Moved SigninManager out of browser/sync, and start changing the code so signin

does not require going through ProfileSyncService.

BUG=108017
TEST=test signin scenarios
TBR=mnissler

Review URL: http://codereview.chromium.org/8996002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117130 0039d316-1c4b-4281-b951-d872f2087c98

57 files changed, 410 insertions, 351 deletions

diff --git a/chrome/browser/chromeos/gdata/gdata.cc b/chrome/browser/chromeos/gdata/gdata.cc
index 7fc6795..85e7881 100644
--- a/chrome/browser/chromeos/gdata/gdata.cc
+++ b/chrome/browser/chromeos/gdata/gdata.cc
@@ -18,9 +18,9 @@
 #include "base/stringprintf.h"
 #include "chrome/browser/chromeos/gdata/gdata_parser.h"
 #include "chrome/browser/net/browser_url_util.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_downloader_delegate.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "chrome/common/net/gaia/gaia_urls.h"
diff --git a/chrome/browser/chromeos/login/login_performer.cc b/chrome/browser/chromeos/login/login_performer.cc
index d4b3049..a85bdbb 100644
--- a/chrome/browser/chromeos/login/login_performer.cc
+++ b/chrome/browser/chromeos/login/login_performer.cc
@@ -176,7 +176,7 @@ void LoginPerformer::OnProfileCreated(
   if (using_oauth_)
     LoginUtils::Get()->StartTokenServices(profile);
 
-  LoginUtils::Get()->StartSync(profile, credentials_);
+  LoginUtils::Get()->StartSignedInServices(profile, credentials_);
   credentials_ = GaiaAuthConsumer::ClientLoginResult();
 
   // Don't unlock screen if it was locked while we're waiting
diff --git a/chrome/browser/chromeos/login/login_utils.cc b/chrome/browser/chromeos/login/login_utils.cc
index 76e518a..7227971 100644
--- a/chrome/browser/chromeos/login/login_utils.cc
+++ b/chrome/browser/chromeos/login/login_utils.cc
@@ -45,12 +45,13 @@
 #include "chrome/browser/net/chrome_url_request_context.h"
 #include "chrome/browser/net/gaia/gaia_oauth_consumer.h"
 #include "chrome/browser/net/gaia/gaia_oauth_fetcher.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/net/preconnect.h"
 #include "chrome/browser/policy/browser_policy_connector.h"
 #include "chrome/browser/prefs/pref_member.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/ui/browser_init.h"
 #include "chrome/common/chrome_paths.h"
@@ -558,7 +559,7 @@ class LoginUtilsImpl : public LoginUtils,
   virtual void PrewarmAuthentication() OVERRIDE;
   virtual void RestoreAuthenticationSession(Profile* profile) OVERRIDE;
   virtual void StartTokenServices(Profile* user_profile) OVERRIDE;
-  virtual void StartSync(
+  virtual void StartSignedInServices(
       Profile* profile,
       const GaiaAuthConsumer::ClientLoginResult& credentials) OVERRIDE;
   virtual void TransferDefaultCookies(Profile* default_profile,
@@ -769,11 +770,20 @@ void LoginUtilsImpl::OnProfileCreated(
   switch (status) {
     case Profile::CREATE_STATUS_INITIALIZED:
       break;
-    case Profile::CREATE_STATUS_CREATED:
+    case Profile::CREATE_STATUS_CREATED: {
       if (UserManager::Get()->current_user_is_new())
         SetFirstLoginPrefs(user_profile->GetPrefs());
+      // Make sure that the google service username is properly set (we do this
+      // on every sign in, not just the first login, to deal with existing
+      // profiles that might not have it set yet).
+      StringPrefMember google_services_username;
+      google_services_username.Init(prefs::kGoogleServicesUsername,
+                                    user_profile->GetPrefs(), NULL);
+      google_services_username.SetValue(
+          UserManager::Get()->logged_in_user().display_email());
       RespectLocalePreference(user_profile);
       return;
+    }
     case Profile::CREATE_STATUS_FAIL:
     default:
       NOTREACHED();
@@ -877,30 +887,29 @@ void LoginUtilsImpl::StartTokenServices(Profile* user_profile) {
                        oauth1_secret);
 }
 
-void LoginUtilsImpl::StartSync(
+void LoginUtilsImpl::StartSignedInServices(
     Profile* user_profile,
     const GaiaAuthConsumer::ClientLoginResult& credentials) {
-  TokenService* token_service = user_profile->GetTokenService();
+  // Fetch/Create the SigninManager - this will cause the TokenService to load
+  // tokens for the currently signed-in user if the SigninManager hasn't already
+  // been initialized.
+  SigninManager* signin = user_profile->GetSigninManager();
+  // Make sure SigninManager is connected to our current user (this should
+  // happen automatically because we set kGoogleServicesUsername in
+  // OnProfileCreated()).
+  DCHECK_EQ(UserManager::Get()->logged_in_user().display_email(),
+            signin->GetAuthenticatedUsername());
   static bool initialized = false;
   if (!initialized) {
     initialized = true;
-
-    std::string email = UserManager::Get()->logged_in_user().display_email();
-    user_profile->GetPrefs()->SetString(prefs::kGoogleServicesUsername, email);
-
-    ProfileSyncService* service = user_profile->GetProfileSyncService();
-    if (service) {
-      service->SetPassphrase(password_, false);
-    } else {
-      DCHECK(!token_service->Initialized());
-      // TODO(cros): This TokenService init if sync is not enabled (someone
-      // passed the --disable-sync flag) should likely be handled at a higher
-      // level.
-      token_service->Initialize(GaiaConstants::kChromeOSSource, user_profile);
-      token_service->LoadTokensFromDB();
-    }
-    password_ = "";
+    // Pass the updated passphrase to the sync service for use in decrypting
+    // data encrypted with the user's GAIA password.
+    ProfileSyncService* sync_service = user_profile->GetProfileSyncService();
+    if (sync_service)
+      sync_service->SetPassphrase(password_, false);
   }
+  password_.clear();
+  TokenService* token_service = user_profile->GetTokenService();
   token_service->UpdateCredentials(credentials);
   if (token_service->AreCredentialsValid())
     token_service->StartFetchingTokens();
@@ -1280,7 +1289,7 @@ void LoginUtilsImpl::OnOAuthVerificationSucceeded(
   // Kick off sync engine.
   GaiaAuthConsumer::ClientLoginResult credentials(sid, lsid, auth,
                                                   std::string());
-  StartSync(ProfileManager::GetDefaultProfile(), credentials);
+  StartSignedInServices(ProfileManager::GetDefaultProfile(), credentials);
 }
 
 
diff --git a/chrome/browser/chromeos/login/login_utils.h b/chrome/browser/chromeos/login/login_utils.h
index 2c156d1..ae6dc60 100644
--- a/chrome/browser/chromeos/login/login_utils.h
+++ b/chrome/browser/chromeos/login/login_utils.h
@@ -103,7 +103,7 @@ class LoginUtils {
   virtual void StartTokenServices(Profile* user_profile) = 0;
 
   // Supply credentials for sync and others to use.
-  virtual void StartSync(
+  virtual void StartSignedInServices(
       Profile* profile,
       const GaiaAuthConsumer::ClientLoginResult& credentials) = 0;
 
diff --git a/chrome/browser/chromeos/login/mock_authenticator.h b/chrome/browser/chromeos/login/mock_authenticator.h
index 25ac2f9..3c0fad3 100644
--- a/chrome/browser/chromeos/login/mock_authenticator.h
+++ b/chrome/browser/chromeos/login/mock_authenticator.h
@@ -103,7 +103,7 @@ class MockLoginUtils : public LoginUtils {
 
   virtual void StartTokenServices(Profile* profile) OVERRIDE {}
 
-  virtual void StartSync(
+  virtual void StartSignedInServices(
       Profile* profile,
       const GaiaAuthConsumer::ClientLoginResult& credentials) OVERRIDE {}
 
diff --git a/chrome/browser/chromeos/login/screen_locker.cc b/chrome/browser/chromeos/login/screen_locker.cc
index 810ba81..4334e2f 100644
--- a/chrome/browser/chromeos/login/screen_locker.cc
+++ b/chrome/browser/chromeos/login/screen_locker.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -31,8 +31,8 @@
 #include "chrome/browser/chromeos/status/status_area_view_chromeos.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/profile_sync_service.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/browser_window.h"
diff --git a/chrome/browser/extensions/app_notify_channel_setup.cc b/chrome/browser/extensions/app_notify_channel_setup.cc
index 82c2e68..8268345 100644
--- a/chrome/browser/extensions/app_notify_channel_setup.cc
+++ b/chrome/browser/extensions/app_notify_channel_setup.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -13,9 +13,9 @@
 #include "base/json/json_reader.h"
 #include "base/metrics/histogram.h"
 #include "base/stringprintf.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "chrome/common/net/gaia/gaia_urls.h"
diff --git a/chrome/browser/extensions/app_notify_channel_setup_unittest.cc b/chrome/browser/extensions/app_notify_channel_setup_unittest.cc
index 063da55..543d243 100644
--- a/chrome/browser/extensions/app_notify_channel_setup_unittest.cc
+++ b/chrome/browser/extensions/app_notify_channel_setup_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -9,8 +9,8 @@
 #include "base/message_loop.h"
 #include "chrome/browser/extensions/app_notify_channel_setup.h"
 #include "chrome/browser/extensions/app_notify_channel_ui.h"
-#include "chrome/browser/net/gaia/token_service.h"
-#include "chrome/browser/net/gaia/token_service_unittest.h"
+#include "chrome/browser/signin/token_service.h"
+#include "chrome/browser/signin/token_service_unittest.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/net/gaia/gaia_urls.h"
 #include "chrome/common/pref_names.h"
diff --git a/chrome/browser/extensions/extension_webstore_private_api.cc b/chrome/browser/extensions/extension_webstore_private_api.cc
index 07d0e4c..61ef38f 100644
--- a/chrome/browser/extensions/extension_webstore_private_api.cc
+++ b/chrome/browser/extensions/extension_webstore_private_api.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -16,8 +16,8 @@
 #include "chrome/browser/extensions/extension_prefs.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/webstore_installer.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
diff --git a/chrome/browser/policy/browser_policy_connector.cc b/chrome/browser/policy/browser_policy_connector.cc
index 8e2c3ce9..33bcada 100644
--- a/chrome/browser/policy/browser_policy_connector.cc
+++ b/chrome/browser/policy/browser_policy_connector.cc
@@ -9,8 +9,6 @@
 #include "base/file_path.h"
 #include "base/path_service.h"
 #include "chrome/browser/browser_process.h"
-#include "chrome/browser/net/gaia/token_service.h"
-#include "chrome/browser/policy/cloud_policy_data_store.h"
 #include "chrome/browser/policy/cloud_policy_provider.h"
 #include "chrome/browser/policy/cloud_policy_provider_impl.h"
 #include "chrome/browser/policy/cloud_policy_subsystem.h"
@@ -18,6 +16,7 @@
 #include "chrome/browser/policy/network_configuration_updater.h"
 #include "chrome/browser/policy/user_policy_cache.h"
 #include "chrome/browser/policy/user_policy_token_cache.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
index 7177e31..76b6942 100644
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -46,7 +46,7 @@
 #include "chrome/browser/renderer_host/web_cache_manager.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/search_engines/template_url_prepopulate_data.h"
-#include "chrome/browser/sync/signin_manager.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/tabs/pinned_tab_codec.h"
 #include "chrome/browser/task_manager/task_manager.h"
 #include "chrome/browser/translate/translate_prefs.h"
diff --git a/chrome/browser/profiles/off_the_record_profile_impl.cc b/chrome/browser/profiles/off_the_record_profile_impl.cc
index f514b3a..ba76575 100644
--- a/chrome/browser/profiles/off_the_record_profile_impl.cc
+++ b/chrome/browser/profiles/off_the_record_profile_impl.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -441,6 +441,10 @@ TokenService* OffTheRecordProfileImpl::GetTokenService() {
   return NULL;
 }
 
