessTokenManager>(
       this /* OAuth2AccessTokenManager::Delegate* */);
-  delegate_->InitializeWithValidationStatusDelegate(this);
+  InitializeWithValidationStatusDelegate(this);
   // Pull in the system salt.
   SystemSaltGetter::Get()->GetSystemSalt(
       base::Bind(&DeviceOAuth2TokenService::DidGetSystemSalt,
@@ -76,7 +82,7 @@ DeviceOAuth2TokenService::DeviceOAuth2TokenService(
 
 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() {
   FlushTokenSaveCallbacks(false);
-  delegate_->ClearValidationStatusDelegate();
+  ClearValidationStatusDelegate();
   FlushPendingRequests(false, GoogleServiceAuthError::REQUEST_CANCELED);
 }
 
@@ -89,13 +95,11 @@ void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) {
 void DeviceOAuth2TokenService::SetAndSaveRefreshToken(
     const std::string& refresh_token,
     const StatusCallback& result_callback) {
-  delegate_->ReportServiceError(GoogleServiceAuthError::REQUEST_CANCELED);
+  ReportServiceError(GoogleServiceAuthError::REQUEST_CANCELED);
 
-  bool waiting_for_salt =
-      delegate_->state_ == DeviceOAuth2TokenServiceDelegate::STATE_LOADING;
+  bool waiting_for_salt = state_ == STATE_LOADING;
   refresh_token_ = refresh_token;
-  delegate_->state_ =
-      DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_PENDING;
+  state_ = STATE_VALIDATION_PENDING;
 
   // If the robot account ID is not available yet, do not announce the token. It
   // will be done from OnServiceAccountIdentityChanged() once the robot account
@@ -163,6 +167,38 @@ OAuth2AccessTokenManager* DeviceOAuth2TokenService::GetAccessTokenManager() {
   return token_manager_.get();
 }
 
+void DeviceOAuth2TokenService::OnRefreshTokenResponse(
+    const std::string& access_token,
+    int expires_in_seconds) {
+  gaia_oauth_client_->GetTokenInfo(access_token,
+                                   max_refresh_token_validation_retries_, this);
+}
+
+void DeviceOAuth2TokenService::OnGetTokenInfoResponse(
+    std::unique_ptr<base::DictionaryValue> token_info) {
+  std::string gaia_robot_id;
+  // For robot accounts email id is the account id.
+  token_info->GetString("email", &gaia_robot_id);
+  gaia_oauth_client_.reset();
+
+  CheckRobotAccountId(CoreAccountId(gaia_robot_id));
+}
+
+void DeviceOAuth2TokenService::OnOAuthError() {
+  gaia_oauth_client_.reset();
+  state_ = STATE_TOKEN_INVALID;
+  ReportServiceError(GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
+}
+
+void DeviceOAuth2TokenService::OnNetworkError(int response_code) {
+  gaia_oauth_client_.reset();
+
+  // Go back to pending validation state. That'll allow a retry on subsequent
+  // token minting requests.
+  state_ = STATE_VALIDATION_PENDING;
+  ReportServiceError(GoogleServiceAuthError::CONNECTION_FAILED);
+}
+
 std::unique_ptr<OAuth2AccessTokenFetcher>
 DeviceOAuth2TokenService::CreateAccessTokenFetcher(
     const CoreAccountId& account_id,
@@ -201,30 +237,30 @@ bool DeviceOAuth2TokenService::HandleAccessTokenFetch(
     const std::string& client_id,
     const std::string& client_secret,
     const OAuth2AccessTokenManager::ScopeSet& scopes) {
-  switch (delegate_->state_) {
-    case DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_PENDING:
+  switch (state_) {
+    case STATE_VALIDATION_PENDING:
       // If this is the first request for a token, start validation.
-      delegate_->StartValidation();
+      StartValidation();
       FALLTHROUGH;
-    case DeviceOAuth2TokenServiceDelegate::STATE_LOADING:
-    case DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_STARTED:
+    case STATE_LOADING:
+    case STATE_VALIDATION_STARTED:
       // Add a pending request that will be satisfied once validation completes.
       pending_requests_.push_back(new PendingRequest(
           request->AsWeakPtr(), client_id, client_secret, scopes));
-      delegate_->RequestValidation();
+      RequestValidation();
       return true;
-    case DeviceOAuth2TokenServiceDelegate::STATE_NO_TOKEN:
+    case STATE_NO_TOKEN:
       FailRequest(request, GoogleServiceAuthError::USER_NOT_SIGNED_UP);
       return true;
-    case DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_INVALID:
+    case STATE_TOKEN_INVALID:
       FailRequest(request, GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
       return true;
-    case DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_VALID:
+    case STATE_TOKEN_VALID:
       // Let OAuth2AccessTokenManager handle the request.
       return false;
   }
 
