When Chrome revokes a refresh token, cookies may be bound to it and in this case they become invalid.
However they may not actually change in the cookie store, and thus the GaiaCookieManagerService does not wake up.
After a token is revoked we should force a call to ListAccount to ensure that Chrome has an accurate view on the Gaia accounts in the cookie (or an alternative would be to mark the accounts as stale).
It would be natural to add this behavior to the AccountReconcilor, but it is not trivial to do:
- there is no callback called when tokens are revoked. OnTokenRevoked is actually called before the revocation, but it is important that the call to ListAccounts is made after the revocation.
- It is possible that Chrome revokes a token on the server but does not receive a response from the server (because of network issues for example).
Comment 1 by sheriffbot@chromium.org
, May 9 2018