+SigninManager* OffTheRecordProfileImpl::GetSigninManager() {
+  return NULL;
+}
+
 ProfileSyncService* OffTheRecordProfileImpl::GetProfileSyncService() {
   return NULL;
 }
diff --git a/chrome/browser/profiles/off_the_record_profile_impl.h b/chrome/browser/profiles/off_the_record_profile_impl.h
index 4976d1d..c242841 100644
--- a/chrome/browser/profiles/off_the_record_profile_impl.h
+++ b/chrome/browser/profiles/off_the_record_profile_impl.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -89,6 +89,7 @@ class OffTheRecordProfileImpl : public Profile,
   virtual bool DidLastSessionExitCleanly() OVERRIDE;
   virtual BookmarkModel* GetBookmarkModel() OVERRIDE;
   virtual ProtocolHandlerRegistry* GetProtocolHandlerRegistry() OVERRIDE;
+  virtual SigninManager* GetSigninManager() OVERRIDE;
   virtual TokenService* GetTokenService() OVERRIDE;
   virtual ProfileSyncService* GetProfileSyncService() OVERRIDE;
   virtual bool IsSameProfile(Profile* profile) OVERRIDE;
diff --git a/chrome/browser/profiles/profile.h b/chrome/browser/profiles/profile.h
index 3be2d9b..ccac5d0 100644
--- a/chrome/browser/profiles/profile.h
+++ b/chrome/browser/profiles/profile.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -65,6 +65,7 @@ class PrefService;
 class ProfileSyncService;
 class PromoCounter;
 class ProtocolHandlerRegistry;
+class SigninManager;
 class SpeechInputPreferences;
 class SpellCheckHost;
 class TemplateURLFetcher;
@@ -394,6 +395,9 @@ class Profile : public content::BrowserContext {
   // Returns the ProtocolHandlerRegistry, creating if not yet created.
   virtual ProtocolHandlerRegistry* GetProtocolHandlerRegistry() = 0;
 
+  // Returns the SigninManager, creating if not yet created.
+  virtual SigninManager* GetSigninManager() = 0;
+
   // Returns the Gaia Token Service, creating if not yet created.
   virtual TokenService* GetTokenService() = 0;
 
diff --git a/chrome/browser/profiles/profile_downloader.cc b/chrome/browser/profiles/profile_downloader.cc
index 57ff7f9..8c92f8c 100644
--- a/chrome/browser/profiles/profile_downloader.cc
+++ b/chrome/browser/profiles/profile_downloader.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -13,9 +13,9 @@
 #include "base/string_split.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_downloader_delegate.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "chrome/common/net/gaia/gaia_urls.h"
diff --git a/chrome/browser/profiles/profile_impl.cc b/chrome/browser/profiles/profile_impl.cc
index f9a6ffa..e36bb9f 100644
--- a/chrome/browser/profiles/profile_impl.cc
+++ b/chrome/browser/profiles/profile_impl.cc
@@ -51,7 +51,6 @@
 #include "chrome/browser/instant/instant_controller.h"
 #include "chrome/browser/metrics/metrics_service.h"
 #include "chrome/browser/net/chrome_url_request_context.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/net/net_pref_observer.h"
 #include "chrome/browser/net/predictor.h"
 #include "chrome/browser/net/proxy_service_factory.h"
@@ -71,6 +70,8 @@
 #include "chrome/browser/search_engines/template_url_fetcher.h"
 #include "chrome/browser/search_engines/template_url_service.h"
 #include "chrome/browser/sessions/session_service_factory.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/speech/chrome_speech_input_manager.h"
 #include "chrome/browser/speech/chrome_speech_input_preferences.h"
 #include "chrome/browser/spellchecker/spellcheck_profile.h"
@@ -162,7 +163,7 @@ namespace {
 // REVIEWERS: Do not let anyone increment this. We need to drive the number of
 // raw accessed services down to zero. DO NOT LET PEOPLE REGRESS THIS UNLESS
 // THE PATCH ITSELF IS MAKING PROGRESS ON PKSF REFACTORING.
-COMPILE_ASSERT(sizeof(ProfileImpl) <= 656u, profile_impl_size_unexpected);
+COMPILE_ASSERT(sizeof(ProfileImpl) <= 664u, profile_impl_size_unexpected);
 #endif
 
 // Delay, in milliseconds, before we explicitly create the SessionService.
@@ -1393,6 +1394,14 @@ void ProfileImpl::EnsureSessionServiceCreated() {
   SessionServiceFactory::GetForProfile(this);
 }
 
+SigninManager* ProfileImpl::GetSigninManager() {
+  if (!signin_manager_.get()) {
+    signin_manager_.reset(new SigninManager());
+    signin_manager_->Initialize(this);
+  }
+  return signin_manager_.get();
+}
+
 TokenService* ProfileImpl::GetTokenService() {
   if (!token_service_.get()) {
     token_service_.reset(new TokenService());
diff --git a/chrome/browser/profiles/profile_impl.h b/chrome/browser/profiles/profile_impl.h
index b5619d1..1879aac 100644
--- a/chrome/browser/profiles/profile_impl.h
+++ b/chrome/browser/profiles/profile_impl.h
@@ -126,6 +126,7 @@ class ProfileImpl : public Profile,
   virtual FilePath last_selected_directory() OVERRIDE;
   virtual void set_last_selected_directory(const FilePath& path) OVERRIDE;
   virtual ProfileSyncService* GetProfileSyncService() OVERRIDE;
+  virtual SigninManager* GetSigninManager() OVERRIDE;
   virtual TokenService* GetTokenService() OVERRIDE;
   void InitSyncService();
   virtual ExtensionInfoMap* GetExtensionInfoMap() OVERRIDE;
@@ -245,6 +246,7 @@ class ProfileImpl : public Profile,
   scoped_refptr<PromoResourceService> promo_resource_service_;
   scoped_refptr<ProtocolHandlerRegistry> protocol_handler_registry_;
 
+  scoped_ptr<SigninManager> signin_manager_;
   scoped_ptr<TokenService> token_service_;
   scoped_ptr<ProfileSyncComponentsFactory> profile_sync_factory_;
   scoped_ptr<ProfileSyncService> sync_service_;
diff --git a/chrome/browser/signin/OWNERS b/chrome/browser/signin/OWNERS
new file mode 100644
index 0000000..e94f3aa
--- /dev/null
+++ b/chrome/browser/signin/OWNERS
@@ -0,0 +1,2 @@
+tim@chromium.org
+atwilson@chromium.org
\ No newline at end of file
diff --git a/chrome/browser/sync/signin_manager.cc b/chrome/browser/signin/signin_manager.cc
index e60ede5..0dc8092 100644
--- a/chrome/browser/sync/signin_manager.cc
+++ b/chrome/browser/signin/signin_manager.cc
@@ -1,14 +1,14 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/browser/sync/signin_manager.h"
+#include "chrome/browser/signin/signin_manager.h"
 
 #include "base/command_line.h"
 #include "base/string_util.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/util/oauth.h"
 #include "chrome/common/chrome_notification_types.h"
@@ -20,7 +20,10 @@
 const char kGetInfoEmailKey[] = "email";
 
 SigninManager::SigninManager()
-    : profile_(NULL), had_two_factor_error_(false) {}
+    : profile_(NULL),
+      had_two_factor_error_(false),
+      last_login_auth_error_(GoogleServiceAuthError::None()) {
+}
 
 SigninManager::~SigninManager() {}
 
@@ -189,6 +192,10 @@ void SigninManager::SignOut() {
   profile_->GetTokenService()->EraseTokensFromDB();
 }
 
+const GoogleServiceAuthError& SigninManager::GetLoginAuthError() const {
+  return last_login_auth_error_;
+}
+
 void SigninManager::OnClientLoginSuccess(const ClientLoginResult& result) {
   DCHECK(!browser_sync::IsUsingOAuth());
   last_result_ = result;
@@ -203,6 +210,7 @@ void SigninManager::OnGetUserInfoSuccess(const std::string& key,
   DCHECK(key == kGetInfoEmailKey);
   DCHECK(authenticated_username_.empty() || authenticated_username_ == value);
 
+  last_login_auth_error_ = GoogleServiceAuthError::None();
   authenticated_username_ = value;
   possibly_invalid_username_.clear();
   profile_->GetPrefs()->SetString(prefs::kGoogleServicesUsername,
@@ -248,6 +256,7 @@ void SigninManager::OnTokenAuthFailure(const GoogleServiceAuthError& error) {
 
 void SigninManager::OnClientLoginFailure(const GoogleServiceAuthError& error) {
   DCHECK(!browser_sync::IsUsingOAuth());
+  last_login_auth_error_ = error;
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
       content::Source<Profile>(profile_),
@@ -307,6 +316,8 @@ void SigninManager::OnUserInfoSuccess(const std::string& email) {
     return;
 
   DVLOG(1) << "Sync signin for " << email << " is complete.";
+  last_login_auth_error_ = GoogleServiceAuthError::None();
+
   authenticated_username_ = email;
   profile_->GetPrefs()->SetString(
       prefs::kGoogleServicesUsername, authenticated_username_);
diff --git a/chrome/browser/sync/signin_manager.h b/chrome/browser/signin/signin_manager.h
index ff05bdc..8fdbd18 100644
--- a/chrome/browser/sync/signin_manager.h
+++ b/chrome/browser/signin/signin_manager.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
@@ -14,8 +14,8 @@
 // restarts). Until that happens, the signin manager can still be used to
 // refresh credentials, but changing the username is not permitted.
 
-#ifndef CHROME_BROWSER_SYNC_SIGNIN_MANAGER_H_
-#define CHROME_BROWSER_SYNC_SIGNIN_MANAGER_H_
+#ifndef CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
+#define CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
 #pragma once
 
 #include <string>
@@ -91,7 +91,11 @@ class SigninManager : public GaiaAuthConsumer,
 
   // Sign a user out, removing the preference, erasing all keys
   // associated with the user, and canceling all auth in progress.
-  void SignOut();
+  virtual void SignOut();
+
+  // Returns the auth error associated with the last login attempt, or None if
+  // there have been no login failures.
+  virtual const GoogleServiceAuthError& GetLoginAuthError() const;
 
   // GaiaAuthConsumer
   virtual void OnClientLoginSuccess(const ClientLoginResult& result) OVERRIDE;
@@ -124,6 +128,7 @@ class SigninManager : public GaiaAuthConsumer,
                        const content::NotificationDetails& details) OVERRIDE;
 
  private:
+  friend class FakeSigninManager;
   FRIEND_TEST_ALL_PREFIXES(SigninManagerTest, ClearTransientSigninData);
   FRIEND_TEST_ALL_PREFIXES(SigninManagerTest, ProvideSecondFactorSuccess);
   FRIEND_TEST_ALL_PREFIXES(SigninManagerTest, ProvideSecondFactorFailure);
@@ -160,9 +165,13 @@ class SigninManager : public GaiaAuthConsumer,
   // Register for notifications from the TokenService.
   content::NotificationRegistrar registrar_;
 
+  // The last error we received when logging in (used to retrieve details like
+  // captchas, etc).
+  GoogleServiceAuthError last_login_auth_error_;
+
   std::string authenticated_username_;
 
   DISALLOW_COPY_AND_ASSIGN(SigninManager);
 };
 
-#endif  // CHROME_BROWSER_SYNC_SIGNIN_MANAGER_H_
+#endif  // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
diff --git a/chrome/browser/sync/signin_manager_fake.cc b/chrome/browser/signin/signin_manager_fake.cc
index da486f9..6c70155 100644
--- a/chrome/browser/sync/signin_manager_fake.cc
+++ b/chrome/browser/signin/signin_manager_fake.cc
@@ -1,8 +1,8 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/browser/sync/signin_manager_fake.h"
+#include "chrome/browser/signin/signin_manager_fake.h"
 
 FakeSigninManager::FakeSigninManager() {}
 
@@ -14,3 +14,7 @@ void FakeSigninManager::StartSignIn(const std::string& username,
                                     const std::string& login_captcha) {
   SetAuthenticatedUsername(username);
 }
+
+void FakeSigninManager::SignOut() {
+  authenticated_username_.clear();
+}
diff --git a/chrome/browser/sync/signin_manager_fake.h b/chrome/browser/signin/signin_manager_fake.h
index 563bc02..dffe6a6 100644
--- a/chrome/browser/sync/signin_manager_fake.h
+++ b/chrome/browser/signin/signin_manager_fake.h
@@ -1,15 +1,15 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CHROME_BROWSER_SYNC_SIGNIN_MANAGER_FAKE_H_
-#define CHROME_BROWSER_SYNC_SIGNIN_MANAGER_FAKE_H_
+#ifndef CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_FAKE_H_
+#define CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_FAKE_H_
 #pragma once
 