-  NOTREACHED() << "Unexpected state " << delegate_->state_;
+  NOTREACHED() << "Unexpected state " << state_;
   return false;
 }
 
@@ -270,20 +306,20 @@ void DeviceOAuth2TokenService::FailRequest(
 
 std::vector<CoreAccountId> DeviceOAuth2TokenService::GetAccounts() const {
   std::vector<CoreAccountId> accounts;
-  switch (delegate_->state_) {
-    case DeviceOAuth2TokenServiceDelegate::STATE_NO_TOKEN:
-    case DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_INVALID:
+  switch (state_) {
+    case STATE_NO_TOKEN:
+    case STATE_TOKEN_INVALID:
       return accounts;
-    case DeviceOAuth2TokenServiceDelegate::STATE_LOADING:
-    case DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_PENDING:
-    case DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_STARTED:
-    case DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_VALID:
+    case STATE_LOADING:
+    case STATE_VALIDATION_PENDING:
+    case STATE_VALIDATION_STARTED:
+    case STATE_TOKEN_VALID:
       if (!GetRobotAccountId().empty())
         accounts.push_back(GetRobotAccountId());
       return accounts;
   }
 
-  NOTREACHED() << "Unhandled state " << delegate_->state_;
+  NOTREACHED() << "Unhandled state " << state_;
   return accounts;
 }
 
@@ -309,15 +345,15 @@ void DeviceOAuth2TokenService::CheckRobotAccountId(
     case CrosSettingsProvider::PERMANENTLY_UNTRUSTED:
       // There's no trusted account id, which is equivalent to no token present.
       LOG(WARNING) << "Device settings permanently untrusted.";
-      delegate_->state_ = DeviceOAuth2TokenServiceDelegate::STATE_NO_TOKEN;
-      delegate_->ReportServiceError(GoogleServiceAuthError::USER_NOT_SIGNED_UP);
+      state_ = STATE_NO_TOKEN;
+      ReportServiceError(GoogleServiceAuthError::USER_NOT_SIGNED_UP);
       return;
   }
 
   CoreAccountId policy_robot_id = GetRobotAccountId();
   if (policy_robot_id == gaia_robot_id) {
-    delegate_->state_ = DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_VALID;
-    delegate_->ReportServiceError(GoogleServiceAuthError::NONE);
+    state_ = STATE_TOKEN_VALID;
+    ReportServiceError(GoogleServiceAuthError::NONE);
   } else {
     if (gaia_robot_id.empty()) {
       LOG(WARNING) << "Device service account owner in policy is empty.";
@@ -325,30 +361,29 @@ void DeviceOAuth2TokenService::CheckRobotAccountId(
       LOG(WARNING) << "Device service account owner in policy does not match "
                    << "refresh token owner \"" << gaia_robot_id << "\".";
     }
-    delegate_->state_ = DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_INVALID;
-    delegate_->ReportServiceError(
-        GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
+    state_ = STATE_TOKEN_INVALID;
+    ReportServiceError(GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
   }
 }
 
 std::string DeviceOAuth2TokenService::GetRefreshToken() const {
-  switch (delegate_->state_) {
-    case DeviceOAuth2TokenServiceDelegate::STATE_LOADING:
-    case DeviceOAuth2TokenServiceDelegate::STATE_NO_TOKEN:
-    case DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_INVALID:
+  switch (state_) {
+    case STATE_LOADING:
+    case STATE_NO_TOKEN:
+    case STATE_TOKEN_INVALID:
       // This shouldn't happen: GetRefreshToken() is only called for actual
       // token minting operations. In above states, requests are either queued
       // or short-circuited to signal error immediately, so no actual token
       // minting via OAuth2TokenService::FetchOAuth2Token should be triggered.
       NOTREACHED();
       return std::string();
-    case DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_PENDING:
-    case DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_STARTED:
-    case DeviceOAuth2TokenServiceDelegate::STATE_TOKEN_VALID:
+    case STATE_VALIDATION_PENDING:
+    case STATE_VALIDATION_STARTED:
+    case STATE_TOKEN_VALID:
       return refresh_token_;
   }
 
