Make invalidations work for Chrome OS Kiosk Apps.

Kiosk Apps don't have a user logged in, so SigninManager and ProfileOAuth2TokenService don't work. However, Kiosk Apps have access to a device-level robot account for identity. Wire this up with the invalidation code by breaking out the authentication-related pieces into a separate interface and providing implementations both for the regular Profile case as well as Kiosk Apps. The appropriate implementation gets selected by InvalidationServiceFactory. BUG=chromium:269455 Review URL: https://codereview.chromium.org/179843002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258522 0039d316-1c4b-4281-b951-d872f2087c98
author: mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-03-21 11:22:27 +0000
committer: mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-03-21 11:22:27 +0000
commit: 842a39d667e8473411ff8a9eb915dadf82d07f81 (patch)
tree: 7a97dbf842cb88eb9e162bf58135e7a9af61e585
parent: da9a32b9e282c1653bb6b5c1b8c89a1970905f21 (diff)
download: chromium_src-842a39d667e8473411ff8a9eb915dadf82d07f81.zip
chromium_src-842a39d667e8473411ff8a9eb915dadf82d07f81.tar.gz
chromium_src-842a39d667e8473411ff8a9eb915dadf82d07f81.tar.bz2
26 files changed, 519 insertions, 152 deletions
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
index 46d57b6..201758d 100644
--- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
+++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
@@ -756,9 +756,6 @@ void ChromeBrowserMainPartsChromeos::PostMainMessageLoopRun() {
   // Destroy the application name notifier for Kiosk mode.
   KioskModeIdleAppNameNotification::Shutdown();
 
-  // Stops all in-flight OAuth2 token fetchers before the IO thread stops.
-  DeviceOAuth2TokenServiceFactory::Shutdown();
-
   // Shutdown the upgrade detector for Chrome OS. The upgrade detector
   // stops monitoring changes from the update engine.
   if (UpgradeDetectorChromeos::GetInstance())
@@ -835,6 +832,9 @@ void ChromeBrowserMainPartsChromeos::PostMainMessageLoopRun() {
   // Ash needs to be closed before UserManager is destroyed.
   ChromeBrowserMainPartsLinux::PostMainMessageLoopRun();
 
+  // Stops all in-flight OAuth2 token fetchers before the IO thread stops.
+  DeviceOAuth2TokenServiceFactory::Shutdown();
+
   // Called after
   // ChromeBrowserMainPartsLinux::PostMainMessageLoopRun() to be
   // executed after execution of chrome::CloseAsh(), because some
diff --git a/chrome/browser/extensions/api/push_messaging/push_messaging_api.cc b/chrome/browser/extensions/api/push_messaging/push_messaging_api.cc
index bae2028..0cf9f74 100644
--- a/chrome/browser/extensions/api/push_messaging/push_messaging_api.cc
+++ b/chrome/browser/extensions/api/push_messaging/push_messaging_api.cc
@@ -16,13 +16,13 @@
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/token_cache/token_cache_service.h"
 #include "chrome/browser/extensions/token_cache/token_cache_service_factory.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
 #include "chrome/browser/invalidation/invalidation_service.h"
 #include "chrome/browser/invalidation/invalidation_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
-#include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
 #include "chrome/common/extensions/api/push_messaging.h"
 #include "components/signin/core/profile_oauth2_token_service.h"
 #include "content/public/browser/browser_thread.h"
@@ -103,10 +103,10 @@ bool PushMessagingGetChannelIdFunction::RunImpl() {
   AddRef();
 
   if (!IsUserLoggedIn()) {
-    if (interactive_) {
-      ProfileOAuth2TokenServiceFactory::GetForProfile(GetProfile())
-          ->AddObserver(this);
-      LoginUIServiceFactory::GetForProfile(GetProfile())->ShowLoginPopup();
+    invalidation::InvalidationAuthProvider* auth_provider =
+        GetInvalidationAuthProvider();
+    if (interactive_ && auth_provider->ShowLoginUI()) {
+      auth_provider->GetTokenService()->AddObserver(this);
       return true;
     } else {
       error_ = kUserNotSignedIn;
@@ -125,18 +125,16 @@ void PushMessagingGetChannelIdFunction::StartAccessTokenFetch() {
   std::vector<std::string> scope_vector =
       extensions::ObfuscatedGaiaIdFetcher::GetScopes();
   OAuth2TokenService::ScopeSet scopes(scope_vector.begin(), scope_vector.end());
-  ProfileOAuth2TokenService* token_service =
-      ProfileOAuth2TokenServiceFactory::GetForProfile(GetProfile());
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfile(GetProfile());
-  fetcher_access_token_request_ = token_service->StartRequest(
-      signin_manager->GetAuthenticatedAccountId(), scopes, this);
+  invalidation::InvalidationAuthProvider* auth_provider =
+      GetInvalidationAuthProvider();
+  fetcher_access_token_request_ =
+      auth_provider->GetTokenService()->StartRequest(
+          auth_provider->GetAccountId(), scopes, this);
 }
 
 void PushMessagingGetChannelIdFunction::OnRefreshTokenAvailable(
     const std::string& account_id) {
-  ProfileOAuth2TokenServiceFactory::GetForProfile(GetProfile())
-      ->RemoveObserver(this);
+  GetInvalidationAuthProvider()->GetTokenService()->RemoveObserver(this);
   DVLOG(2) << "Newly logged in: " << GetProfile()->GetProfileName();
   StartAccessTokenFetch();
 }
@@ -190,13 +188,11 @@ void PushMessagingGetChannelIdFunction::StartGaiaIdFetch(
 }
 