 #include <string>
 
 #include "base/compiler_specific.h"
-#include "chrome/browser/sync/signin_manager.h"
+#include "chrome/browser/signin/signin_manager.h"
 
 // A signin manager that bypasses actual authentication routines with servers
 // and accepts the credentials provided to StartSignIn.
@@ -22,6 +22,7 @@ class FakeSigninManager : public SigninManager {
                            const std::string& password,
                            const std::string& login_token,
                            const std::string& login_captcha) OVERRIDE;
+  virtual void SignOut() OVERRIDE;
 };
 
-#endif  // CHROME_BROWSER_SYNC_SIGNIN_MANAGER_FAKE_H_
+#endif  // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_FAKE_H_
diff --git a/chrome/browser/sync/signin_manager_unittest.cc b/chrome/browser/signin/signin_manager_unittest.cc
index a26be73..410b632 100644
--- a/chrome/browser/sync/signin_manager_unittest.cc
+++ b/chrome/browser/signin/signin_manager_unittest.cc
@@ -1,16 +1,16 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/browser/sync/signin_manager.h"
+#include "chrome/browser/signin/signin_manager.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
-#include "chrome/browser/net/gaia/token_service.h"
-#include "chrome/browser/net/gaia/token_service_unittest.h"
 #include "chrome/browser/password_manager/encryptor.h"
 #include "chrome/browser/prefs/pref_service.h"
+#include "chrome/browser/signin/token_service.h"
+#include "chrome/browser/signin/token_service_unittest.h"
 #include "chrome/browser/sync/util/oauth.h"
 #include "chrome/browser/webdata/web_data_service.h"
 #include "chrome/common/chrome_notification_types.h"
diff --git a/chrome/browser/net/gaia/token_service.cc b/chrome/browser/signin/token_service.cc
index 031719e..f6c17c5 100644
--- a/chrome/browser/net/gaia/token_service.cc
+++ b/chrome/browser/signin/token_service.cc
@@ -1,8 +1,8 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/browser/net/gaia/token_service.h"
+#include "chrome/browser/signin/token_service.h"
 
 #include "base/command_line.h"
 #include "base/string_util.h"
diff --git a/chrome/browser/net/gaia/token_service.h b/chrome/browser/signin/token_service.h
index 99c31d1..6b33c8c 100644
--- a/chrome/browser/net/gaia/token_service.h
+++ b/chrome/browser/signin/token_service.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
@@ -32,8 +32,8 @@
 //   }
 // }
 
-#ifndef CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_H_
-#define CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_H_
+#ifndef CHROME_BROWSER_SIGNIN_TOKEN_SERVICE_H_
+#define CHROME_BROWSER_SIGNIN_TOKEN_SERVICE_H_
 #pragma once
 
 #include <map>
@@ -278,4 +278,4 @@ class TokenService : public GaiaAuthConsumer,
   DISALLOW_COPY_AND_ASSIGN(TokenService);
 };
 
-#endif  // CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_H_
+#endif  // CHROME_BROWSER_SIGNIN_TOKEN_SERVICE_H_
diff --git a/chrome/browser/net/gaia/token_service_unittest.cc b/chrome/browser/signin/token_service_unittest.cc
index c43cd5c..2c8b264 100644
--- a/chrome/browser/net/gaia/token_service_unittest.cc
+++ b/chrome/browser/signin/token_service_unittest.cc
@@ -1,10 +1,10 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file defines a unit test for the profile's token service.
 
-#include "chrome/browser/net/gaia/token_service_unittest.h"
+#include "chrome/browser/signin/token_service_unittest.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
diff --git a/chrome/browser/net/gaia/token_service_unittest.h b/chrome/browser/signin/token_service_unittest.h
index 5f14feb..5de3f248 100644
--- a/chrome/browser/net/gaia/token_service_unittest.h
+++ b/chrome/browser/signin/token_service_unittest.h
@@ -1,17 +1,17 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file defines a unit test harness for the profile's token service.
 
-#ifndef CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_UNITTEST_H_
-#define CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_UNITTEST_H_
+#ifndef CHROME_BROWSER_SIGNIN_TOKEN_SERVICE_UNITTEST_H_
+#define CHROME_BROWSER_SIGNIN_TOKEN_SERVICE_UNITTEST_H_
 #pragma once
 
 #include "base/message_loop.h"
 #include "base/synchronization/waitable_event.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/webdata/web_data_service.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/common/net/gaia/gaia_auth_consumer.h"
 #include "chrome/test/base/testing_profile.h"
 #include "content/public/browser/notification_details.h"
@@ -81,4 +81,4 @@ class TokenServiceTestHarness : public testing::Test {
   scoped_ptr<TestingProfile> profile_;
 };
 
-#endif  // CHROME_BROWSER_NET_GAIA_TOKEN_SERVICE_UNITTEST_H_
+#endif  // CHROME_BROWSER_SIGNIN_TOKEN_SERVICE_UNITTEST_H_
diff --git a/chrome/browser/sync/abstract_profile_sync_service_test.h b/chrome/browser/sync/abstract_profile_sync_service_test.h
index fc62d49..2d0da0b9 100644
--- a/chrome/browser/sync/abstract_profile_sync_service_test.h
+++ b/chrome/browser/sync/abstract_profile_sync_service_test.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -12,7 +12,7 @@
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
-#include "chrome/browser/net/gaia/token_service.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/internal_api/change_record.h"
 #include "chrome/browser/sync/profile_sync_components_factory_mock.h"
 #include "chrome/browser/sync/syncable/model_type.h"
diff --git a/chrome/browser/sync/glue/sync_backend_host.cc b/chrome/browser/sync/glue/sync_backend_host.cc
index ab3e5f6..156fba9 100644
--- a/chrome/browser/sync/glue/sync_backend_host.cc
+++ b/chrome/browser/sync/glue/sync_backend_host.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -16,8 +16,8 @@
 #include "base/location.h"
 #include "base/threading/thread_restrictions.h"
 #include "base/utf_string_conversions.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/glue/change_processor.h"
 #include "chrome/browser/sync/glue/http_bridge.h"
 #include "chrome/browser/sync/glue/sync_backend_registrar.h"
diff --git a/chrome/browser/sync/profile_sync_components_factory_impl.cc b/chrome/browser/sync/profile_sync_components_factory_impl.cc
index bdc557c..b9d4f76 100644
--- a/chrome/browser/sync/profile_sync_components_factory_impl.cc
+++ b/chrome/browser/sync/profile_sync_components_factory_impl.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -11,6 +11,7 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/search_engines/template_url_service.h"
 #include "chrome/browser/search_engines/template_url_service_factory.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/api/syncable_service.h"
 #include "chrome/browser/sync/glue/app_data_type_controller.h"
 #include "chrome/browser/sync/glue/app_notification_data_type_controller.h"
@@ -42,7 +43,6 @@
 #include "chrome/browser/sync/glue/typed_url_model_associator.h"
 #include "chrome/browser/sync/profile_sync_components_factory_impl.h"
 #include "chrome/browser/sync/profile_sync_service.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/webdata/autocomplete_syncable_service.h"
 #include "chrome/browser/webdata/autofill_profile_syncable_service.h"
 #include "chrome/browser/webdata/web_data_service.h"
@@ -95,10 +95,7 @@ ProfileSyncService*
       browser_defaults::kSyncAutoStarts ? ProfileSyncService::AUTO_START
                                         : ProfileSyncService::MANUAL_START;
 
-  PrefService* prefs = profile_->GetPrefs();
-  SigninManager* signin = new SigninManager();
-  signin->SetAuthenticatedUsername(prefs->GetString(
-      prefs::kGoogleServicesUsername));
+  SigninManager* signin = profile_->GetSigninManager();
 
   // TODO(tim): Currently, AUTO/MANUAL settings refer to the *first* time sync
   // is set up and *not* a browser restart for a manual-start platform (where
diff --git a/chrome/browser/sync/profile_sync_service.cc b/chrome/browser/sync/profile_sync_service.cc
index d6a4d8d..65ffb22 100644
--- a/chrome/browser/sync/profile_sync_service.cc
+++ b/chrome/browser/sync/profile_sync_service.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -24,8 +24,10 @@
 #include "chrome/browser/about_flags.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/net/chrome_cookie_notification_details.h"
-#include "chrome/browser/net/gaia/token_service.h"
+
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/api/sync_error.h"
 #include "chrome/browser/sync/backend_migrator.h"
 #include "chrome/browser/sync/glue/change_processor.h"
@@ -39,7 +41,6 @@
 #include "chrome/browser/sync/js/js_arg_list.h"
 #include "chrome/browser/sync/js/js_event_details.h"
 #include "chrome/browser/sync/profile_sync_components_factory.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/sync_global_error.h"
 #include "chrome/browser/sync/util/cryptographer.h"
 #include "chrome/browser/sync/util/oauth.h"
@@ -192,8 +193,6 @@ void ProfileSyncService::Initialize() {
   if (!HasSyncSetupCompleted())
     DisableForUser();  // Clean up in case of previous crash / setup abort.
 
-  signin_->Initialize(profile_);
-
   TryStart();
 }
 
@@ -224,6 +223,9 @@ void ProfileSyncService::RegisterAuthNotifications() {
   registrar_.Add(this,
                  chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
                  content::Source<Profile>(profile_));
+  registrar_.Add(this,
+                 chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL,
+                 content::Source<Profile>(profile_));
 }
 
 void ProfileSyncService::RegisterDataTypeController(
@@ -434,7 +436,6 @@ void ProfileSyncService::Shutdown(bool sync_disabled) {
   encrypt_everything_ = false;
   encrypted_types_ = browser_sync::Cryptographer::SensitiveTypes();
   passphrase_required_reason_ = sync_api::REASON_PASSPHRASE_NOT_REQUIRED;
-  last_attempted_user_email_.clear();
   last_auth_error_ = GoogleServiceAuthError::None();
 
   if (sync_global_error_.get()) {
@@ -463,7 +464,11 @@ void ProfileSyncService::DisableForUser() {
   ClearUnrecoverableError();
   Shutdown(true);
 
-  signin_->SignOut();
+  // TODO(atwilson): Don't call SignOut() on *any* platform - move this into
+  // the UI layer if needed (sync activity should never result in the user
+  // being logged out of all chrome services).
+  if (!auto_start_enabled_)
+    signin_->SignOut();
 
   NotifyObservers();
 }
@@ -706,7 +711,6 @@ void ProfileSyncService::UpdateAuthErrorState(
     auth_start_time_ = base::TimeTicks();
   }
 
-  is_auth_in_progress_ = false;
   // Fan the notification out to interested UI-thread components.
   NotifyObservers();
 }
@@ -1033,6 +1037,17 @@ bool ProfileSyncService::UIShouldDepictAuthInProgress() const {
   return is_auth_in_progress_;
 }
 
+void ProfileSyncService::SetUIShouldDepictAuthInProgress(
+    bool auth_in_progress) {
+  is_auth_in_progress_ = auth_in_progress;
+  // TODO(atwilson): Figure out if we still need to track this or if we should
+  // move this up to the UI (or break it out into two stats that track GAIA
+  // auth and sync auth separately).
+  if (is_auth_in_progress_)
+    auth_start_time_ = base::TimeTicks::Now();
+  NotifyObservers();
+}
+
 bool ProfileSyncService::IsPassphraseRequired() const {
   return passphrase_required_reason_ !=
       sync_api::REASON_PASSPHRASE_NOT_REQUIRED;
@@ -1059,41 +1074,6 @@ string16 ProfileSyncService::GetLastSyncedTimeString() const {
   return TimeFormat::TimeElapsed(last_synced);
 }
 