-  NOTREACHED() << "Unhandled state " << delegate_->state_;
+  NOTREACHED() << "Unhandled state " << state_;
   return std::string();
 }
 
@@ -360,7 +395,7 @@ void DeviceOAuth2TokenService::DidGetSystemSalt(
   if (system_salt_.empty()) {
     LOG(ERROR) << "Failed to get system salt.";
     FlushTokenSaveCallbacks(false);
-    delegate_->state_ = DeviceOAuth2TokenServiceDelegate::STATE_NO_TOKEN;
+    state_ = STATE_NO_TOKEN;
     return;
   }
 
@@ -378,17 +413,16 @@ void DeviceOAuth2TokenService::DidGetSystemSalt(
     refresh_token_ = encryptor.DecryptWithSystemSalt(encrypted_refresh_token);
     if (refresh_token_.empty()) {
       LOG(ERROR) << "Failed to decrypt refresh token.";
-      delegate_->state_ = DeviceOAuth2TokenServiceDelegate::STATE_NO_TOKEN;
+      state_ = STATE_NO_TOKEN;
       return;
     }
   }
 
-  delegate_->state_ =
-      DeviceOAuth2TokenServiceDelegate::STATE_VALIDATION_PENDING;
+  state_ = STATE_VALIDATION_PENDING;
 
   // If there are pending requests, start a validation.
-  if (delegate_->validation_requested_)
-    delegate_->StartValidation();
+  if (validation_requested_)
+    StartValidation();
 
   // Announce the token.
   if (!GetRobotAccountId().empty()) {
@@ -397,7 +431,7 @@ void DeviceOAuth2TokenService::DidGetSystemSalt(
 }
 
 void DeviceOAuth2TokenService::EncryptAndSaveToken() {
-  DCHECK_NE(delegate_->state_, DeviceOAuth2TokenServiceDelegate::STATE_LOADING);
+  DCHECK_NE(state_, STATE_LOADING);
 
   CryptohomeTokenEncryptor encryptor(system_salt_);
   std::string encrypted_refresh_token =
@@ -424,4 +458,44 @@ void DeviceOAuth2TokenService::FlushTokenSaveCallbacks(bool result) {
   }
 }
 
+void DeviceOAuth2TokenService::StartValidation() {
+  DCHECK_EQ(state_, STATE_VALIDATION_PENDING);
+  DCHECK(!gaia_oauth_client_);
+
+  state_ = STATE_VALIDATION_STARTED;
+
+  gaia_oauth_client_ =
+      std::make_unique<gaia::GaiaOAuthClient>(delegate_->url_loader_factory_);
+
+  GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
+  gaia::OAuthClientInfo client_info;
+  client_info.client_id = gaia_urls->oauth2_chrome_client_id();
+  client_info.client_secret = gaia_urls->oauth2_chrome_client_secret();
+
+  gaia_oauth_client_->RefreshToken(
+      client_info, refresh_token_,
+      std::vector<std::string>(1, GaiaConstants::kOAuthWrapBridgeUserInfoScope),
+      max_refresh_token_validation_retries_, this);
+}
+
+void DeviceOAuth2TokenService::RequestValidation() {
+  validation_requested_ = true;
+}
+
+void DeviceOAuth2TokenService::InitializeWithValidationStatusDelegate(
+    ValidationStatusDelegate* delegate) {
+  validation_status_delegate_ = delegate;
+}
+
+void DeviceOAuth2TokenService::ClearValidationStatusDelegate() {
+  validation_status_delegate_ = nullptr;
+}
+
+void DeviceOAuth2TokenService::ReportServiceError(
+    GoogleServiceAuthError::State error) {
+  if (validation_status_delegate_) {
+    validation_status_delegate_->OnValidationCompleted(error);
+  }
+}
+
 }  // namespace chromeos

chrome/browser/chromeos/settings/device_oauth2_token_service.h

@@ -14,6 +14,7 @@
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.h"
 #include "google_apis/gaia/core_account_id.h"
+#include "google_apis/gaia/gaia_oauth_client.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_consumer.h"
 #include "google_apis/gaia/oauth2_access_token_manager.h"
@@ -36,6 +37,7 @@ namespace chromeos {
 // Note that requests must be made from the UI thread.
 class DeviceOAuth2TokenService
     : public OAuth2AccessTokenManager::Delegate,
+      public gaia::GaiaOAuthClient::Delegate,
       public DeviceOAuth2TokenServiceDelegate::ValidationStatusDelegate {
  public:
   typedef base::RepeatingCallback<void(const CoreAccountId& /* account_id */)>
@@ -94,6 +96,14 @@ class DeviceOAuth2TokenService
 