 // Check if the user is logged in.
-bool PushMessagingGetChannelIdFunction::IsUserLoggedIn() const {
-  ProfileOAuth2TokenService* token_service =
-      ProfileOAuth2TokenServiceFactory::GetForProfile(GetProfile());
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfile(GetProfile());
-  return token_service->RefreshTokenIsAvailable(
-      signin_manager->GetAuthenticatedAccountId());
+bool PushMessagingGetChannelIdFunction::IsUserLoggedIn() {
+  invalidation::InvalidationAuthProvider* auth_provider =
+      GetInvalidationAuthProvider();
+  return auth_provider->GetTokenService()->RefreshTokenIsAvailable(
+      auth_provider->GetAccountId());
 }
 
 void PushMessagingGetChannelIdFunction::ReportResult(
@@ -264,12 +260,7 @@ void PushMessagingGetChannelIdFunction::OnObfuscatedGaiaIdFetchFailure(
     case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
     case GoogleServiceAuthError::ACCOUNT_DELETED:
     case GoogleServiceAuthError::ACCOUNT_DISABLED: {
-      if (interactive_) {
-        LoginUIService* login_ui_service =
-            LoginUIServiceFactory::GetForProfile(GetProfile());
-        // content::NotificationObserver will be called if token is issued.
-        login_ui_service->ShowLoginPopup();
-      } else {
+      if (!interactive_ || !GetInvalidationAuthProvider()->ShowLoginUI()) {
         ReportResult(std::string(), error_text);
       }
       return;
@@ -281,6 +272,12 @@ void PushMessagingGetChannelIdFunction::OnObfuscatedGaiaIdFetchFailure(
   }
 }
 
+invalidation::InvalidationAuthProvider*
+PushMessagingGetChannelIdFunction::GetInvalidationAuthProvider() {
+  return invalidation::InvalidationServiceFactory::GetForProfile(GetProfile())
+      ->GetInvalidationAuthProvider();
+}
+
 PushMessagingAPI::PushMessagingAPI(content::BrowserContext* context)
     : profile_(Profile::FromBrowserContext(context)) {
   registrar_.Add(this, chrome::NOTIFICATION_EXTENSION_INSTALLED,
diff --git a/chrome/browser/extensions/api/push_messaging/push_messaging_api.h b/chrome/browser/extensions/api/push_messaging/push_messaging_api.h
index a00af73..8b02af2 100644
--- a/chrome/browser/extensions/api/push_messaging/push_messaging_api.h
+++ b/chrome/browser/extensions/api/push_messaging/push_messaging_api.h
@@ -27,10 +27,13 @@ namespace content {
 class BrowserContext;
 }
 
+namespace invalidation {
+class InvalidationAuthProvider;
+}
+
 namespace extensions {
 
 class PushMessagingInvalidationMapper;
-class ObfuscatedGaiaIdFetcher;
 
 // Observes a single InvalidationHandler and generates onMessage events.
 class PushMessagingEventRouter
@@ -97,13 +100,17 @@ class PushMessagingGetChannelIdFunction
       const GoogleServiceAuthError& error) OVERRIDE;
 
   // Check if the user is signed into chrome.
-  bool IsUserLoggedIn() const;
+  bool IsUserLoggedIn();
 
   // ObfuscatedGiaiaIdFetcher::Delegate implementation.
   virtual void OnObfuscatedGaiaIdFetchSuccess(const std::string& gaia_id)
       OVERRIDE;
   virtual void OnObfuscatedGaiaIdFetchFailure(
       const GoogleServiceAuthError& error) OVERRIDE;
+
+  // Convenience helper to get the invalidation auth provider.
+  invalidation::InvalidationAuthProvider* GetInvalidationAuthProvider();
+
   scoped_ptr<ObfuscatedGaiaIdFetcher> fetcher_;
   bool interactive_;
   scoped_ptr<OAuth2TokenService::Request> fetcher_access_token_request_;
diff --git a/chrome/browser/extensions/api/push_messaging/push_messaging_invalidation_handler_unittest.cc b/chrome/browser/extensions/api/push_messaging/push_messaging_invalidation_handler_unittest.cc
index 34fb9f2..b0cad99 100644
--- a/chrome/browser/extensions/api/push_messaging/push_messaging_invalidation_handler_unittest.cc
+++ b/chrome/browser/extensions/api/push_messaging/push_messaging_invalidation_handler_unittest.cc
@@ -14,10 +14,10 @@
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-using ::testing::_;
 using ::testing::NotNull;
 using ::testing::SaveArg;
 using ::testing::StrictMock;
+using ::testing::_;
 
 namespace extensions {
 
@@ -38,6 +38,8 @@ class MockInvalidationService : public invalidation::InvalidationService {
   MOCK_METHOD0(GetInvalidationLogger, invalidation::InvalidationLogger*());
   MOCK_METHOD1(RequestDetailedStatus,
                void(base::Callback<void(const base::DictionaryValue&)>));
+  MOCK_METHOD0(GetInvalidationAuthProvider,
+               invalidation::InvalidationAuthProvider*());
 
  private:
   DISALLOW_COPY_AND_ASSIGN(MockInvalidationService);
diff --git a/chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.cc b/chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.cc
new file mode 100644
index 0000000..11aa3c6
--- /dev/null
+++ b/chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.cc
@@ -0,0 +1,27 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.h"
+
+#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
+
+namespace invalidation {
+
+DeviceInvalidationAuthProvider::DeviceInvalidationAuthProvider(
+    chromeos::DeviceOAuth2TokenService* token_service)
+    : token_service_(token_service) {}
+
+DeviceInvalidationAuthProvider::~DeviceInvalidationAuthProvider() {}
+
+std::string DeviceInvalidationAuthProvider::GetAccountId() {
+  return token_service_->GetRobotAccountId();
+}
+
+OAuth2TokenService* DeviceInvalidationAuthProvider::GetTokenService() {
+  return token_service_;
+}
+
+bool DeviceInvalidationAuthProvider::ShowLoginUI() { return false; }
+
+}  // namespace invalidation
diff --git a/chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.h b/chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.h
new file mode 100644
index 0000000..ecd1334
--- /dev/null
+++ b/chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.h
@@ -0,0 +1,37 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_INVALIDATION_DEVICE_INVALIDATION_AUTH_PROVIDER_CHROMEOS_H_
+#define CHROME_BROWSER_INVALIDATION_DEVICE_INVALIDATION_AUTH_PROVIDER_CHROMEOS_H_
+
+#include "base/macros.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
+
+namespace chromeos {
+class DeviceOAuth2TokenService;
+}
+
+namespace invalidation {
+
+// Authentication provider implementation backed by DeviceOAuth2TokenService.
+class DeviceInvalidationAuthProvider : public InvalidationAuthProvider {
+ public:
+  DeviceInvalidationAuthProvider(
+      chromeos::DeviceOAuth2TokenService* token_service);
+  virtual ~DeviceInvalidationAuthProvider();
+
+  // InvalidationAuthProvider:
+  virtual std::string GetAccountId() OVERRIDE;
+  virtual OAuth2TokenService* GetTokenService() OVERRIDE;
+  virtual bool ShowLoginUI() OVERRIDE;
+
+ private:
+  chromeos::DeviceOAuth2TokenService* token_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(DeviceInvalidationAuthProvider);
+};
+
+}  // namespace invalidation
+
+#endif  // CHROME_BROWSER_INVALIDATION_DEVICE_INVALIDATION_AUTH_PROVIDER_CHROMEOS_H_
diff --git a/chrome/browser/invalidation/fake_invalidation_service.cc b/chrome/browser/invalidation/fake_invalidation_service.cc
index 8260ee4..56b41e9 100644
--- a/chrome/browser/invalidation/fake_invalidation_service.cc
+++ b/chrome/browser/invalidation/fake_invalidation_service.cc
@@ -4,11 +4,28 @@
 