-void ProfileSyncService::OnUserSubmittedAuth(
-    const std::string& username, const std::string& password,
-    const std::string& captcha, const std::string& access_code) {
-  last_attempted_user_email_ = username;
-  is_auth_in_progress_ = true;
-  NotifyObservers();
-
-  auth_start_time_ = base::TimeTicks::Now();
-
-  if (!access_code.empty()) {
-    signin_->ProvideSecondFactorAccessCode(access_code);
-    return;
-  }
-
-  // The user has submitted credentials, which indicates they don't
-  // want to suppress start up anymore.
-  sync_prefs_.SetStartSuppressed(false);
-
-  signin_->StartSignIn(username,
-                       password,
-                       last_auth_error_.captcha().token,
-                       captcha);
-}
-
-void ProfileSyncService::OnUserSubmittedOAuth(
-    const std::string& oauth1_request_token) {
-  is_auth_in_progress_ = true;
-
-  // The user has submitted credentials, which indicates they don't
-  // want to suppress start up anymore.
-  sync_prefs_.SetStartSuppressed(false);
-
-  signin_->StartOAuthSignIn(oauth1_request_token);
-}
-
 void ProfileSyncService::OnUserChoseDatatypes(bool sync_everything,
     syncable::ModelTypeSet chosen_types) {
   if (!backend_.get() &&
@@ -1121,16 +1101,6 @@ void ProfileSyncService::OnUserCancelledDialog() {
   // allow them to cancel out.
   encryption_pending_ = false;
 
-  // Though an auth could still be in progress, once the dialog is closed we
-  // don't want the UI to stay stuck in the "waiting for authentication" state
-  // as that could take forever.  We set this to false so the buttons to re-
-  // login will appear until either a) the original request finishes and
-  // succeeds, calling OnAuthError(NONE), or b) the user clicks the button,
-  // and tries to re-authenticate. (b) is a little awkward as this second
-  // request will get queued behind the first and could wind up "undoing" the
-  // good if invalid creds were provided, but it's an edge case and the user
-  // can of course get themselves out of it.
-  is_auth_in_progress_ = false;
   NotifyObservers();
 }
 
@@ -1414,6 +1384,23 @@ void ProfileSyncService::Observe(int type,
       UpdateAuthErrorState(error);
       break;
     }
+    case chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL: {
+      const GoogleServiceSigninSuccessDetails* successful =
+          content::Details<const GoogleServiceSigninSuccessDetails>(
+              details).ptr();
+      // The user has submitted credentials, which indicates they don't
+      // want to suppress start up anymore.
+      sync_prefs_.SetStartSuppressed(false);
+
+      // We pass 'false' to SetPassphrase to denote that this is an implicit
+      // request and shouldn't override an explicit one.  Thus, we either
+      // update the implicit passphrase (idempotent if the passphrase didn't
+      // actually change), or the user has an explicit passphrase set so this
+      // becomes a no-op.
+      if (!successful->password.empty())
+        SetPassphrase(successful->password, false);
+      break;
+    }
     case chrome::NOTIFICATION_TOKEN_REQUEST_FAILED: {
       const TokenService::TokenRequestFailedDetails& token_details =
           *(content::Details<const TokenService::TokenRequestFailedDetails>(
diff --git a/chrome/browser/sync/profile_sync_service.h b/chrome/browser/sync/profile_sync_service.h
index 61eab47..9e04c87 100644
--- a/chrome/browser/sync/profile_sync_service.h
+++ b/chrome/browser/sync/profile_sync_service.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -155,7 +155,7 @@ class ProfileSyncService : public browser_sync::SyncFrontend,
 
   ProfileSyncService(ProfileSyncComponentsFactory* factory,
                      Profile* profile,
-                     SigninManager* signin,  // Service takes ownership.
+                     SigninManager* signin,
                      StartBehavior start_behavior);
   virtual ~ProfileSyncService();
 
@@ -229,15 +229,6 @@ class ProfileSyncService : public browser_sync::SyncFrontend,
 
   void OnClearServerDataTimeout();
 
-  // Called when a user enters credentials through UI.
-  virtual void OnUserSubmittedAuth(const std::string& username,
-                                   const std::string& password,
-                                   const std::string& captcha,
-                                   const std::string& access_code);
-
-  // Called when a user enters credentials through UI.
-  virtual void OnUserSubmittedOAuth(const std::string& oauth1_request_token);
-
   // Update the last auth error and notify observers of error state.
   void UpdateAuthErrorState(const GoogleServiceAuthError& error);
 
@@ -308,7 +299,14 @@ class ProfileSyncService : public browser_sync::SyncFrontend,
     return unrecoverable_error_location_;
   }
 
+  // Tracks whether the user is currently authenticating or not. This is used
+  // by the sync_ui_util helper routines to allow the UI to properly display
+  // an "authenticating..." status message instead of an auth error when we are
+  // in the process of trying to update credentials.
+  // TODO(atwilson): This state should reside up in the UI or in a profile-
+  // specific SyncUIUtil object rather than in ProfileSyncService.
   virtual bool UIShouldDepictAuthInProgress() const;
+  virtual void SetUIShouldDepictAuthInProgress(bool auth_in_progress);
 
   // Returns true if OnPassphraseRequired has been called for any reason.
   virtual bool IsPassphraseRequired() const;
@@ -324,10 +322,6 @@ class ProfileSyncService : public browser_sync::SyncFrontend,
   // Returns a user-friendly string form of last synced time (in minutes).
   virtual string16 GetLastSyncedTimeString() const;
 
-  const std::string& last_attempted_user_email() const {
-    return last_attempted_user_email_;
-  }
-
   // The profile we are syncing for.
   Profile* profile() const { return profile_; }
 
@@ -472,7 +466,7 @@ class ProfileSyncService : public browser_sync::SyncFrontend,
 
   const GURL& sync_service_url() const { return sync_service_url_; }
   bool auto_start_enabled() const { return auto_start_enabled_; }
-  SigninManager* signin() const { return signin_.get(); }
+  SigninManager* signin() const { return signin_; }
 
   // Stops the sync backend and sets the flag for suppressing sync startup.
   void StopAndSuppress();
@@ -527,9 +521,6 @@ class ProfileSyncService : public browser_sync::SyncFrontend,
   // other threads.
   scoped_ptr<browser_sync::SyncBackendHost> backend_;
 
-  // Cache of the last name the client attempted to authenticate.
-  std::string last_attempted_user_email_;
-
   // Was the last SYNC_PASSPHRASE_REQUIRED notification sent because it
   // was required for encryption, decryption with a cached passphrase, or
   // because a new passphrase is required?
@@ -626,8 +617,9 @@ class ProfileSyncService : public browser_sync::SyncFrontend,
 
   SyncSetupWizard wizard_;
 
-  // Encapsulates user signin with TokenService.
-  scoped_ptr<SigninManager> signin_;
+  // Encapsulates user signin - used to set/get the user's authenticated
+  // email address.
+  SigninManager* signin_;
 
   // True if an unrecoverable error (e.g. violation of an assumed invariant)
   // occurred during syncer operation.  This value should be checked before
diff --git a/chrome/browser/sync/profile_sync_service_autofill_unittest.cc b/chrome/browser/sync/profile_sync_service_autofill_unittest.cc
index be71eae..49ee5dd 100644
--- a/chrome/browser/sync/profile_sync_service_autofill_unittest.cc
+++ b/chrome/browser/sync/profile_sync_service_autofill_unittest.cc
@@ -23,6 +23,7 @@
 #include "chrome/browser/autofill/autofill_common_test.h"
 #include "chrome/browser/autofill/personal_data_manager.h"
 #include "chrome/browser/autofill/personal_data_manager_factory.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/abstract_profile_sync_service_test.h"
 #include "chrome/browser/sync/engine/model_changing_syncer_command.h"
 #include "chrome/browser/sync/glue/autofill_data_type_controller.h"
@@ -39,7 +40,6 @@
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_test_util.h"
 #include "chrome/browser/sync/protocol/autofill_specifics.pb.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/model_type.h"
 #include "chrome/browser/sync/syncable/syncable.h"
@@ -399,7 +399,7 @@ class ProfileSyncServiceAutofillTest : public AbstractProfileSyncServiceTest {
                         bool will_fail_association,
                         syncable::ModelType type) {
     AbstractAutofillFactory* factory = GetFactory(type);
-    SigninManager* signin = new SigninManager();
+    SigninManager* signin = profile_.GetSigninManager();
     signin->SetAuthenticatedUsername("test_user");
     service_.reset(
         new TestProfileSyncService(&factory_,
diff --git a/chrome/browser/sync/profile_sync_service_harness.cc b/chrome/browser/sync/profile_sync_service_harness.cc
index 3bde3bd8..ff64bd0 100644
--- a/chrome/browser/sync/profile_sync_service_harness.cc
+++ b/chrome/browser/sync/profile_sync_service_harness.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -20,9 +20,9 @@
 #include "base/memory/ref_counted.h"
 #include "base/message_loop.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/glue/data_type_controller.h"
 #include "chrome/browser/sync/sessions/session_state.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/sync_ui_util.h"
 
 using browser_sync::sessions::SyncSessionSnapshot;
diff --git a/chrome/browser/sync/profile_sync_service_mock.cc b/chrome/browser/sync/profile_sync_service_mock.cc
index 2682fd3..8770a0f 100644
--- a/chrome/browser/sync/profile_sync_service_mock.cc
+++ b/chrome/browser/sync/profile_sync_service_mock.cc
@@ -1,11 +1,11 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/prefs/pref_service_mock_builder.h"
 #include "chrome/browser/prefs/testing_pref_store.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/profile_sync_service_mock.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/ui/webui/chrome_url_data_manager.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/url_constants.h"
@@ -26,6 +26,7 @@ ProfileSyncServiceMock::ProfileSyncServiceMock(
 }
 
 ProfileSyncServiceMock::~ProfileSyncServiceMock() {
+  delete signin();
 }
 
 // static
diff --git a/chrome/browser/sync/profile_sync_service_mock.h b/chrome/browser/sync/profile_sync_service_mock.h
index 7c1d6c1..5987540 100644
--- a/chrome/browser/sync/profile_sync_service_mock.h
+++ b/chrome/browser/sync/profile_sync_service_mock.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -20,6 +20,7 @@
 
 class ProfileSyncServiceMock : public ProfileSyncService {
  public:
+  // no-arg constructor provided so TestingProfile can use NiceMock.
   ProfileSyncServiceMock();
   explicit ProfileSyncServiceMock(Profile* profile);
   virtual ~ProfileSyncServiceMock();
diff --git a/chrome/browser/sync/profile_sync_service_password_unittest.cc b/chrome/browser/sync/profile_sync_service_password_unittest.cc
index 2208bcd..8d3fea9 100644
--- a/chrome/browser/sync/profile_sync_service_password_unittest.cc
+++ b/chrome/browser/sync/profile_sync_service_password_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -14,6 +14,7 @@
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/password_manager/password_store.h"
 #include "chrome/browser/prefs/pref_service.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/abstract_profile_sync_service_test.h"
 #include "chrome/browser/sync/glue/password_change_processor.h"
 #include "chrome/browser/sync/glue/password_data_type_controller.h"
@@ -27,7 +28,6 @@
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_test_util.h"
 #include "chrome/browser/sync/protocol/password_specifics.pb.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/syncable.h"
 #include "chrome/browser/sync/test/engine/test_id_factory.h"
@@ -215,7 +215,7 @@ class ProfileSyncServicePasswordTest : public AbstractProfileSyncServiceTest {
   void StartSyncService(const base::Closure& root_callback,
                         const base::Closure& node_callback) {
     if (!service_.get()) {
-      SigninManager* signin = new SigninManager();
+      SigninManager* signin = profile_.GetSigninManager();
       signin->SetAuthenticatedUsername("test_user");
       service_.reset(new PasswordTestProfileSyncService(
           &factory_, &profile_, signin, false,
diff --git a/chrome/browser/sync/profile_sync_service_preference_unittest.cc b/chrome/browser/sync/profile_sync_service_preference_unittest.cc
index 26dc5e3..6656abb 100644
--- a/chrome/browser/sync/profile_sync_service_preference_unittest.cc
+++ b/chrome/browser/sync/profile_sync_service_preference_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -15,6 +15,8 @@
 #include "base/string_piece.h"
 #include "chrome/browser/prefs/pref_model_associator.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/abstract_profile_sync_service_test.h"
 #include "chrome/browser/sync/api/sync_data.h"
 #include "chrome/browser/sync/glue/generic_change_processor.h"
@@ -28,7 +30,6 @@
 #include "chrome/browser/sync/internal_api/write_transaction.h"
 #include "chrome/browser/sync/profile_sync_test_util.h"
 #include "chrome/browser/sync/protocol/preference_specifics.pb.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/syncable/model_type.h"
 #include "chrome/browser/sync/test_profile_sync_service.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
@@ -119,7 +120,7 @@ class ProfileSyncServicePreferenceTest
     if (service_.get())
       return false;
 
