Good catch - I missed that when I previously reviewed that CL. (That change was made because it was creating a bound token in the profile request context, and then using that token in a fresh app request context later.)

I think the fix here is to have GaiaWebAuthFlow go back to using the main URLRequestContext and have WebAuthFlow use the same URLRequestContext as GaiaWebAuthFlow (that's where the bound token was getting passed across contexts).

[anthonyvd]:  This looks to be a different bug from the one you merged it into.

The crash in the other bug is due to the code that copies the URLRequestContext temporarily. From what I understand, the solution to both issues is what you suggest in the OP. Am I missing something?

The other bug is because URLRequests are alive at shutdown.  This bug is because it's creating an invalid URLRequestContext - a cookie store and channel ID store must always match.  So you can't just "borrow" someone else's cookie store, and then create a network session with another (Or no) channel ID store.

Wouldn't both be fixed by not using a temporary URLRequestContext though? I'm happy to unmerge them if my assumption is incorrect :)

Sorry, misread your earlier comment - yea, you're right, as long as the service is shut down before the ProfileIOData is.