 #include "chrome/browser/invalidation/fake_invalidation_service.h"
 
+#include "base/macros.h"
 #include "chrome/browser/invalidation/invalidation_service_util.h"
 #include "sync/notifier/object_id_invalidation_map.h"
 
 namespace invalidation {
 
+FakeInvalidationAuthProvider::FakeInvalidationAuthProvider() {
+  token_service_.set_auto_post_fetch_response_on_message_loop(true);
+}
+
+FakeInvalidationAuthProvider::~FakeInvalidationAuthProvider() {}
+
+OAuth2TokenService* FakeInvalidationAuthProvider::GetTokenService() {
+  return &token_service_;
+}
+
+std::string FakeInvalidationAuthProvider::GetAccountId() {
+  return "fake@example.com";
+}
+
+bool FakeInvalidationAuthProvider::ShowLoginUI() { return false; }
+
 FakeInvalidationService::FakeInvalidationService()
     : client_id_(GenerateInvalidatorClientId()) {
   invalidator_registrar_.UpdateInvalidatorState(syncer::INVALIDATIONS_ENABLED);
@@ -56,6 +73,11 @@ void FakeInvalidationService::RequestDetailedStatus(
   caller.Run(value);
 }
 
+InvalidationAuthProvider*
+FakeInvalidationService::GetInvalidationAuthProvider() {
+  return &auth_provider_;
+}
+
 void FakeInvalidationService::SetInvalidatorState(
     syncer::InvalidatorState state) {
   invalidator_registrar_.UpdateInvalidatorState(state);
diff --git a/chrome/browser/invalidation/fake_invalidation_service.h b/chrome/browser/invalidation/fake_invalidation_service.h
index 5a9a4b7..661c9d0 100644
--- a/chrome/browser/invalidation/fake_invalidation_service.h
+++ b/chrome/browser/invalidation/fake_invalidation_service.h
@@ -10,7 +10,9 @@
 
 #include "base/basictypes.h"
 #include "base/callback_forward.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
 #include "chrome/browser/invalidation/invalidation_service.h"
+#include "chrome/browser/signin/fake_profile_oauth2_token_service.h"
 #include "sync/notifier/invalidator_registrar.h"
 #include "sync/notifier/mock_ack_handler.h"
 
@@ -26,6 +28,27 @@ namespace invalidation {
 
 class InvalidationLogger;
 
+// Fake invalidation auth provider implementation.
+class FakeInvalidationAuthProvider : public InvalidationAuthProvider {
+ public:
+  FakeInvalidationAuthProvider();
+  virtual ~FakeInvalidationAuthProvider();
+
+  // InvalidationAuthProvider:
+  virtual OAuth2TokenService* GetTokenService() OVERRIDE;
+  virtual std::string GetAccountId() OVERRIDE;
+  virtual bool ShowLoginUI() OVERRIDE;
+
+  FakeProfileOAuth2TokenService* fake_token_service() {
+    return &token_service_;
+  }
+
+ private:
+  FakeProfileOAuth2TokenService token_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(FakeInvalidationAuthProvider);
+};
+
 // An InvalidationService that emits invalidations only when
 // its EmitInvalidationForTest method is called.
 class FakeInvalidationService : public InvalidationService {
@@ -48,6 +71,7 @@ class FakeInvalidationService : public InvalidationService {
   virtual InvalidationLogger* GetInvalidationLogger() OVERRIDE;
   virtual void RequestDetailedStatus(
       base::Callback<void(const base::DictionaryValue&)> caller) OVERRIDE;
+  virtual InvalidationAuthProvider* GetInvalidationAuthProvider() OVERRIDE;
 
   void SetInvalidatorState(syncer::InvalidatorState state);
 
@@ -65,6 +89,7 @@ class FakeInvalidationService : public InvalidationService {
   std::string client_id_;
   syncer::InvalidatorRegistrar invalidator_registrar_;
   syncer::MockAckHandler mock_ack_handler_;
+  FakeInvalidationAuthProvider auth_provider_;
 
   DISALLOW_COPY_AND_ASSIGN(FakeInvalidationService);
 };
diff --git a/chrome/browser/invalidation/gcm_invalidation_bridge.cc b/chrome/browser/invalidation/gcm_invalidation_bridge.cc
index 1f63a28..c02282a 100644
--- a/chrome/browser/invalidation/gcm_invalidation_bridge.cc
+++ b/chrome/browser/invalidation/gcm_invalidation_bridge.cc
@@ -7,8 +7,8 @@
 #include "base/single_thread_task_runner.h"
 #include "base/thread_task_runner_handle.h"
 #include "chrome/browser/invalidation/gcm_invalidation_bridge.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
 #include "chrome/browser/services/gcm/gcm_profile_service.h"
-#include "chrome/browser/services/gcm/gcm_profile_service_factory.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
@@ -147,20 +147,17 @@ void GCMInvalidationBridge::Core::OnIncomingMessage(
   message_callback_.Run(message, echo_token);
 }
 