-    SigninManager* signin = new SigninManager();
+    SigninManager* signin = profile_->GetSigninManager();
     signin->SetAuthenticatedUsername("test");
     service_.reset(new TestProfileSyncService(
         &factory_,
diff --git a/chrome/browser/sync/profile_sync_service_session_unittest.cc b/chrome/browser/sync/profile_sync_service_session_unittest.cc
index 15ec731..7c9252e 100644
--- a/chrome/browser/sync/profile_sync_service_session_unittest.cc
+++ b/chrome/browser/sync/profile_sync_service_session_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -18,6 +18,7 @@
 #include "chrome/browser/sessions/session_service.h"
 #include "chrome/browser/sessions/session_service_factory.h"
 #include "chrome/browser/sessions/session_service_test_helper.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/abstract_profile_sync_service_test.h"
 #include "chrome/browser/sync/glue/session_change_processor.h"
 #include "chrome/browser/sync/glue/session_data_type_controller.h"
@@ -31,7 +32,6 @@
 #include "chrome/browser/sync/profile_sync_test_util.h"
 #include "chrome/browser/sync/protocol/session_specifics.pb.h"
 #include "chrome/browser/sync/protocol/sync.pb.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/model_type.h"
 #include "chrome/browser/sync/syncable/syncable.h"
@@ -224,7 +224,7 @@ class ProfileSyncServiceSessionTest
                         bool will_fail_association) {
     if (sync_service_.get())
       return false;
-    SigninManager* signin = new SigninManager();
+    SigninManager* signin = profile()->GetSigninManager();
     signin->SetAuthenticatedUsername("test_user");
     sync_service_.reset(new TestProfileSyncService(
         &factory_,
diff --git a/chrome/browser/sync/profile_sync_service_startup_unittest.cc b/chrome/browser/sync/profile_sync_service_startup_unittest.cc
index 118527d..a39ff0b 100644
--- a/chrome/browser/sync/profile_sync_service_startup_unittest.cc
+++ b/chrome/browser/sync/profile_sync_service_startup_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -6,13 +6,14 @@
 
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/prefs/pref_service.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/signin_manager_fake.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/glue/data_type_manager.h"
 #include "chrome/browser/sync/glue/data_type_manager_mock.h"
 #include "chrome/browser/sync/profile_sync_components_factory_mock.h"
 #include "chrome/browser/sync/profile_sync_test_util.h"
-#include "chrome/browser/sync/signin_manager_fake.h"
 #include "chrome/browser/sync/test_profile_sync_service.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/net/gaia/gaia_auth_consumer.h"
@@ -69,9 +70,12 @@ class ProfileSyncServiceStartupTest : public testing::Test {
  protected:
   // Overridden below by ProfileSyncServiceStartupCrosTest.
   virtual void CreateSyncService() {
+    SigninManager* signin = new FakeSigninManager();
+    signin->SetAuthenticatedUsername("test_user");
+    profile_->SetSigninManager(signin);
     service_.reset(new TestProfileSyncService(&factory_,
                                               profile_.get(),
-                                              new FakeSigninManager(),
+                                              signin,
                                               ProfileSyncService::MANUAL_START,
                                               true,
                                               base::Closure()));
@@ -97,7 +101,7 @@ class ProfileSyncServiceStartupTest : public testing::Test {
 class ProfileSyncServiceStartupCrosTest : public ProfileSyncServiceStartupTest {
  protected:
   virtual void CreateSyncService() {
-    SigninManager* signin = new SigninManager();
+    SigninManager* signin = profile_->GetSigninManager();
     signin->SetAuthenticatedUsername("test_user");
     service_.reset(new TestProfileSyncService(&factory_,
                                               profile_.get(),
@@ -114,6 +118,9 @@ TEST_F(ProfileSyncServiceStartupTest, StartFirstTime) {
 
   // We've never completed startup.
   profile_->GetPrefs()->ClearPref(prefs::kSyncHasSetupCompleted);
+  // Make sure SigninManager doesn't think we're signed in (undoes the call to
+  // SetAuthenticatedUsername() in CreateSyncService()).
+  profile_->GetSigninManager()->SignOut();
 
   // Should not actually start, rather just clean things up and wait
   // to be enabled.
@@ -135,7 +142,7 @@ TEST_F(ProfileSyncServiceStartupTest, StartFirstTime) {
 
   // Create some tokens in the token service; the service will startup when
   // it is notified that tokens are available.
-  service_->OnUserSubmittedAuth("test_user", "", "", "");
+  service_->signin()->StartSignIn("test_user", "", "", "");
   profile_->GetTokenService()->IssueAuthTokenForTest(
       GaiaConstants::kSyncService, "sync_token");
   profile_->GetTokenService()->IssueAuthTokenForTest(
diff --git a/chrome/browser/sync/profile_sync_service_typed_url_unittest.cc b/chrome/browser/sync/profile_sync_service_typed_url_unittest.cc
index 8e6045b..ef0d8f4 100644
--- a/chrome/browser/sync/profile_sync_service_typed_url_unittest.cc
+++ b/chrome/browser/sync/profile_sync_service_typed_url_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -18,6 +18,7 @@
 #include "chrome/browser/history/history_backend.h"
 #include "chrome/browser/history/history_notifications.h"
 #include "chrome/browser/history/history_types.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/abstract_profile_sync_service_test.h"
 #include "chrome/browser/sync/glue/sync_backend_host.h"
 #include "chrome/browser/sync/glue/sync_backend_host_mock.h"
@@ -33,7 +34,6 @@
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_test_util.h"
 #include "chrome/browser/sync/protocol/typed_url_specifics.pb.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/test_profile_sync_service.h"
 #include "chrome/browser/sync/test/engine/test_id_factory.h"
@@ -174,7 +174,7 @@ class ProfileSyncServiceTypedUrlTest : public AbstractProfileSyncServiceTest {
 
   void StartSyncService(const base::Closure& callback) {
     if (!service_.get()) {
-      SigninManager* signin = new SigninManager();
+      SigninManager* signin = profile_.GetSigninManager();
       signin->SetAuthenticatedUsername("test");
       service_.reset(
           new TestProfileSyncService(&factory_,
diff --git a/chrome/browser/sync/profile_sync_service_unittest.cc b/chrome/browser/sync/profile_sync_service_unittest.cc
index 1d638ae..7c8913c 100644
--- a/chrome/browser/sync/profile_sync_service_unittest.cc
+++ b/chrome/browser/sync/profile_sync_service_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -6,13 +6,13 @@
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
 #include "base/values.h"
-#include "chrome/browser/net/gaia/token_service.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/glue/bookmark_data_type_controller.h"
 #include "chrome/browser/sync/glue/data_type_controller.h"
 #include "chrome/browser/sync/js/js_arg_list.h"
 #include "chrome/browser/sync/js/js_event_details.h"
 #include "chrome/browser/sync/js/js_test_util.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/profile_sync_components_factory_mock.h"
 #include "chrome/browser/sync/test_profile_sync_service.h"
 #include "chrome/common/chrome_version_info.h"
@@ -91,7 +91,7 @@ class ProfileSyncServiceTest : public testing::Test {
       bool sync_setup_completed,
       bool expect_create_dtm) {
     if (!service_.get()) {
-      SigninManager* signin = new SigninManager();
+      SigninManager* signin = profile_->GetSigninManager();
       signin->SetAuthenticatedUsername("test");
       service_.reset(new TestProfileSyncService(&factory_,
                                                 profile_.get(),
@@ -144,7 +144,7 @@ class ProfileSyncServiceTest : public testing::Test {
 TEST_F(ProfileSyncServiceTest, InitialState) {
   service_.reset(new TestProfileSyncService(&factory_,
                                             profile_.get(),
-                                            new SigninManager(),
+                                            profile_->GetSigninManager(),
                                             ProfileSyncService::MANUAL_START,
                                             true,
                                             base::Closure()));
@@ -161,7 +161,7 @@ TEST_F(ProfileSyncServiceTest, DisabledByPolicy) {
       Value::CreateBooleanValue(true));
   service_.reset(new TestProfileSyncService(&factory_,
                                             profile_.get(),
-                                            new SigninManager(),
+                                            profile_->GetSigninManager(),
                                             ProfileSyncService::MANUAL_START,
                                             true,
                                             base::Closure()));
@@ -170,7 +170,7 @@ TEST_F(ProfileSyncServiceTest, DisabledByPolicy) {
 }
 
 TEST_F(ProfileSyncServiceTest, AbortedByShutdown) {
-  SigninManager* signin = new SigninManager();
+  SigninManager* signin = profile_->GetSigninManager();
   signin->SetAuthenticatedUsername("test");
   service_.reset(new TestProfileSyncService(&factory_,
                                             profile_.get(),
@@ -190,7 +190,7 @@ TEST_F(ProfileSyncServiceTest, AbortedByShutdown) {
 }
 
 TEST_F(ProfileSyncServiceTest, DisableAndEnableSyncTemporarily) {
-  SigninManager* signin = new SigninManager();
+  SigninManager* signin = profile_->GetSigninManager();
   signin->SetAuthenticatedUsername("test");
   service_.reset(new TestProfileSyncService(&factory_,
                                             profile_.get(),
diff --git a/chrome/browser/sync/sync_global_error_unittest.cc b/chrome/browser/sync/sync_global_error_unittest.cc
index d7eab6e..e795dc5 100644
--- a/chrome/browser/sync/sync_global_error_unittest.cc
+++ b/chrome/browser/sync/sync_global_error_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -6,8 +6,8 @@
 
 #include "base/basictypes.h"
 #include "base/utf_string_conversions.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/profile_sync_service_mock.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/test/base/testing_profile.h"
 #include "content/test/test_browser_thread.h"
 #include "testing/gmock/include/gmock/gmock-actions.h"
diff --git a/chrome/browser/sync/sync_setup_flow.cc b/chrome/browser/sync/sync_setup_flow.cc
index b9d1090..9806c76 100644
--- a/chrome/browser/sync/sync_setup_flow.cc
+++ b/chrome/browser/sync/sync_setup_flow.cc
@@ -14,6 +14,7 @@
 #include "base/values.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/sync_setup_flow_handler.h"
 #include "chrome/browser/sync/syncable/model_type.h"
@@ -238,17 +239,15 @@ SyncSetupFlow* SyncSetupFlow::Run(ProfileSyncService* service,
   return new SyncSetupFlow(start, end, container, service);
 }
 
-// static
-void SyncSetupFlow::GetArgsForGaiaLogin(const ProfileSyncService* service,
-                                        DictionaryValue* args) {
-  const GoogleServiceAuthError& error = service->GetAuthError();
-  if (!service->last_attempted_user_email().empty()) {
-    args->SetString("user", service->last_attempted_user_email());
+void SyncSetupFlow::GetArgsForGaiaLogin(DictionaryValue* args) {
+  const GoogleServiceAuthError& error = service_->GetAuthError();
+  if (!last_attempted_user_email_.empty()) {
+    args->SetString("user", last_attempted_user_email_);
     args->SetInteger("error", error.state());
     args->SetBoolean("editable_user", true);
   } else {
     string16 user;
-    user = UTF8ToUTF16(service->profile()->GetPrefs()->GetString(
+    user = UTF8ToUTF16(service_->profile()->GetPrefs()->GetString(
         prefs::kGoogleServicesUsername));
     args->SetString("user", user);
     args->SetInteger("error", 0);
@@ -258,21 +257,20 @@ void SyncSetupFlow::GetArgsForGaiaLogin(const ProfileSyncService* service,
   args->SetString("captchaUrl", error.captcha().image_url.spec());
 }
 
