New issue
Advanced search Search tips

Issue 729547 link

Starred by 2 users
Status: Started
Owner:
blundell@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 683120
issue 729548
issue 731082
issue 871221



Sign in to add a comment

Identity Service: Add ability to obtain access token for a given account

Project Member Reported by blundell@chromium.org, Jun 5 2017 
This interface should be backed by ProfileOAuth2TokenService.

Comment 1 by blundell@chromium.org, Jun 5 2017

Labels: IdentityService

Comment 2 by blundell@chromium.org, Jun 5 2017

Blocking: 683120

Comment 3 by blundell@chromium.org, Jun 5 2017

Blocking: 729548

Comment 4 by blundell@chromium.org, Jun 8 2017

Blocking: 731082

Comment 5 by dtapu...@chromium.org, Nov 1 2017

Components: Services>SignIn

Comment 6 by blundell@chromium.org, Nov 7 2017

Components: Internals>Services>Identity
Project Member

Comment 7 by bugdroid1@chromium.org, Jun 21 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6303973912637a5095cd85d34266276068a547c3

commit 6303973912637a5095cd85d34266276068a547c3
Author: Colin Blundell <blundell@chromium.org>
Date: Thu Jun 21 15:59:15 2018

IdentityManager: Introduce access token fetching for arbitrary accounts

The next-generation C++ APIs for interacting with the user's Google
identities currently do not give the ability to fetch access tokens
for arbitrary accounts; rather, there exists only the
PrimaryAccountAccessTokenFetcher, which provides user-friendly access
token fetching for the primary account.

This CL introduces an analogous AccessTokenFetcher class that allows
such user-friendly access token fetching for arbitrary accounts. This
class is currently built on top of the Token Service, as it remains
future work to expose access token fetching APIs on IdentityManager
itself. Once that future work is completed, AccessTokenFetcher will
be ported to be layered on top of IdentityManager. In the meantime,
we introduce IdentityManager::CreateAccessTokenFetcherForAccount()
to allow consumers of IdentityManager to create an AccessTokenFetcher.
Note that our intention is that even in the long-term consumers will
use AccessTokenFetcher and PrimaryAccountAccessTokenFetcher as the
interfaces for fetching access tokens, rather than interacting directly
with IdentityManager's lower-level APIs.

This CL also ports PrimaryAccountAccessTokenFetcher to internally use
AccessTokenFetcher rather than directly fetching access tokens from
ProfileOAuth2TokenService.

API design note: It would be reasonable to build PAATF's idea of an
"access token fetching mode" into AccessTokenFetcher: in this context,
kWaitUntilAvailable would simply mean waiting until the refresh token
was available. This CL does not add such a mode. However, for Sync's
use case having the mode will likely be useful (Sync will alternately
use the primary account and an arbitrary account, and it would be
ergonomic to be able to fetch access tokens in both contexts using
AccessTokenFetcher). Hence, followup work will move this mode down
into AccessTokenFetcher.

Bug: 729547
Change-Id: Id296adcd1567d6cbfbaf6ffd1dafb718c1f01ed7
Reviewed-on: https://chromium-review.googlesource.com/1104118
Commit-Queue: Colin Blundell <blundell@chromium.org>
Reviewed-by: Marc Treib <treib@chromium.org>
Cr-Commit-Position: refs/heads/master@{#569281}
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/BUILD.gn
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/BUILD.gn
[add] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/access_token_fetcher.cc
[add] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/access_token_fetcher.h
[add] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/access_token_fetcher_unittest.cc
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/identity_manager.cc
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/identity_manager.h
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/identity_manager_unittest.cc
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/primary_account_access_token_fetcher.cc
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/primary_account_access_token_fetcher.h
[modify] https://crrev.com/6303973912637a5095cd85d34266276068a547c3/services/identity/public/cpp/primary_account_access_token_fetcher_unittest.cc
Project Member

Comment 8 by bugdroid1@chromium.org, Jul 16 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/80bede879673a1c2ad6e4282d479f34fc471f623

commit 80bede879673a1c2ad6e4282d479f34fc471f623
Author: Colin Blundell <blundell@chromium.org>
Date: Mon Jul 16 11:18:27 2018

AccessTokenFetcher: Pass expiration time in client callback

No client to date has needed the information of when the access token
obtained by (PrimaryAccount)AccessTokenFetcher will expire. However,
GCM *does* have a need to know this information: it periodically cleans
and refetches internally-cached access tokens based on whether they
have expired.