-GCMInvalidationBridge::GCMInvalidationBridge(Profile* profile)
+GCMInvalidationBridge::GCMInvalidationBridge(
+    gcm::GCMProfileService* gcm_profile_service,
+    InvalidationAuthProvider* auth_provider)
     : OAuth2TokenService::Consumer("gcm_network_channel"),
-      profile_(profile),
-      subscribed_for_incoming_messages_(false),
+      gcm_profile_service_(gcm_profile_service),
+      auth_provider_(auth_provider),
       weak_factory_(this) {}
 
 GCMInvalidationBridge::~GCMInvalidationBridge() {
-  if (subscribed_for_incoming_messages_) {
-    gcm::GCMProfileService* gcm_profile_service =
-        gcm::GCMProfileServiceFactory::GetForProfile(profile_);
-    DCHECK(gcm_profile_service);
-
-    gcm_profile_service->RemoveAppHandler(kInvalidationsAppId);
-  }
+  if (subscribed_for_incoming_messages_)
+    gcm_profile_service_->RemoveAppHandler(kInvalidationsAppId);
 }
 
 scoped_ptr<syncer::GCMNetworkChannelDelegate>
@@ -194,15 +191,11 @@ void GCMInvalidationBridge::RequestToken(
                    error,
                    access_token));
   }
-  ProfileOAuth2TokenService* token_service =
-      ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
   request_token_callback_ = callback;
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfile(profile_);
-  std::string account_id = signin_manager->GetAuthenticatedAccountId();
   OAuth2TokenService::ScopeSet scopes;
   scopes.insert(GaiaConstants::kChromeSyncOAuth2Scope);
-  access_token_request_ = token_service->StartRequest(account_id, scopes, this);
+  access_token_request_ = auth_provider_->GetTokenService()->StartRequest(
+      auth_provider_->GetAccountId(), scopes, this);
 }
 
 void GCMInvalidationBridge::OnGetTokenSuccess(
@@ -239,29 +232,23 @@ void GCMInvalidationBridge::OnGetTokenFailure(
 }
 
 void GCMInvalidationBridge::InvalidateToken(const std::string& token) {
-  ProfileOAuth2TokenService* token_service =
-      ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
   DCHECK(CalledOnValidThread());
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfile(profile_);
-  std::string account_id = signin_manager->GetAuthenticatedAccountId();
   OAuth2TokenService::ScopeSet scopes;
   scopes.insert(GaiaConstants::kChromeSyncOAuth2Scope);
-  token_service->InvalidateToken(account_id, scopes, token);
+  auth_provider_->GetTokenService()->InvalidateToken(
+      auth_provider_->GetAccountId(), scopes, token);
 }
 
 void GCMInvalidationBridge::Register(
     syncer::GCMNetworkChannelDelegate::RegisterCallback callback) {
   DCHECK(CalledOnValidThread());
   // No-op if GCMClient is disabled.
-  gcm::GCMProfileService* gcm_profile_service =
-      gcm::GCMProfileServiceFactory::GetForProfile(profile_);
-  if (gcm_profile_service == NULL)
+  if (gcm_profile_service_ == NULL)
     return;
 
   std::vector<std::string> sender_ids;
   sender_ids.push_back(kInvalidationsSenderId);
-  gcm_profile_service->Register(
+  gcm_profile_service_->Register(
       kInvalidationsAppId,
       sender_ids,
       base::Bind(&GCMInvalidationBridge::RegisterFinished,
@@ -285,13 +272,11 @@ void GCMInvalidationBridge::RegisterFinished(
 
 void GCMInvalidationBridge::SubscribeForIncomingMessages() {
   // No-op if GCMClient is disabled.
-  gcm::GCMProfileService* gcm_profile_service =
-      gcm::GCMProfileServiceFactory::GetForProfile(profile_);
-  if (gcm_profile_service == NULL)
+  if (gcm_profile_service_ == NULL)
     return;
 
   DCHECK(!subscribed_for_incoming_messages_);
-  gcm_profile_service->AddAppHandler(kInvalidationsAppId, this);
+  gcm_profile_service_->AddAppHandler(kInvalidationsAppId, this);
   subscribed_for_incoming_messages_ = true;
 }
 
diff --git a/chrome/browser/invalidation/gcm_invalidation_bridge.h b/chrome/browser/invalidation/gcm_invalidation_bridge.h
index 971148b..9bbaf97 100644
--- a/chrome/browser/invalidation/gcm_invalidation_bridge.h
+++ b/chrome/browser/invalidation/gcm_invalidation_bridge.h
@@ -14,14 +14,18 @@
 #include "google_apis/gcm/gcm_client.h"
 #include "sync/notifier/gcm_network_channel_delegate.h"
 
-class Profile;
-
 namespace base {
 class SingleThreadTaskRunner;
 }  // namespace base
 
+namespace gcm {
+class GCMProfileService;
+}  // namespace gcm
+
 namespace invalidation {
 
+class InvalidationAuthProvider;
+
 // GCMInvalidationBridge and GCMInvalidationBridge::Core implement functions
 // needed for GCMNetworkChannel. GCMInvalidationBridge lives on UI thread while
 // Core lives on IO thread. Core implements GCMNetworkChannelDelegate and posts
@@ -33,7 +37,8 @@ class GCMInvalidationBridge : public gcm::GCMAppHandler,
  public:
   class Core;
 
-  explicit GCMInvalidationBridge(Profile* profile);
+  GCMInvalidationBridge(gcm::GCMProfileService* gcm_profile_service,
+                        InvalidationAuthProvider* auth_provider);
   virtual ~GCMInvalidationBridge();
 
   // OAuth2TokenService::Consumer implementation.
@@ -75,9 +80,8 @@ class GCMInvalidationBridge : public gcm::GCMAppHandler,
       gcm::GCMClient::Result result);
 
  private:
-  // GCMInvalidationBridge is owned by TiclInvalidationService therefore it is
-  // expected that profile_ pointer is valid throughout lifetime of this object.
-  Profile* profile_;
+  gcm::GCMProfileService* const gcm_profile_service_;
+  InvalidationAuthProvider* const auth_provider_;
 
   base::WeakPtr<Core> core_;
   scoped_refptr<base::SingleThreadTaskRunner> core_thread_task_runner_;
diff --git a/chrome/browser/invalidation/gcm_invalidation_bridge_unittest.cc b/chrome/browser/invalidation/gcm_invalidation_bridge_unittest.cc
index 76f7926..2a99ec3 100644
--- a/chrome/browser/invalidation/gcm_invalidation_bridge_unittest.cc
+++ b/chrome/browser/invalidation/gcm_invalidation_bridge_unittest.cc
@@ -4,6 +4,7 @@
 