-void SyncSetupFlow::GetArgsForConfigure(ProfileSyncService* service,
-                                        DictionaryValue* args) {
+void SyncSetupFlow::GetArgsForConfigure(DictionaryValue* args) {
   // The SYNC_EVERYTHING case will set this to true.
   args->SetBoolean("showSyncEverythingPage", false);
 
   args->SetBoolean("syncAllDataTypes",
-      service->profile()->GetPrefs()->GetBoolean(
+      service_->profile()->GetPrefs()->GetBoolean(
           prefs::kSyncKeepEverythingSynced));
 
   // Bookmarks, Preferences, and Themes are launched for good, there's no
   // going back now.  Check if the other data types are registered though.
   const syncable::ModelTypeSet registered_types =
-      service->GetRegisteredDataTypes();
+      service_->GetRegisteredDataTypes();
   const syncable::ModelTypeSet preferred_types =
-      service->GetPreferredDataTypes();
+      service_->GetPreferredDataTypes();
   args->SetBoolean("passwordsRegistered",
       registered_types.Has(syncable::PASSWORDS));
   args->SetBoolean("autofillRegistered",
@@ -308,23 +306,21 @@ void SyncSetupFlow::GetArgsForConfigure(ProfileSyncService* service,
       !CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kDisableSyncEncryption));
 
-  bool encrypt_all = service->EncryptEverythingEnabled();
-  if (service->encryption_pending())
+  bool encrypt_all = service_->EncryptEverythingEnabled();
+  if (service_->encryption_pending())
     encrypt_all = true;
   args->SetBoolean("encryptAllData", encrypt_all);
 
   // Load the parameters for the encryption tab.
-  args->SetBoolean("usePassphrase", service->IsUsingSecondaryPassphrase());
+  args->SetBoolean("usePassphrase", service_->IsUsingSecondaryPassphrase());
 
   // Determine if we need a passphrase or not, and if so, prompt the user.
-  if (service->IsPassphraseRequiredForDecryption() &&
-      (service->IsUsingSecondaryPassphrase() || cached_passphrase_.empty())) {
-    // We need a passphrase, and either it's an explicit passphrase, or we
-    // don't have a cached gaia passphrase, so we have to prompt the user.
+  if (service_->IsPassphraseRequiredForDecryption()) {
+    // We need a passphrase, so we have to prompt the user.
     args->SetBoolean("show_passphrase", true);
     // Tell the UI layer what kind of passphrase we need.
     args->SetBoolean("need_google_passphrase",
-                     !service->IsUsingSecondaryPassphrase());
+                     !service_->IsUsingSecondaryPassphrase());
     args->SetBoolean("passphrase_creation_rejected",
                      user_tried_creating_explicit_passphrase_);
     args->SetBoolean("passphrase_setting_rejected",
@@ -403,6 +399,7 @@ void SyncSetupFlow::OnDialogClosed(const std::string& json_retval) {
       break;
   }
 
+  service_->SetUIShouldDepictAuthInProgress(false);
   service_->OnUserCancelledDialog();
   delete this;
 }
@@ -411,16 +408,27 @@ void SyncSetupFlow::OnUserSubmittedAuth(const std::string& username,
                                         const std::string& password,
                                         const std::string& captcha,
                                         const std::string& access_code) {
-  // It's possible to receive an empty password (e.g. for ASP's), in which case
-  // we don't want to overwrite any previously cached password.
-  if (!password.empty())
-    cached_passphrase_ = password;
-  service_->OnUserSubmittedAuth(username, password, captcha, access_code);
+  last_attempted_user_email_ = username;
+  service_->SetUIShouldDepictAuthInProgress(true);
+
+  // If we're just being called to provide an ASP, then pass it to the
+  // SigninManager and wait for the next step.
+  if (!access_code.empty()) {
+    service_->signin()->ProvideSecondFactorAccessCode(access_code);
+    return;
+  }
+
+  // Kick off a sign-in through the signin manager.
+  SigninManager* signin = service_->signin();
+  signin->StartSignIn(username,
+                      password,
+                      signin->GetLoginAuthError().captcha().token,
+                      captcha);
 }
 
 void SyncSetupFlow::OnUserSubmittedOAuth(
     const std::string& oauth1_request_token) {
-  service_->OnUserSubmittedOAuth(oauth1_request_token);
+  service_->signin()->StartOAuthSignIn(oauth1_request_token);
 }
 
 void SyncSetupFlow::OnUserConfigured(const SyncConfiguration& configuration) {
@@ -445,22 +453,6 @@ void SyncSetupFlow::OnUserConfigured(const SyncConfiguration& configuration) {
     // report an error if the passphrase setting failed.
     user_tried_setting_passphrase_ = true;
     set_new_decryption_passphrase = true;
-  } else if (!service_->IsUsingSecondaryPassphrase() &&
-             !cached_passphrase_.empty()) {
-    // Service needs a GAIA passphrase and we have one cached, so try it.
-    service_->SetPassphrase(cached_passphrase_, false);
-    cached_passphrase_.clear();
-    set_new_decryption_passphrase = true;
-  } else {
-    // We can get here if the user changes their GAIA passphrase but still has
-    // data encrypted with the old passphrase. The UI prompts the user for their
-    // passphrase, but they might just leave it blank/disable the encrypted
-    // types.
-    // No gaia passphrase cached or set, so make sure the ProfileSyncService
-    // wasn't expecting one.
-    DLOG_IF(WARNING, !service_->IsUsingSecondaryPassphrase() &&
-            service_->IsPassphraseRequiredForDecryption()) <<
-        "Google passphrase required but not provided by UI";
   }
 
   // Set the secondary passphrase, either as a decryption passphrase, or
@@ -583,23 +575,14 @@ void SyncSetupFlow::ActivateState(SyncSetupWizard::State state) {
     }
     case SyncSetupWizard::GAIA_LOGIN: {
       DictionaryValue args;
-      SyncSetupFlow::GetArgsForGaiaLogin(service_, &args);
+      GetArgsForGaiaLogin(&args);
       flow_handler_->ShowGaiaLogin(args);
       break;
     }
     case SyncSetupWizard::GAIA_SUCCESS:
+      // Authentication is complete now.
+      service_->SetUIShouldDepictAuthInProgress(false);
       if (end_state_ == SyncSetupWizard::GAIA_SUCCESS) {
-        // The user has just re-authed - set the passphrase so we can re-encrypt
-        // if necessary. If we are currently encrypting with an explicit
-        // passphrase, this does nothing.
-        // TODO(atwilson): Move all the code dealing with the implicit GAIA
-        // passphrase back into ProfileSyncService in a
-        // NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL listener once we get rid of
-        // SyncSetupFlow.
-        if (!cached_passphrase_.empty()) {
-          service_->SetPassphrase(cached_passphrase_, false);
-          cached_passphrase_.clear();
-        }
         flow_handler_->ShowGaiaSuccessAndClose();
         break;
       }
@@ -607,21 +590,20 @@ void SyncSetupFlow::ActivateState(SyncSetupWizard::State state) {
       break;
     case SyncSetupWizard::SYNC_EVERYTHING: {
       DictionaryValue args;
-      SyncSetupFlow::GetArgsForConfigure(service_, &args);
+      GetArgsForConfigure(&args);
       args.SetBoolean("showSyncEverythingPage", true);
       flow_handler_->ShowConfigure(args);
       break;
     }
     case SyncSetupWizard::CONFIGURE: {
       DictionaryValue args;
-      SyncSetupFlow::GetArgsForConfigure(service_, &args);
+      GetArgsForConfigure(&args);
       flow_handler_->ShowConfigure(args);
       break;
     }
     case SyncSetupWizard::ENTER_PASSPHRASE: {
       DictionaryValue args;
-      SyncSetupFlow::GetArgsForConfigure(service_, &args);
-      GetArgsForConfigure(service_, &args);
+      GetArgsForConfigure(&args);
       // TODO(atwilson): Remove ShowPassphraseEntry in favor of using
       // ShowConfigure() - http://crbug.com/90786.
       flow_handler_->ShowPassphraseEntry(args);
@@ -632,7 +614,7 @@ void SyncSetupFlow::ActivateState(SyncSetupWizard::State state) {
       // SyncSetupFlowHandler (crbug.com/92722) but for now just transition
       // to the login state with a special error code.
       DictionaryValue args;
-      SyncSetupFlow::GetArgsForGaiaLogin(service_, &args);
+      GetArgsForGaiaLogin(&args);
       args.SetInteger("error", GoogleServiceAuthError::SERVICE_UNAVAILABLE);
       current_state_ = SyncSetupWizard::GAIA_LOGIN;
       flow_handler_->ShowGaiaLogin(args);
@@ -647,7 +629,7 @@ void SyncSetupFlow::ActivateState(SyncSetupWizard::State state) {
       // TODO(sync): Update this error handling to allow different platforms to
       // display the error appropriately (http://crbug.com/92722).
       DictionaryValue args;
-      SyncSetupFlow::GetArgsForGaiaLogin(service_, &args);
+      GetArgsForGaiaLogin(&args);
       args.SetBoolean("fatalError", true);
       current_state_ = SyncSetupWizard::GAIA_LOGIN;
       flow_handler_->ShowGaiaLogin(args);
diff --git a/chrome/browser/sync/sync_setup_flow.h b/chrome/browser/sync/sync_setup_flow.h
index 7939f0f..2338d6f 100644
--- a/chrome/browser/sync/sync_setup_flow.h
+++ b/chrome/browser/sync/sync_setup_flow.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -62,13 +62,11 @@ class SyncSetupFlow {
                             SyncSetupWizard::State start,
                             SyncSetupWizard::State end);
 
-  // Fills |args| with "user" and "error" arguments by querying |service|.
-  static void GetArgsForGaiaLogin(
-      const ProfileSyncService* service,
-      DictionaryValue* args);
+  // Fills |args| with "user" and "error" arguments per our current state.
+  void GetArgsForGaiaLogin(DictionaryValue* args);
 
   // Fills |args| for the configure screen (Choose Data Types/Encryption)
-  void GetArgsForConfigure(ProfileSyncService* service, DictionaryValue* args);
+  void GetArgsForConfigure(DictionaryValue* args);
 
   // Attaches the |handler| to this flow. Returns true if successful and false
   // if a handler has already been attached.
@@ -103,6 +101,7 @@ class SyncSetupFlow {
   void OnDialogClosed(const std::string& json_retval);
 
  private:
+  friend class ProfileSyncServiceForWizardTest;
   FRIEND_TEST_ALL_PREFIXES(SyncSetupWizardTest, InitialStepLogin);
   FRIEND_TEST_ALL_PREFIXES(SyncSetupWizardTest, ChooseDataTypesSetsPrefs);
   FRIEND_TEST_ALL_PREFIXES(SyncSetupWizardTest, DialogCancelled);
@@ -155,9 +154,9 @@ class SyncSetupFlow {
   // reflect this in the UI.
   bool user_tried_setting_passphrase_;
 
-  // We track the passphrase the user entered so we can set it when configuring
-  // the ProfileSyncService.
-  std::string cached_passphrase_;
+  // Cache of the last name the client attempted to authenticate.
+  // TODO(atwilson): Move this out of here entirely and up into the UI layer.
+  std::string last_attempted_user_email_;
 
   DISALLOW_COPY_AND_ASSIGN(SyncSetupFlow);
 };
diff --git a/chrome/browser/sync/sync_setup_wizard_unittest.cc b/chrome/browser/sync/sync_setup_wizard_unittest.cc
index bff5d38..90ccf02 100644
--- a/chrome/browser/sync/sync_setup_wizard_unittest.cc
+++ b/chrome/browser/sync/sync_setup_wizard_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -11,9 +11,9 @@
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/prefs/pref_service_mock_builder.h"
 #include "chrome/browser/prefs/testing_pref_store.h"
+#include "chrome/browser/signin/signin_manager_fake.h"
 #include "chrome/browser/sync/profile_sync_components_factory_mock.h"
 #include "chrome/browser/sync/profile_sync_service.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/sync_setup_flow.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_list.h"
@@ -57,61 +57,75 @@ class MockSyncSetupHandler : public OptionsSyncSetupHandler {
   DISALLOW_COPY_AND_ASSIGN(MockSyncSetupHandler);
 };
 