This CL passes this information in the
(PrimaryAccount)AccessTokenFetcher client callbacks by expanding the
access token parameter to a new AccessTokenInfo struct that contains
the token plus metadata about the token (currently just its expiration
time).

TBR=jochen@chromium.org

Bug: 729547
Change-Id: I70181ba71e627c3fdfbc5375ef0bc5b860226745
Reviewed-on: https://chromium-review.googlesource.com/1111852
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Commit-Queue: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575224}
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/feedback/feedback_uploader_chrome.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/feedback/feedback_uploader_chrome.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/printing/cloud_print/gcd_api_flow_impl.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/printing/cloud_print/gcd_api_flow_impl.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/printing/cloud_print/gcd_api_flow_unittest.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/search/background/ntp_background_service.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/search/background/ntp_background_service.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/chrome/browser/ui/desktop_ios_promotion/sms_service.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/autofill/core/browser/payments/payments_client.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/autofill/core/browser/payments/payments_client.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/browser_sync/sync_auth_manager.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/browser_sync/sync_auth_manager.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/cryptauth/cryptauth_client_impl.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/cryptauth/cryptauth_client_impl.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/feed/core/feed_networking_host.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/history/core/browser/web_history_service.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/invalidation/impl/profile_identity_provider.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/ntp_snippets/breaking_news/subscription_manager_impl.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/ntp_snippets/breaking_news/subscription_manager_impl.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/ntp_snippets/remote/remote_suggestions_fetcher_impl.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/ntp_snippets/remote/remote_suggestions_fetcher_impl.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/omnibox/browser/contextual_suggestions_service.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/omnibox/browser/contextual_suggestions_service.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/suggestions/suggestions_service_impl.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/components/suggestions/suggestions_service_impl.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/BUILD.gn
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/access_token_fetcher.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/access_token_fetcher.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/access_token_fetcher_unittest.cc
[add] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/access_token_info.cc
[add] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/access_token_info.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/identity_manager_unittest.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/primary_account_access_token_fetcher.cc
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/primary_account_access_token_fetcher.h
[modify] https://crrev.com/80bede879673a1c2ad6e4282d479f34fc471f623/services/identity/public/cpp/primary_account_access_token_fetcher_unittest.cc

Comment 9 by treib@chromium.org, Aug 9

Blocking: 871221
Project Member

Comment 10 by bugdroid1@chromium.org, Aug 13 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/46f3a042112c363a0b68b8805cd59445819c9d4c

commit 46f3a042112c363a0b68b8805cd59445819c9d4c
Author: Marc Treib <treib@chromium.org>
Date: Mon Aug 13 09:12:40 2018

AccessTokenFetcher: Add ability to wait for refresh token availability

Sync would like to use one AccessTokenFetcher instance to
fetch access tokens both for the primary account and for secondary
accounts. For the primary account, they would like to wait for the
refresh token to be available. In order to support this use case,
AccessTokenFetcher needs a Mode parameter. This CL adds that Mode
parameter.

Note that this Mode parameter is *not identical* semantically to the
Mode parameter of PrimaryAccountAccessTokenFetcher: the former's
|kWaitUntilAvailable| mode makes an access token request once there
is an account that is both (a) primary and (b) has a refresh token
available, while the latter's new |kWaitUntilRefreshTokenAvailable|
mode simply waits until there is a refresh token available for the
given account (which may no longer be primary at that point, even if
it was at the time of creating the AccessTokenFetcher). This semantic
distinction is called out explicitly in the comments on
PrimaryAccountAccessTokenFetcher::Mode. Sync has indicated that the
AccessTokenFetcher semantics suffice for their use case.

Bug: 840703, 729547
Change-Id: Iff39a24ef74945b3e9fa22ad961c3cd73a401e51
Reviewed-on: https://chromium-review.googlesource.com/1158831
Commit-Queue: Marc Treib <treib@chromium.org>
Reviewed-by: Mihai Sardarescu <msarda@chromium.org>
Cr-Commit-Position: refs/heads/master@{#582535}
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/components/gcm_driver/account_tracker.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/components/gcm_driver/gcm_account_tracker.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/components/invalidation/impl/profile_identity_provider.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/access_token_fetcher.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/access_token_fetcher.h
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/access_token_fetcher_unittest.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/identity_manager.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/identity_manager.h
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/identity_manager_unittest.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/primary_account_access_token_fetcher.cc
[modify] https://crrev.com/46f3a042112c363a0b68b8805cd59445819c9d4c/services/identity/public/cpp/primary_account_access_token_fetcher.h

Sign in to add a comment