 #include "base/run_loop.h"
 #include "chrome/browser/invalidation/gcm_invalidation_bridge.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
 #include "chrome/browser/services/gcm/gcm_profile_service.h"
 #include "chrome/browser/services/gcm/gcm_profile_service_factory.h"
 #include "chrome/browser/signin/fake_profile_oauth2_token_service.h"
@@ -43,6 +44,27 @@ class FakeGCMProfileService : public gcm::GCMProfileService {
   DISALLOW_COPY_AND_ASSIGN(FakeGCMProfileService);
 };
 
+// Fake invalidation auth provider implementation.
+class FakeInvalidationAuthProvider : public InvalidationAuthProvider {
+ public:
+  explicit FakeInvalidationAuthProvider(
+      ProfileOAuth2TokenService* token_service)
+      : token_service_(token_service) {}
+  virtual ~FakeInvalidationAuthProvider() {}
+
+  // InvalidationAuthProvider:
+  virtual OAuth2TokenService* GetTokenService() OVERRIDE {
+    return token_service_;
+  }
+  virtual std::string GetAccountId() OVERRIDE { return std::string(); }
+  virtual bool ShowLoginUI() OVERRIDE { return false; }
+
+ private:
+  OAuth2TokenService* token_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(FakeInvalidationAuthProvider);
+};
+
 class GCMInvalidationBridgeTest : public ::testing::Test {
  protected:
   GCMInvalidationBridgeTest() {}
@@ -61,12 +83,14 @@ class GCMInvalidationBridgeTest : public ::testing::Test {
     FakeProfileOAuth2TokenService* token_service =
         (FakeProfileOAuth2TokenService*)
         ProfileOAuth2TokenServiceFactory::GetForProfile(profile_.get());
-    token_service->IssueRefreshTokenForUser("", "refresh_token");
+    token_service->IssueRefreshTokenForUser("", "fake_refresh_token");
     gcm_profile_service_ =
         (FakeGCMProfileService*)gcm::GCMProfileServiceFactory::GetForProfile(
             profile_.get());
 
-    bridge_.reset(new GCMInvalidationBridge(profile_.get()));
+    auth_provider_.reset(new FakeInvalidationAuthProvider(token_service));
+    bridge_.reset(
+        new GCMInvalidationBridge(gcm_profile_service_, auth_provider_.get()));
 
     delegate_ = bridge_->CreateDelegate();
     delegate_->Initialize();
@@ -89,6 +113,7 @@ class GCMInvalidationBridgeTest : public ::testing::Test {
   content::TestBrowserThreadBundle thread_bundle_;
   scoped_ptr<Profile> profile_;
   FakeGCMProfileService* gcm_profile_service_;
+  scoped_ptr<FakeInvalidationAuthProvider> auth_provider_;
 
   std::vector<std::string> issued_tokens_;
   std::vector<GoogleServiceAuthError> request_token_errors_;
diff --git a/chrome/browser/invalidation/invalidation_auth_provider.cc b/chrome/browser/invalidation/invalidation_auth_provider.cc
new file mode 100644
index 0000000..d8f495f
--- /dev/null
+++ b/chrome/browser/invalidation/invalidation_auth_provider.cc
@@ -0,0 +1,27 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
+
+namespace invalidation {
+
+InvalidationAuthProvider::Observer::~Observer() {}
+
+InvalidationAuthProvider::~InvalidationAuthProvider() {}
+
+void InvalidationAuthProvider::AddObserver(Observer* observer) {
+  observers_.AddObserver(observer);
+}
+
+void InvalidationAuthProvider::RemoveObserver(Observer* observer) {
+  observers_.RemoveObserver(observer);
+}
+
+InvalidationAuthProvider::InvalidationAuthProvider() {}
+
+void InvalidationAuthProvider::FireInvalidationAuthLogout() {
+  FOR_EACH_OBSERVER(Observer, observers_, OnInvalidationAuthLogout());
+}
+
+}  // namespace invalidation
diff --git a/chrome/browser/invalidation/invalidation_auth_provider.h b/chrome/browser/invalidation/invalidation_auth_provider.h
new file mode 100644
index 0000000..33c1455
--- /dev/null
+++ b/chrome/browser/invalidation/invalidation_auth_provider.h
@@ -0,0 +1,58 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_INVALIDATION_INVALIDATION_AUTH_PROVIDER_H_
+#define CHROME_BROWSER_INVALIDATION_INVALIDATION_AUTH_PROVIDER_H_
+
+#include <string>
+
+#include "base/macros.h"
+#include "base/observer_list.h"
+
+class OAuth2TokenService;
+
+namespace invalidation {
+
+// Encapsulates authentication-related dependencies of InvalidationService
+// implementations so different implementations can be used for regular Profiles
+// and Chrome OS Kiosk Apps.
+class InvalidationAuthProvider {
+ public:
+  class Observer {
+   public:
+    virtual ~Observer();
+
+    // Called when the user logs out.
+    virtual void OnInvalidationAuthLogout() = 0;
+  };
+
+  virtual ~InvalidationAuthProvider();
+
+  // Gets the token service vending tokens for authentication to the cloud.
+  virtual OAuth2TokenService* GetTokenService() = 0;
+
+  // Gets the account ID to use for authentication.
+  virtual std::string GetAccountId() = 0;
+
+  // Shows the login popup, returns true if successful.
+  virtual bool ShowLoginUI() = 0;
+
+  void AddObserver(Observer* observer);
+  void RemoveObserver(Observer* observer);
+
+ protected:
+  InvalidationAuthProvider();
+
+  // Fires an OnInvalidationAuthLogout notification.
+  void FireInvalidationAuthLogout();
+
+ private:
+  ObserverList<Observer, true> observers_;
+
+  DISALLOW_COPY_AND_ASSIGN(InvalidationAuthProvider);
+};
+
+}  // namespace invalidation
+
+#endif  // CHROME_BROWSER_INVALIDATION_INVALIDATION_AUTH_PROVIDER_H_
diff --git a/chrome/browser/invalidation/invalidation_service.h b/chrome/browser/invalidation/invalidation_service.h
index 5683c93..ed026c3 100644
--- a/chrome/browser/invalidation/invalidation_service.h
+++ b/chrome/browser/invalidation/invalidation_service.h
@@ -15,6 +15,7 @@ class InvalidationHandler;
 }  // namespace syncer
 
 namespace invalidation {
+class InvalidationAuthProvider;
 class InvalidationLogger;
 