+class SigninManagerMock : public FakeSigninManager {
+ public:
+  SigninManagerMock() : auth_error_(AuthError::None()) {}
+
+  virtual void StartSignIn(const std::string& username,
+                           const std::string& password,
+                           const std::string& token,
+                           const std::string& captcha) OVERRIDE {
+    FakeSigninManager::StartSignIn(username, password, token, captcha);
+    username_ = username;
+    password_ = password;
+    captcha_ = captcha;
+  }
+
+  virtual const AuthError& GetLoginAuthError() const OVERRIDE {
+    return auth_error_;
+  }
+
+  void ResetTestStats() {
+    username_.clear();
+    password_.clear();
+    captcha_.clear();
+  }
+
+  AuthError auth_error_;
+  std::string username_;
+  std::string password_;
+  std::string captcha_;
+};
+
 // A PSS subtype to inject.
 class ProfileSyncServiceForWizardTest : public ProfileSyncService {
  public:
   ProfileSyncServiceForWizardTest(ProfileSyncComponentsFactory* factory,
                                   Profile* profile,
                                   ProfileSyncService::StartBehavior behavior)
-      : ProfileSyncService(factory, profile, new SigninManager(), behavior),
+      : ProfileSyncService(factory, profile, NULL, behavior),
         user_cancelled_dialog_(false),
         is_using_secondary_passphrase_(false),
         encrypt_everything_(false) {
+    signin_ = &mock_signin_;
     ResetTestStats();
   }
 
   virtual ~ProfileSyncServiceForWizardTest() {}
 
-  virtual void OnUserSubmittedAuth(const std::string& username,
-                                   const std::string& password,
-                                   const std::string& captcha,
-                                   const std::string& access_code) {
-    username_ = username;
-    password_ = password;
-    captcha_ = captcha;
-  }
-
-  virtual void OnUserChoseDatatypes(bool sync_everything,
-                                    syncable::ModelTypeSet chosen_types) {
+  virtual void OnUserChoseDatatypes(
+      bool sync_everything, syncable::ModelTypeSet chosen_types) OVERRIDE {
     user_chose_data_types_ = true;
     chosen_data_types_ = chosen_types;
   }
 
-  virtual void OnUserCancelledDialog() {
+  virtual void OnUserCancelledDialog() OVERRIDE {
     user_cancelled_dialog_ = true;
   }
 
   virtual void SetPassphrase(const std::string& passphrase,
-                             bool is_explicit) {
+                             bool is_explicit) OVERRIDE {
     passphrase_ = passphrase;
   }
 
-  virtual string16 GetAuthenticatedUsername() const {
-    return UTF8ToUTF16(username_);
-  }
-
-  virtual bool IsUsingSecondaryPassphrase() const {
+  virtual bool IsUsingSecondaryPassphrase() const OVERRIDE {
     return is_using_secondary_passphrase_;
   }
 
-  void set_auth_state(const std::string& last_email,
-                      const AuthError& error) {
-    last_attempted_user_email_ = last_email;
-    last_auth_error_ = error;
-  }
-
   void set_last_auth_error(const AuthError& error) {
+    // Set the cached auth error in the SigninManager and ProfileSyncService.
     last_auth_error_ = error;
+    mock_signin_.auth_error_ = error;
   }
 
   void set_is_using_secondary_passphrase(bool secondary) {
@@ -123,11 +137,11 @@ class ProfileSyncServiceForWizardTest : public ProfileSyncService {
     passphrase_required_reason_ = reason;
   }
 
-  virtual bool sync_initialized() const {
+  virtual bool sync_initialized() const OVERRIDE {
     return true;
   }
 
-  virtual bool EncryptEverythingEnabled() const {
+  virtual bool EncryptEverythingEnabled() const OVERRIDE {
     return encrypt_everything_;
   }
 
@@ -136,16 +150,14 @@ class ProfileSyncServiceForWizardTest : public ProfileSyncService {
   }
 
   void ResetTestStats() {
-    username_.clear();
-    password_.clear();
-    captcha_.clear();
+    mock_signin_.ResetTestStats();
     user_cancelled_dialog_ = false;
     user_chose_data_types_ = false;
     keep_everything_synced_ = false;
     chosen_data_types_.Clear();
   }
 
-  virtual void ShowSyncSetup(const std::string& sub_page) {
+  virtual void ShowSyncSetup(const std::string& sub_page) OVERRIDE {
     // Do Nothing.
   }
 
@@ -157,9 +169,7 @@ class ProfileSyncServiceForWizardTest : public ProfileSyncService {
     return &wizard_;
   }
 
-  std::string username_;
-  std::string password_;
-  std::string captcha_;
+  SigninManagerMock mock_signin_;
   bool user_cancelled_dialog_;
   bool user_chose_data_types_;
   bool keep_everything_synced_;
@@ -271,20 +281,21 @@ TEST_F(SyncSetupWizardTest, InitialStepLogin) {
   handler_.HandleSubmitAuth(&credentials);
   EXPECT_TRUE(wizard_->IsVisible());
   EXPECT_EQ(SyncSetupWizard::GAIA_LOGIN, flow_->current_state_);
-  EXPECT_EQ(kTestUser, service_->username_);
-  EXPECT_EQ(kTestPassword, service_->password_);
-  EXPECT_EQ(kTestCaptcha, service_->captcha_);
+  EXPECT_EQ(kTestUser, service_->mock_signin_.username_);
+  EXPECT_EQ(kTestPassword, service_->mock_signin_.password_);
+  EXPECT_EQ(kTestCaptcha, service_->mock_signin_.captcha_);
   EXPECT_FALSE(service_->user_cancelled_dialog_);
   service_->ResetTestStats();
 
   // Simulate failed credentials.
   AuthError invalid_gaia(AuthError::INVALID_GAIA_CREDENTIALS);
-  service_->set_auth_state(kTestUser, invalid_gaia);
+  flow_->last_attempted_user_email_ = kTestUser;
+  service_->set_last_auth_error(invalid_gaia);
   wizard_->Step(SyncSetupWizard::GAIA_LOGIN);
   EXPECT_TRUE(wizard_->IsVisible());
   EXPECT_EQ(SyncSetupWizard::GAIA_LOGIN, flow_->current_state_);
   DictionaryValue dialog_args;
-  SyncSetupFlow::GetArgsForGaiaLogin(service_, &dialog_args);
+  flow_->GetArgsForGaiaLogin(&dialog_args);
   EXPECT_EQ(4U, dialog_args.size());
   std::string actual_user;
   dialog_args.GetString("user", &actual_user);
@@ -292,14 +303,16 @@ TEST_F(SyncSetupWizardTest, InitialStepLogin) {
   int error = -1;
   dialog_args.GetInteger("error", &error);
   EXPECT_EQ(static_cast<int>(AuthError::INVALID_GAIA_CREDENTIALS), error);
-  service_->set_auth_state(kTestUser, AuthError::None());
+  flow_->last_attempted_user_email_ = kTestUser;
+  service_->set_last_auth_error(AuthError::None());
 
   // Simulate captcha.
   AuthError captcha_error(AuthError::FromCaptchaChallenge(
       std::string(), GURL(kTestCaptchaUrl), GURL()));
-  service_->set_auth_state(kTestUser, captcha_error);
+  flow_->last_attempted_user_email_ = kTestUser;
+  service_->set_last_auth_error(captcha_error);
   wizard_->Step(SyncSetupWizard::GAIA_LOGIN);
-  SyncSetupFlow::GetArgsForGaiaLogin(service_, &dialog_args);
+  flow_->GetArgsForGaiaLogin(&dialog_args);
   EXPECT_EQ(4U, dialog_args.size());
   std::string captcha_url;
   dialog_args.GetString("captchaUrl", &captcha_url);
@@ -307,7 +320,8 @@ TEST_F(SyncSetupWizardTest, InitialStepLogin) {
   error = -1;
   dialog_args.GetInteger("error", &error);
   EXPECT_EQ(static_cast<int>(AuthError::CAPTCHA_REQUIRED), error);
-  service_->set_auth_state(kTestUser, AuthError::None());
+  flow_->last_attempted_user_email_ = kTestUser;
+  service_->set_last_auth_error(AuthError::None());
 
   // Simulate success.
   wizard_->Step(SyncSetupWizard::GAIA_SUCCESS);
@@ -419,8 +433,8 @@ TEST_F(SyncSetupWizardTest, DialogCancelled) {
   CloseSetupUI();
   EXPECT_FALSE(wizard_->IsVisible());
   EXPECT_TRUE(service_->user_cancelled_dialog_);
-  EXPECT_EQ(std::string(), service_->username_);
-  EXPECT_EQ(std::string(), service_->password_);
+  EXPECT_EQ(std::string(), service_->mock_signin_.username_);
+  EXPECT_EQ(std::string(), service_->mock_signin_.password_);
 
   wizard_->Step(SyncSetupWizard::GAIA_LOGIN);
   AttachSyncSetupHandler();
@@ -430,8 +444,8 @@ TEST_F(SyncSetupWizardTest, DialogCancelled) {
   CloseSetupUI();
   EXPECT_FALSE(wizard_->IsVisible());
   EXPECT_TRUE(service_->user_cancelled_dialog_);
-  EXPECT_EQ(std::string(), service_->username_);
-  EXPECT_EQ(std::string(), service_->password_);
+  EXPECT_EQ(std::string(), service_->mock_signin_.username_);
+  EXPECT_EQ(std::string(), service_->mock_signin_.password_);
 }
 
 TEST_F(SyncSetupWizardTest, InvalidTransitions) {
@@ -512,12 +526,13 @@ TEST_F(SyncSetupWizardTest, DiscreteRunGaiaLogin) {
   EXPECT_EQ(SyncSetupWizard::GAIA_SUCCESS, flow_->end_state_);
 
   AuthError invalid_gaia(AuthError::INVALID_GAIA_CREDENTIALS);
-  service_->set_auth_state(kTestUser, invalid_gaia);
+  flow_->last_attempted_user_email_ = kTestUser;
+  service_->set_last_auth_error(invalid_gaia);
   wizard_->Step(SyncSetupWizard::GAIA_LOGIN);
   EXPECT_TRUE(wizard_->IsVisible());
 
   DictionaryValue dialog_args;
-  SyncSetupFlow::GetArgsForGaiaLogin(service_, &dialog_args);
+  flow_->GetArgsForGaiaLogin(&dialog_args);
   EXPECT_EQ(4U, dialog_args.size());
   std::string actual_user;
   dialog_args.GetString("user", &actual_user);
@@ -525,7 +540,8 @@ TEST_F(SyncSetupWizardTest, DiscreteRunGaiaLogin) {
   int error = -1;
   dialog_args.GetInteger("error", &error);
   EXPECT_EQ(static_cast<int>(AuthError::INVALID_GAIA_CREDENTIALS), error);
-  service_->set_auth_state(kTestUser, AuthError::None());
+  flow_->last_attempted_user_email_ = kTestUser;
+  service_->set_last_auth_error(AuthError::None());
 
   wizard_->Step(SyncSetupWizard::GAIA_SUCCESS);
 }
@@ -616,7 +632,7 @@ TEST_F(SyncSetupWizardCrosTest, CrosAuthSetup) {
   EXPECT_EQ(SyncSetupWizard::GAIA_SUCCESS, flow_->end_state_);
 
   DictionaryValue dialog_args;
-  SyncSetupFlow::GetArgsForGaiaLogin(service_, &dialog_args);
+  flow_->GetArgsForGaiaLogin(&dialog_args);
   EXPECT_EQ(4U, dialog_args.size());
   std::string actual_user;
   dialog_args.GetString("user", &actual_user);
diff --git a/chrome/browser/sync/test_profile_sync_service.cc b/chrome/browser/sync/test_profile_sync_service.cc
index d126831..f89baf6 100644
--- a/chrome/browser/sync/test_profile_sync_service.cc
+++ b/chrome/browser/sync/test_profile_sync_service.cc
@@ -1,9 +1,10 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/test_profile_sync_service.h"
 