   OAuth2AccessTokenManager* GetAccessTokenManager();
 
+  // gaia::GaiaOAuthClient::Delegate implementation.
+  void OnRefreshTokenResponse(const std::string& access_token,
+                              int expires_in_seconds) override;
+  void OnGetTokenInfoResponse(
+      std::unique_ptr<base::DictionaryValue> token_info) override;
+  void OnOAuthError() override;
+  void OnNetworkError(int response_code) override;
+
  private:
   // TODO(https://crbug.com/967598): Merge DeviceOAuth2TokenServiceDelegate
   // into DeviceOAuth2TokenService.
@@ -102,6 +112,22 @@ class DeviceOAuth2TokenService
   friend class DeviceOAuth2TokenServiceTest;
   struct PendingRequest;
 
+  // Describes the operational state of this object.
+  enum State {
+    // Pending system salt / refresh token load.
+    STATE_LOADING,
+    // No token available.
+    STATE_NO_TOKEN,
+    // System salt loaded, validation not started yet.
+    STATE_VALIDATION_PENDING,
+    // Refresh token validation underway.
+    STATE_VALIDATION_STARTED,
+    // Token validation failed.
+    STATE_TOKEN_INVALID,
+    // Refresh token is valid.
+    STATE_TOKEN_VALID,
+  };
+
   // OAuth2AccessTokenManager::Delegate:
   std::unique_ptr<OAuth2AccessTokenFetcher> CreateAccessTokenFetcher(
       const CoreAccountId& account_id,
@@ -121,6 +147,9 @@ class DeviceOAuth2TokenService
   void FireRefreshTokenAvailable(const CoreAccountId& account_id);
   void FireRefreshTokenRevoked(const CoreAccountId& account_id);
 
+  void InitializeWithValidationStatusDelegate(
+      ValidationStatusDelegate* delegate);
+  void ClearValidationStatusDelegate();
   // Implementation of
   // DeviceOAuth2TokenServiceDelegate::ValidationStatusDelegate.
   void OnValidationCompleted(GoogleServiceAuthError::State error) override;
@@ -142,6 +171,11 @@ class DeviceOAuth2TokenService
   // Returns a list of accounts based on |state_|.
   std::vector<CoreAccountId> GetAccounts() const;
 
+  // Starts the token validation flow, i.e. token info fetch.
+  void StartValidation();
+
+  void RequestValidation();
+
   // Invoked by CrosSettings when the robot account ID becomes available.
   void OnServiceAccountIdentityChanged();
 
@@ -162,6 +196,8 @@ class DeviceOAuth2TokenService
   // Flushes |token_save_callbacks_|, indicating the specified result.
   void FlushTokenSaveCallbacks(bool result);
 
+  void ReportServiceError(GoogleServiceAuthError::State error);
+
   // TODO(https://crbug.com/967598): Merge DeviceOAuth2TokenServiceDelegate
   // into DeviceOAuth2TokenService.
   std::unique_ptr<DeviceOAuth2TokenServiceDelegate> delegate_;
@@ -177,10 +213,8 @@ class DeviceOAuth2TokenService
 
   PrefService* local_state_;
 
-  std::unique_ptr<CrosSettings::ObserverSubscription>
-      service_account_identity_subscription_;
-
-  CoreAccountId robot_account_id_for_testing_;
+  // Current operational state.
+  State state_;
 
   // Token save callbacks waiting to be completed.
   std::vector<StatusCallback> token_save_callbacks_;
@@ -188,9 +222,24 @@ class DeviceOAuth2TokenService
   // The system salt for encrypting and decrypting the refresh token.
   std::string system_salt_;
 