 // Interface for classes that handle invalidation registrations and send out
@@ -108,6 +109,9 @@ class InvalidationService : public KeyedService {
   virtual void RequestDetailedStatus(
       base::Callback<void(const base::DictionaryValue&)> post_caller) = 0;
 
+  // Returns the authentication provider.
+  virtual InvalidationAuthProvider* GetInvalidationAuthProvider() = 0;
+
  protected:
   virtual ~InvalidationService() { }
 };
diff --git a/chrome/browser/invalidation/invalidation_service_android.cc b/chrome/browser/invalidation/invalidation_service_android.cc
index 8ae87d2..c7bc445 100644
--- a/chrome/browser/invalidation/invalidation_service_android.cc
+++ b/chrome/browser/invalidation/invalidation_service_android.cc
@@ -68,6 +68,11 @@ void InvalidationServiceAndroid::RequestDetailedStatus(
     base::Callback<void(const base::DictionaryValue&)> return_callback) {
 }
 
+InvalidationAuthProvider*
+InvalidationServiceAndroid::GetInvalidationAuthProvider() {
+  return NULL;
+}
+
 void InvalidationServiceAndroid::Observe(
     int type,
     const content::NotificationSource& source,
diff --git a/chrome/browser/invalidation/invalidation_service_android.h b/chrome/browser/invalidation/invalidation_service_android.h
index abb068c..917d9a3 100644
--- a/chrome/browser/invalidation/invalidation_service_android.h
+++ b/chrome/browser/invalidation/invalidation_service_android.h
@@ -20,6 +20,7 @@ class Profile;
 
 namespace invalidation {
 class InvalidationControllerAndroid;
+class InvalidationLogger;
 
 // This InvalidationService is used to deliver invalidations on Android.  The
 // Android operating system has its own mechanisms for delivering invalidations.
@@ -53,6 +54,7 @@ class InvalidationServiceAndroid
   virtual InvalidationLogger* GetInvalidationLogger() OVERRIDE;
   virtual void RequestDetailedStatus(
       base::Callback<void(const base::DictionaryValue&)> caller) OVERRIDE;
+  virtual InvalidationAuthProvider* GetInvalidationAuthProvider() OVERRIDE;
 
   // content::NotificationObserver implementation.
   virtual void Observe(int type,
diff --git a/chrome/browser/invalidation/invalidation_service_factory.cc b/chrome/browser/invalidation/invalidation_service_factory.cc
index 8992429..b0907b5 100644
--- a/chrome/browser/invalidation/invalidation_service_factory.cc
+++ b/chrome/browser/invalidation/invalidation_service_factory.cc
@@ -5,16 +5,19 @@
 #include "chrome/browser/invalidation/invalidation_service_factory.h"
 
 #include "base/prefs/pref_registry.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/invalidation/fake_invalidation_service.h"
 #include "chrome/browser/invalidation/invalidation_service.h"
 #include "chrome/browser/invalidation/invalidation_service_android.h"
 #include "chrome/browser/invalidation/invalidator_storage.h"
+#include "chrome/browser/invalidation/profile_invalidation_auth_provider.h"
 #include "chrome/browser/invalidation/ticl_invalidation_service.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/services/gcm/gcm_profile_service_factory.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
+#include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
 #include "components/keyed_service/content/browser_context_dependency_manager.h"
 #include "components/signin/core/profile_oauth2_token_service.h"
 
@@ -22,6 +25,13 @@
 #include "chrome/browser/invalidation/invalidation_controller_android.h"
 #endif  // defined(OS_ANDROID)
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
+#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
+#include "chrome/browser/invalidation/device_invalidation_auth_provider_chromeos.h"
+#endif
+
 namespace invalidation {
 
 // static
@@ -45,6 +55,7 @@ InvalidationServiceFactory::InvalidationServiceFactory()
   DependsOn(SigninManagerFactory::GetInstance());
   DependsOn(ProfileOAuth2TokenServiceFactory::GetInstance());
   DependsOn(gcm::GCMProfileServiceFactory::GetInstance());
+  DependsOn(LoginUIServiceFactory::GetInstance());
 #endif
 }
 
@@ -63,20 +74,32 @@ KeyedService* InvalidationServiceFactory::BuildServiceInstanceFor(
     return testing_factory_(context);
 
 #if defined(OS_ANDROID)
-  InvalidationServiceAndroid* service = new InvalidationServiceAndroid(
-      profile,
-      new InvalidationControllerAndroid());
-  return service;
+  return new InvalidationServiceAndroid(profile,
+                                        new InvalidationControllerAndroid());
 #else
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfile(profile);
-  ProfileOAuth2TokenService* oauth2_token_service =
-      ProfileOAuth2TokenServiceFactory::GetForProfile(profile);
-
-  TiclInvalidationService* service = new TiclInvalidationService(
-      signin_manager,
-      oauth2_token_service,
-      profile);
+
+  scoped_ptr<InvalidationAuthProvider> auth_provider;
+
+#if defined(OS_CHROMEOS)
+  policy::BrowserPolicyConnectorChromeOS* connector =
+      g_browser_process->platform_part()->browser_policy_connector_chromeos();
+  if (chromeos::UserManager::IsInitialized() &&
+      chromeos::UserManager::Get()->IsLoggedInAsKioskApp() &&
+      connector->IsEnterpriseManaged()) {
+    auth_provider.reset(new DeviceInvalidationAuthProvider(
+        chromeos::DeviceOAuth2TokenServiceFactory::Get()));
+  }
+#endif
+
+  if (!auth_provider) {
+    auth_provider.reset(new ProfileInvalidationAuthProvider(
+        SigninManagerFactory::GetForProfile(profile),
+        ProfileOAuth2TokenServiceFactory::GetForProfile(profile),
+        LoginUIServiceFactory::GetForProfile(profile)));
+  }
+
+  TiclInvalidationService* service =
+      new TiclInvalidationService(auth_provider.Pass(), profile);
   service->Init();
   return service;
 #endif
diff --git a/chrome/browser/invalidation/p2p_invalidation_service.cc b/chrome/browser/invalidation/p2p_invalidation_service.cc
index 7f6dcf1..4ee9f91 100644
--- a/chrome/browser/invalidation/p2p_invalidation_service.cc
+++ b/chrome/browser/invalidation/p2p_invalidation_service.cc
@@ -5,6 +5,7 @@
 #include "chrome/browser/invalidation/p2p_invalidation_service.h"
 