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/abstract_profile_sync_service_test.h"
 #include "chrome/browser/sync/glue/data_type_controller.h"
 #include "chrome/browser/sync/glue/sync_backend_host.h"
@@ -11,7 +12,6 @@
 #include "chrome/browser/sync/js/js_reply_handler.h"
 #include "chrome/browser/sync/profile_sync_components_factory.h"
 #include "chrome/browser/sync/sessions/session_state.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/syncable.h"
 #include "chrome/browser/sync/test/test_http_bridge_factory.h"
@@ -141,7 +141,8 @@ TestProfileSyncService::TestProfileSyncService(
   SetSyncSetupCompleted();
 }
 
-TestProfileSyncService::~TestProfileSyncService() {}
+TestProfileSyncService::~TestProfileSyncService() {
+}
 
 void TestProfileSyncService::SetInitialSyncEndedForAllTypes() {
   UserShare* user_share = GetUserShare();
diff --git a/chrome/browser/ui/auto_login_info_bar_delegate.cc b/chrome/browser/ui/auto_login_info_bar_delegate.cc
index dec7e8a..d91267f 100644
--- a/chrome/browser/ui/auto_login_info_bar_delegate.cc
+++ b/chrome/browser/ui/auto_login_info_bar_delegate.cc
@@ -7,8 +7,8 @@
 #include "base/logging.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/infobars/infobar_tab_helper.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/prefs/pref_service.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/tab_contents/confirm_infobar_delegate.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_switches.h"
diff --git a/chrome/browser/ui/auto_login_prompter.cc b/chrome/browser/ui/auto_login_prompter.cc
index ebfed4c..714ee35 100644
--- a/chrome/browser/ui/auto_login_prompter.cc
+++ b/chrome/browser/ui/auto_login_prompter.cc
@@ -9,11 +9,11 @@
 #include "base/logging.h"
 #include "base/string_split.h"
 #include "chrome/browser/infobars/infobar_tab_helper.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/sync/profile_sync_service.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "chrome/browser/ui/auto_login_info_bar_delegate.h"
 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h"
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc
index df565eb..70e90f2 100644
--- a/chrome/browser/ui/browser.cc
+++ b/chrome/browser/ui/browser.cc
@@ -4346,7 +4346,9 @@ void Browser::Observe(int type,
 
 void Browser::OnStateChanged() {
   DCHECK(profile_->GetProfileSyncService());
-
+  // For unit tests, we don't have a window.
+  if (!window_)
+    return;
   const bool show_main_ui = IsShowingMainUI(window_->IsFullscreen());
   command_updater_.UpdateCommandEnabled(IDC_SYNC_BOOKMARKS,
       show_main_ui && profile_->GetOriginalProfile()->IsSyncAccessible());
diff --git a/chrome/browser/ui/webui/ntp/new_tab_ui_uitest.cc b/chrome/browser/ui/webui/ntp/new_tab_ui_uitest.cc
index 1c42227..0d5f261 100644
--- a/chrome/browser/ui/webui/ntp/new_tab_ui_uitest.cc
+++ b/chrome/browser/ui/webui/ntp/new_tab_ui_uitest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -7,7 +7,7 @@
 #include "base/test/test_timeouts.h"
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/browser/prefs/pref_value_store.h"
-#include "chrome/browser/sync/signin_manager.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/ui/webui/ntp/new_tab_ui.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/json_pref_store.h"
diff --git a/chrome/browser/ui/webui/sync_setup_handler.cc b/chrome/browser/ui/webui/sync_setup_handler.cc
index 87cd078..fc8df6e 100644
--- a/chrome/browser/ui/webui/sync_setup_handler.cc
+++ b/chrome/browser/ui/webui/sync_setup_handler.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -15,9 +15,9 @@
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/profiles/profile_metrics.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/protocol/service_constants.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/sync_setup_flow.h"
 #include "chrome/browser/sync/util/oauth.h"
 #include "chrome/browser/ui/browser_list.h"
@@ -662,10 +662,9 @@ bool SyncSetupHandler::IsLoginAuthDataValid(const std::string& username,
 }
 
 void SyncSetupHandler::ShowLoginErrorMessage(const string16& error_message) {
+  DCHECK(flow_);
   DictionaryValue args;
-  Profile* profile = Profile::FromWebUI(web_ui());
-  ProfileSyncService* service = profile->GetProfileSyncService();
-  SyncSetupFlow::GetArgsForGaiaLogin(service, &args);
+  flow_->GetArgsForGaiaLogin(&args);
   args.SetString("error_message", error_message);
   ShowGaiaLogin(args);
 }
diff --git a/chrome/browser/ui/webui/sync_setup_handler2.cc b/chrome/browser/ui/webui/sync_setup_handler2.cc
index 46aa6e4..c4bf7a7 100644
--- a/chrome/browser/ui/webui/sync_setup_handler2.cc
+++ b/chrome/browser/ui/webui/sync_setup_handler2.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -15,9 +15,9 @@
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/profiles/profile_metrics.h"
+#include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/protocol/service_constants.h"
-#include "chrome/browser/sync/signin_manager.h"
 #include "chrome/browser/sync/syncable/model_type.h"
 #include "chrome/browser/sync/sync_setup_flow.h"
 #include "chrome/browser/sync/util/oauth.h"
@@ -659,10 +659,9 @@ bool SyncSetupHandler2::IsLoginAuthDataValid(const std::string& username,
 }
 
 void SyncSetupHandler2::ShowLoginErrorMessage(const string16& error_message) {
+  DCHECK(flow_);
   DictionaryValue args;
-  Profile* profile = Profile::FromWebUI(web_ui());
-  ProfileSyncService* service = profile->GetProfileSyncService();
-  SyncSetupFlow::GetArgsForGaiaLogin(service, &args);
+  flow_->GetArgsForGaiaLogin(&args);
   args.SetString("error_message", error_message);
   ShowGaiaLogin(args);
 }
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index 9ad2c2e..6c8c5b9 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -1620,8 +1620,6 @@
         'browser/net/gaia/gaia_oauth_consumer.h',
         'browser/net/gaia/gaia_oauth_fetcher.cc',
         'browser/net/gaia/gaia_oauth_fetcher.h',
-        'browser/net/gaia/token_service.cc',
-        'browser/net/gaia/token_service.h',
         'browser/net/load_timing_observer.cc',
         'browser/net/load_timing_observer.h',
         'browser/net/net_log_logger.cc',
@@ -2169,6 +2167,10 @@
         'browser/shell_integration_linux.cc',
         'browser/shell_integration_mac.mm',
         'browser/shell_integration_win.cc',
+        'browser/signin/signin_manager.cc',
+        'browser/signin/signin_manager.h',
+        'browser/signin/token_service.cc',
+        'browser/signin/token_service.h',
         'browser/simple_message_box.h',
         'browser/speech/chrome_speech_input_manager.cc',
         'browser/speech/chrome_speech_input_manager.h',
@@ -2321,8 +2323,6 @@
         'browser/sync/profile_sync_service_observer.h',
         'browser/sync/retry_verifier.cc',
         'browser/sync/retry_verifier.h',
-        'browser/sync/signin_manager.cc',
-        'browser/sync/signin_manager.h',
         'browser/sync/sync_global_error.cc',
         'browser/sync/sync_global_error.h',
         'browser/sync/sync_prefs.cc',
diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi
index c5c97bf..93f691d 100644
--- a/chrome/chrome_tests.gypi
+++ b/chrome/chrome_tests.gypi
@@ -1520,8 +1520,6 @@
         'browser/net/chrome_net_log_unittest.cc',
         'browser/net/connection_tester_unittest.cc',
         'browser/net/gaia/gaia_oauth_fetcher_unittest.cc',
-        'browser/net/gaia/token_service_unittest.cc',
-        'browser/net/gaia/token_service_unittest.h',
         'browser/net/http_server_properties_manager_unittest.cc',
         'browser/net/load_timing_observer_unittest.cc',
         'browser/net/network_stats_unittest.cc',
@@ -1665,6 +1663,11 @@
         'browser/sessions/session_backend_unittest.cc',
         'browser/sessions/session_service_unittest.cc',
         'browser/shell_integration_unittest.cc',
+        'browser/signin/signin_manager_unittest.cc',
+        'browser/signin/signin_manager_fake.cc',
+        'browser/signin/signin_manager_fake.h',
+        'browser/signin/token_service_unittest.cc',
+        'browser/signin/token_service_unittest.h',
         'browser/speech/speech_input_bubble_controller_unittest.cc',
         'browser/spellchecker/spellcheck_platform_mac_unittest.cc',
         'browser/spellchecker/spellcheck_profile_unittest.cc',
@@ -1726,9 +1729,6 @@
         'browser/sync/profile_sync_service_unittest.cc',
         'browser/sync/profile_sync_test_util.cc',
         'browser/sync/profile_sync_test_util.h',
-        'browser/sync/signin_manager_fake.cc',
-        'browser/sync/signin_manager_fake.h',
-        'browser/sync/signin_manager_unittest.cc',
         'browser/sync/sync_global_error_unittest.cc',
         'browser/sync/sync_prefs_unittest.cc',
         'browser/sync/sync_setup_wizard_unittest.cc',
diff --git a/chrome/test/base/testing_profile.cc b/chrome/test/base/testing_profile.cc
index 17ae2c7..3da1348 100644
--- a/chrome/test/base/testing_profile.cc
+++ b/chrome/test/base/testing_profile.cc
@@ -25,7 +25,6 @@
 #include "chrome/browser/history/history.h"
 #include "chrome/browser/history/history_backend.h"
 #include "chrome/browser/history/top_sites.h"
-#include "chrome/browser/net/gaia/token_service.h"
 #include "chrome/browser/net/proxy_service_factory.h"
 #include "chrome/browser/notifications/desktop_notification_service.h"
 #include "chrome/browser/notifications/desktop_notification_service_factory.h"
@@ -36,6 +35,8 @@
 #include "chrome/browser/search_engines/template_url_fetcher.h"
 #include "chrome/browser/search_engines/template_url_service.h"
 #include "chrome/browser/search_engines/template_url_service_factory.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/speech/chrome_speech_input_preferences.h"
 #include "chrome/browser/sync/profile_sync_service_mock.h"
 #include "chrome/browser/ui/find_bar/find_bar_state.h"
@@ -798,6 +799,18 @@ void TestingProfile::BlockUntilHistoryProcessesPendingRequests() {
   MessageLoop::current()->Run();
 }
 
+void TestingProfile::SetSigninManager(SigninManager* signin_manager) {
+  DCHECK(!signin_manager_.get());
+  signin_manager_.reset(signin_manager);
+}
+
+SigninManager* TestingProfile::GetSigninManager() {
+  if (!signin_manager_.get()) {
+    signin_manager_.reset(new SigninManager());
+  }
+  return signin_manager_.get();
+}
+
 TokenService* TestingProfile::GetTokenService() {
   if (!token_service_.get()) {
     token_service_.reset(new TokenService());
diff --git a/chrome/test/base/testing_profile.h b/chrome/test/base/testing_profile.h
index e1909e5..ab99104 100644
--- a/chrome/test/base/testing_profile.h
+++ b/chrome/test/base/testing_profile.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -281,8 +281,12 @@ class TestingProfile : public Profile {
   // history service processes all pending requests.
   void BlockUntilHistoryProcessesPendingRequests();
 
-  // Creates and initializes a profile sync service if the tests require one.
+  // Sets the profile's SigninManager - lets test code provide their own.
+  // TestingProfile takes ownership of the passed pointer.
+  void SetSigninManager(SigninManager* signin_manager);
+  virtual SigninManager* GetSigninManager() OVERRIDE;
   virtual TokenService* GetTokenService() OVERRIDE;
+  // Creates and initializes a profile sync service if the tests require one.
   virtual ProfileSyncService* GetProfileSyncService() OVERRIDE;
   virtual ChromeBlobStorageContext* GetBlobStorageContext() OVERRIDE;
   virtual ExtensionInfoMap* GetExtensionInfoMap() OVERRIDE;
@@ -335,6 +339,9 @@ class TestingProfile : public Profile {
   // is invoked.
   scoped_refptr<ProtocolHandlerRegistry> protocol_handler_registry_;
 
+  // The SigninManager. Created by GetSigninManager.
+  scoped_ptr<SigninManager> signin_manager_;
+
   // The TokenService. Created by CreateTokenService. Filled with dummy data.
   scoped_ptr<TokenService> token_service_;