+  int max_refresh_token_validation_retries_;
+
+  // Flag to indicate whether there are pending requests.
+  bool validation_requested_;
+
+  // Validation status delegate
+  ValidationStatusDelegate* validation_status_delegate_;
+
   // Cache the decrypted refresh token, so we only decrypt once.
   std::string refresh_token_;
 
+  std::unique_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
+
+  std::unique_ptr<CrosSettings::ObserverSubscription>
+      service_account_identity_subscription_;
+
+  CoreAccountId robot_account_id_for_testing_;
+
   base::WeakPtrFactory<DeviceOAuth2TokenService> weak_ptr_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService);

chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.cc

@@ -8,8 +8,6 @@
 
 #include "base/values.h"
 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
-#include "google_apis/gaia/gaia_constants.h"
-#include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 
@@ -19,46 +17,10 @@ DeviceOAuth2TokenServiceDelegate::DeviceOAuth2TokenServiceDelegate(
     scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
     DeviceOAuth2TokenService* service)
     : url_loader_factory_(url_loader_factory),
-      state_(STATE_LOADING),
-      max_refresh_token_validation_retries_(3),
-      validation_requested_(false),
-      validation_status_delegate_(nullptr),
       service_(service) {}
 
 DeviceOAuth2TokenServiceDelegate::~DeviceOAuth2TokenServiceDelegate() = default;
 
-void DeviceOAuth2TokenServiceDelegate::OnRefreshTokenResponse(
-    const std::string& access_token,
-    int expires_in_seconds) {
-  gaia_oauth_client_->GetTokenInfo(access_token,
-                                   max_refresh_token_validation_retries_, this);
-}
-
-void DeviceOAuth2TokenServiceDelegate::OnGetTokenInfoResponse(
-    std::unique_ptr<base::DictionaryValue> token_info) {
-  std::string gaia_robot_id;
-  // For robot accounts email id is the account id.
-  token_info->GetString("email", &gaia_robot_id);
-  gaia_oauth_client_.reset();
-
-  service_->CheckRobotAccountId(CoreAccountId(gaia_robot_id));
-}
-
-void DeviceOAuth2TokenServiceDelegate::OnOAuthError() {
-  gaia_oauth_client_.reset();
-  state_ = STATE_TOKEN_INVALID;
-  ReportServiceError(GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
-}
-
-void DeviceOAuth2TokenServiceDelegate::OnNetworkError(int response_code) {
-  gaia_oauth_client_.reset();
-
-  // Go back to pending validation state. That'll allow a retry on subsequent
-  // token minting requests.
-  state_ = STATE_VALIDATION_PENDING;
-  ReportServiceError(GoogleServiceAuthError::CONNECTION_FAILED);
-}
-
 scoped_refptr<network::SharedURLLoaderFactory>
 DeviceOAuth2TokenServiceDelegate::GetURLLoaderFactory() const {
   return url_loader_factory_;
@@ -75,44 +37,4 @@ DeviceOAuth2TokenServiceDelegate::CreateAccessTokenFetcher(
       consumer, url_loader_factory, refresh_token);
 }
 
-void DeviceOAuth2TokenServiceDelegate::StartValidation() {
-  DCHECK_EQ(state_, STATE_VALIDATION_PENDING);
-  DCHECK(!gaia_oauth_client_);
-
-  state_ = STATE_VALIDATION_STARTED;
-
-  gaia_oauth_client_ =
-      std::make_unique<gaia::GaiaOAuthClient>(url_loader_factory_);
-
-  GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
-  gaia::OAuthClientInfo client_info;
-  client_info.client_id = gaia_urls->oauth2_chrome_client_id();
-  client_info.client_secret = gaia_urls->oauth2_chrome_client_secret();
-
-  gaia_oauth_client_->RefreshToken(
-      client_info, service_->refresh_token_,
-      std::vector<std::string>(1, GaiaConstants::kOAuthWrapBridgeUserInfoScope),
-      max_refresh_token_validation_retries_, this);
-}
-
-void DeviceOAuth2TokenServiceDelegate::RequestValidation() {
-  validation_requested_ = true;
-}
-
-void DeviceOAuth2TokenServiceDelegate::InitializeWithValidationStatusDelegate(
-    ValidationStatusDelegate* delegate) {
-  validation_status_delegate_ = delegate;
-}
-
-void DeviceOAuth2TokenServiceDelegate::ClearValidationStatusDelegate() {
-  validation_status_delegate_ = nullptr;
-}
-
-void DeviceOAuth2TokenServiceDelegate::ReportServiceError(
-    GoogleServiceAuthError::State error) {
-  if (validation_status_delegate_) {
-    validation_status_delegate_->OnValidationCompleted(error);
-  }
-}
-
 }  // namespace chromeos

chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.h

@@ -11,13 +11,8 @@
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "google_apis/gaia/core_account_id.h"
-#include "google_apis/gaia/gaia_oauth_client.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 
-namespace gaia {
-class GaiaOAuthClient;
-}
-
 namespace network {
 class SharedURLLoaderFactory;
 }
@@ -29,13 +24,12 @@ namespace chromeos {
 
 class DeviceOAuth2TokenService;
 
-class DeviceOAuth2TokenServiceDelegate
-    : public gaia::GaiaOAuthClient::Delegate {
+class DeviceOAuth2TokenServiceDelegate {
  public:
   DeviceOAuth2TokenServiceDelegate(
       scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
       DeviceOAuth2TokenService* service);
-  ~DeviceOAuth2TokenServiceDelegate() override;
+  ~DeviceOAuth2TokenServiceDelegate();
 
   scoped_refptr<network::SharedURLLoaderFactory> GetURLLoaderFactory() const;
   std::unique_ptr<OAuth2AccessTokenFetcher> CreateAccessTokenFetcher(
@@ -43,14 +37,6 @@ class DeviceOAuth2TokenServiceDelegate
       scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
       OAuth2AccessTokenConsumer* consumer);
 
-  // gaia::GaiaOAuthClient::Delegate implementation.
-  void OnRefreshTokenResponse(const std::string& access_token,
-                              int expires_in_seconds) override;
-  void OnGetTokenInfoResponse(
-      std::unique_ptr<base::DictionaryValue> token_info) override;
-  void OnOAuthError() override;
-  void OnNetworkError(int response_code) override;
-
   class ValidationStatusDelegate {
    public:
     virtual void OnValidationCompleted(GoogleServiceAuthError::State error) {}
@@ -60,49 +46,9 @@ class DeviceOAuth2TokenServiceDelegate
   friend class DeviceOAuth2TokenService;
   friend class DeviceOAuth2TokenServiceTest;
 
-  // Describes the operational state of this object.
-  enum State {
-    // Pending system salt / refresh token load.
-    STATE_LOADING,
-    // No token available.
-    STATE_NO_TOKEN,
-    // System salt loaded, validation not started yet.
-    STATE_VALIDATION_PENDING,
-    // Refresh token validation underway.
-    STATE_VALIDATION_STARTED,
-    // Token validation failed.
-    STATE_TOKEN_INVALID,
-    // Refresh token is valid.
-    STATE_TOKEN_VALID,
-  };
-
-  // Starts the token validation flow, i.e. token info fetch.
-  void StartValidation();
-
-  void RequestValidation();
-
-  void InitializeWithValidationStatusDelegate(
-      ValidationStatusDelegate* delegate);
-  void ClearValidationStatusDelegate();
-
-  void ReportServiceError(GoogleServiceAuthError::State error);
-
   // Dependencies.
   scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory_;
 
-  // Current operational state.
-  State state_;
-
-  int max_refresh_token_validation_retries_;
-
-  // Flag to indicate whether there are pending requests.
-  bool validation_requested_;
-
-  // Validation status delegate
-  ValidationStatusDelegate* validation_status_delegate_;
-
-  std::unique_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
-
   // TODO(https://crbug.com/967598): Completely merge this class into
   // DeviceOAuth2TokenService.
   DeviceOAuth2TokenService* service_;

chrome/browser/chromeos/settings/device_oauth2_token_service_unittest.cc

@@ -108,7 +108,7 @@ class DeviceOAuth2TokenServiceTest : public testing::Test {
     oauth2_service_.reset(new DeviceOAuth2TokenService(
         test_url_loader_factory_.GetSafeWeakWrapper(),
         scoped_testing_local_state_.Get()));
-    oauth2_service_->delegate_->max_refresh_token_validation_retries_ = 0;
+    oauth2_service_->max_refresh_token_validation_retries_ = 0;
     oauth2_service_->GetAccessTokenManager()
         ->set_max_authorization_token_fetch_retries_for_testing(0);
   }