Kyle, is there any reason that we couldn't just eliminate CryptAuthAccessTokenFetcher(Impl) entirely, having its clients directly use PrimaryAccountAccessTokenFetcher?

No, I don't believe there's any reason we couldn't do that. The CryptAuthAccessTokenFetcher class was created ~5 years ago, so AFAIK PrimaryAccountAccessTokenFetcher was unavailable when it was created.

We just haven't gotten around to it yet since it works as-is and would require a refactor which we haven't prioritized. If you'd like to take a crack at it, please feel free! :)

Cool! That should be a nice simplification. (You're correct about the timeline btw).

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/558c195d118732d2b7eb2a10010e3ec6f5c9911c

commit 558c195d118732d2b7eb2a10010e3ec6f5c9911c
Author: Jochen Eisinger <jochen@chromium.org>
Date: Fri Jun 29 20:02:54 2018

Migrate EasyUnlockServiceRegular to IdentityManager

BUG= 809433 ,857494
R=blundell@chromium.org,khorimoto@chromium.org

Change-Id: I934a03314db1d998eb64adb443d1c2f1eac3cdb3
Reviewed-on: https://chromium-review.googlesource.com/1113180
Reviewed-by: James Hawkins <jhawkins@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#571601}
[modify] https://crrev.com/558c195d118732d2b7eb2a10010e3ec6f5c9911c/chrome/browser/chromeos/login/easy_unlock/easy_unlock_service.h
[modify] https://crrev.com/558c195d118732d2b7eb2a10010e3ec6f5c9911c/chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_regular.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7e830210b65eb8318cd49078710872a8c134d245

commit 7e830210b65eb8318cd49078710872a8c134d245
Author: Jochen Eisinger <jochen@chromium.org>
Date: Wed Jul 04 07:32:40 2018

Delete CryptAuthAccessTokenFetcher

Replaces the two distinct implementations of CryptAuthAccessTokenFetcher with
having CryptAuthClientImpl directly construct a PAATF. Those two
implementations are each identical in functionality to using a PAATF in
kImmediate mode: the first simply wraps PAATF used in kImmediate mode, while
the second just makes an immediate request on ProfileOAuth2TokenService.

Also eliminates a //chromeos implementation of CryptAuthClientFactory, as that
implementation is now identical with the //components/cryptauth implementation,
which is used instead in the //chromeos context.

BUG= 809433 
R=blundell@chromium.org,khorimoto@chromium.org

Change-Id: I93ee9e736395bc71a1e741fc45d027ff32787536
Reviewed-on: https://chromium-review.googlesource.com/1107715
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Tim Song <tengs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#572505}
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/chrome/browser/chromeos/cryptauth/chrome_cryptauth_service.cc
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/chrome/browser/chromeos/cryptauth/chrome_cryptauth_service_factory.cc
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/chromeos/services/device_sync/BUILD.gn
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/chromeos/services/device_sync/cryptauth_client_factory_impl.cc
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/chromeos/services/device_sync/cryptauth_client_factory_impl.h
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/chromeos/services/device_sync/cryptauth_token_fetcher_impl.cc
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/chromeos/services/device_sync/cryptauth_token_fetcher_impl.h
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/chromeos/services/device_sync/cryptauth_token_fetcher_impl_unittest.cc
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/chromeos/services/device_sync/device_sync_impl.cc
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/components/cryptauth/BUILD.gn
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/components/cryptauth/DEPS
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/components/cryptauth/cryptauth_access_token_fetcher.h
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/components/cryptauth/cryptauth_access_token_fetcher_impl.cc
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/components/cryptauth/cryptauth_access_token_fetcher_impl.h
[delete] https://crrev.com/e95b6ce4b2b1bc7858eda0e8b24c33cec2163099/components/cryptauth/cryptauth_access_token_fetcher_impl_unittest.cc
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/components/cryptauth/cryptauth_client_impl.cc
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/components/cryptauth/cryptauth_client_impl.h
[modify] https://crrev.com/7e830210b65eb8318cd49078710872a8c134d245/components/cryptauth/cryptauth_client_impl_unittest.cc