https://chromium-review.googlesource.com/c/chromium/src/+/1152731 fixed a bug wherein IdentityManager was notifying its observers too early of token updated and removal events (for full context, see that bug). However, the fix has a theoretical hole:
- If an observer of one of the token updated/removed notifications (either for IdentityManager or for ProfileOAuth2TokenService) itself causes a refresh token to be updated/revoked, IdentityManager::WillFireOnRefreshToken*() will get invoked in a re-entrant fashion and its pending state will get clobbered.
- In this case, there would be two queued callbacks for IdentityManager::OnRefreshTokenAvailable() [or Revoked() as relevant]. The second one of these would crash because it would index into null state.

Mihai and I believe that this concern *is* theoretical. However, it should be fixed by having IdentityManager maintain a stack of pending information rather than a single variable.