 #include "base/command_line.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
 #include "chrome/browser/invalidation/invalidation_service_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_switches.h"
@@ -18,7 +19,10 @@ class URLRequestContextGetter;
 
 namespace invalidation {
 
-P2PInvalidationService::P2PInvalidationService(Profile* profile) {
+P2PInvalidationService::P2PInvalidationService(
+    Profile* profile,
+    scoped_ptr<InvalidationAuthProvider> auth_provider)
+    : auth_provider_(auth_provider.Pass()) {
   notifier::NotifierOptions notifier_options =
       ParseNotifierOptions(*CommandLine::ForCurrentProcess());
   notifier_options.request_context_getter = profile->GetRequestContext();
@@ -80,4 +84,9 @@ void P2PInvalidationService::RequestDetailedStatus(
   caller.Run(value);
 }
 
+InvalidationAuthProvider*
+P2PInvalidationService::GetInvalidationAuthProvider() {
+  return auth_provider_.get();
+}
+
 }  // namespace invalidation
diff --git a/chrome/browser/invalidation/p2p_invalidation_service.h b/chrome/browser/invalidation/p2p_invalidation_service.h
index f9c993f..0eb7e53 100644
--- a/chrome/browser/invalidation/p2p_invalidation_service.h
+++ b/chrome/browser/invalidation/p2p_invalidation_service.h
@@ -27,7 +27,8 @@ class P2PInvalidationService
     : public base::NonThreadSafe,
       public InvalidationService {
  public:
-  explicit P2PInvalidationService(Profile* profile);
+  P2PInvalidationService(Profile* profile,
+                         scoped_ptr<InvalidationAuthProvider> auth_provider);
   virtual ~P2PInvalidationService();
 
   // Overrides KeyedService method.
@@ -47,6 +48,7 @@ class P2PInvalidationService
   virtual InvalidationLogger* GetInvalidationLogger() OVERRIDE;
   virtual void RequestDetailedStatus(
       base::Callback<void(const base::DictionaryValue&)> caller) OVERRIDE;
+  virtual InvalidationAuthProvider* GetInvalidationAuthProvider() OVERRIDE;
 
   void UpdateCredentials(const std::string& username,
                          const std::string& password);
@@ -54,6 +56,7 @@ class P2PInvalidationService
   void SendInvalidation(const syncer::ObjectIdSet& ids);
 
  private:
+  scoped_ptr<InvalidationAuthProvider> auth_provider_;
   scoped_ptr<syncer::P2PInvalidator> invalidator_;
   std::string invalidator_id_;
 
diff --git a/chrome/browser/invalidation/profile_invalidation_auth_provider.cc b/chrome/browser/invalidation/profile_invalidation_auth_provider.cc
new file mode 100644
index 0000000..8ccfa0e
--- /dev/null
+++ b/chrome/browser/invalidation/profile_invalidation_auth_provider.cc
@@ -0,0 +1,44 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/invalidation/profile_invalidation_auth_provider.h"
+
+#include "chrome/browser/ui/webui/signin/login_ui_service.h"
+#include "components/signin/core/profile_oauth2_token_service.h"
+
+namespace invalidation {
+
+ProfileInvalidationAuthProvider::ProfileInvalidationAuthProvider(
+    SigninManagerBase* signin_manager,
+    ProfileOAuth2TokenService* token_service,
+    LoginUIService* login_ui_service)
+    : signin_manager_(signin_manager),
+      token_service_(token_service),
+      login_ui_service_(login_ui_service) {
+  signin_manager_->AddObserver(this);
+}
+
+ProfileInvalidationAuthProvider::~ProfileInvalidationAuthProvider() {
+  signin_manager_->RemoveObserver(this);
+}
+
+std::string ProfileInvalidationAuthProvider::GetAccountId() {
+  return signin_manager_->GetAuthenticatedAccountId();
+}
+
+OAuth2TokenService* ProfileInvalidationAuthProvider::GetTokenService() {
+  return token_service_;
+}
+
+bool ProfileInvalidationAuthProvider::ShowLoginUI() {
+  login_ui_service_->ShowLoginPopup();
+  return true;
+}
+
+void ProfileInvalidationAuthProvider::GoogleSignedOut(
+    const std::string& username) {
+  FireInvalidationAuthLogout();
+}
+
+}  // namespace invalidation
diff --git a/chrome/browser/invalidation/profile_invalidation_auth_provider.h b/chrome/browser/invalidation/profile_invalidation_auth_provider.h
new file mode 100644
index 0000000..7c8c713
--- /dev/null
+++ b/chrome/browser/invalidation/profile_invalidation_auth_provider.h
@@ -0,0 +1,45 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_INVALIDATION_PROFILE_INVALIDATION_AUTH_PROVIDER_H_
+#define CHROME_BROWSER_INVALIDATION_PROFILE_INVALIDATION_AUTH_PROVIDER_H_
+
+#include "base/macros.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
+#include "chrome/browser/signin/signin_manager_base.h"
+
+class LoginUIService;
+class ProfileOAuth2TokenService;
+
+namespace invalidation {
+
+// An authentication provider implementation that's backed by
+// ProfileOAuth2TokenService and SigninManager.
+class ProfileInvalidationAuthProvider : public InvalidationAuthProvider,
+                                        public SigninManagerBase::Observer {
+ public:
+  ProfileInvalidationAuthProvider(SigninManagerBase* signin_manager,
+                                  ProfileOAuth2TokenService* token_service,
+                                  LoginUIService* login_ui_service);
+  virtual ~ProfileInvalidationAuthProvider();
+
+  // InvalidationAuthProvider:
+  virtual std::string GetAccountId() OVERRIDE;
+  virtual OAuth2TokenService* GetTokenService() OVERRIDE;
+  virtual bool ShowLoginUI() OVERRIDE;
+
+  // SigninManagerBase::Observer:
+  virtual void GoogleSignedOut(const std::string& username) OVERRIDE;
+
+ private:
+  SigninManagerBase* const signin_manager_;
+  ProfileOAuth2TokenService* const token_service_;
+  LoginUIService* const login_ui_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(ProfileInvalidationAuthProvider);
+};
+
+}  // namespace invalidation
+
+#endif  // CHROME_BROWSER_INVALIDATION_PROFILE_INVALIDATION_AUTH_PROVIDER_H_
diff --git a/chrome/browser/invalidation/ticl_invalidation_service.cc b/chrome/browser/invalidation/ticl_invalidation_service.cc
index de13dd7..8da391e 100644
--- a/chrome/browser/invalidation/ticl_invalidation_service.cc
+++ b/chrome/browser/invalidation/ticl_invalidation_service.cc
@@ -7,12 +7,11 @@
 #include "base/command_line.h"
 #include "base/metrics/histogram.h"
 #include "chrome/browser/invalidation/gcm_invalidation_bridge.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
 #include "chrome/browser/invalidation/invalidation_logger.h"
 #include "chrome/browser/invalidation/invalidation_service_util.h"
 #include "chrome/browser/profiles/profile.h"
-#include "chrome/browser/signin/about_signin_internals.h"
-#include "chrome/browser/signin/about_signin_internals_factory.h"
-#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
+#include "chrome/browser/services/gcm/gcm_profile_service_factory.h"
 #include "chrome/common/chrome_content_client.h"
 #include "components/signin/core/profile_oauth2_token_service.h"
 #include "google_apis/gaia/gaia_constants.h"
@@ -58,13 +57,11 @@ static const net::BackoffEntry::Policy kRequestAccessTokenBackoffPolicy = {
 namespace invalidation {
 
 TiclInvalidationService::TiclInvalidationService(
-    SigninManagerBase* signin,
-    ProfileOAuth2TokenService* oauth2_token_service,
+    scoped_ptr<InvalidationAuthProvider> auth_provider,
     Profile* profile)
     : OAuth2TokenService::Consumer("ticl_invalidation"),
       profile_(profile),
-      signin_manager_(signin),
-      oauth2_token_service_(oauth2_token_service),
+      auth_provider_(auth_provider.Pass()),
       invalidator_registrar_(new syncer::InvalidatorRegistrar()),
       request_access_token_backoff_(&kRequestAccessTokenBackoffPolicy),
       logger_() {}
@@ -87,11 +84,8 @@ void TiclInvalidationService::Init() {
     StartInvalidator(PUSH_CLIENT_CHANNEL);
   }
 
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfile(profile_);
-  signin_manager->AddObserver(this);
-
-  oauth2_token_service_->AddObserver(this);
+  auth_provider_->AddObserver(this);
+  auth_provider_->GetTokenService()->AddObserver(this);
 }
 
 void TiclInvalidationService::InitForTest(syncer::Invalidator* invalidator) {
@@ -162,9 +156,9 @@ InvalidationLogger* TiclInvalidationService::GetInvalidationLogger() {
   return &logger_;
 }
 
-void TiclInvalidationService::GoogleSignedOut(const std::string& username) {
-  DCHECK(CalledOnValidThread());
-  Logout();
+InvalidationAuthProvider*
+TiclInvalidationService::GetInvalidationAuthProvider() {
+  return auth_provider_.get();
 }
 
 void TiclInvalidationService::RequestDetailedStatus(
@@ -183,14 +177,12 @@ void TiclInvalidationService::RequestAccessToken() {
     oauth2_scopes.insert(kOAuth2Scopes[i]);
   // Invalidate previous token, otherwise token service will return the same
   // token again.
-  const std::string& account_id = signin_manager_->GetAuthenticatedAccountId();
-  oauth2_token_service_->InvalidateToken(account_id,
-                                         oauth2_scopes,
-                                         access_token_);
+  const std::string& account_id = auth_provider_->GetAccountId();
+  OAuth2TokenService* token_service = auth_provider_->GetTokenService();
+  token_service->InvalidateToken(account_id, oauth2_scopes, access_token_);
   access_token_.clear();
-  access_token_request_ = oauth2_token_service_->StartRequest(account_id,
-                                                              oauth2_scopes,
-                                                              this);
+  access_token_request_ =
+      token_service->StartRequest(account_id, oauth2_scopes, this);
 }
 
 void TiclInvalidationService::OnGetTokenSuccess(
@@ -241,7 +233,7 @@ void TiclInvalidationService::OnGetTokenFailure(
 
 void TiclInvalidationService::OnRefreshTokenAvailable(
     const std::string& account_id) {
-  if (signin_manager_->GetAuthenticatedAccountId() == account_id) {
+  if (auth_provider_->GetAccountId() == account_id) {
     if (!IsStarted() && IsReadyToStart()) {
       StartInvalidator(PUSH_CLIENT_CHANNEL);
     }
@@ -250,7 +242,7 @@ void TiclInvalidationService::OnRefreshTokenAvailable(
 
 void TiclInvalidationService::OnRefreshTokenRevoked(
     const std::string& account_id) {
-  if (signin_manager_->GetAuthenticatedAccountId() == account_id) {
+  if (auth_provider_->GetAccountId() == account_id) {
     access_token_.clear();
     if (IsStarted()) {
       UpdateInvalidatorCredentials();
@@ -258,6 +250,21 @@ void TiclInvalidationService::OnRefreshTokenRevoked(
   }
 }
 
+void TiclInvalidationService::OnInvalidationAuthLogout() {
+  access_token_request_.reset();
+  request_access_token_retry_timer_.Stop();
+
+  if (IsStarted()) {
+    StopInvalidator();
+  }
+
+  // This service always expects to have a valid invalidator storage.
+  // So we must not only clear the old one, but also start a new one.
+  invalidator_storage_->Clear();
+  invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs()));
+  invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId());
+}
+
 void TiclInvalidationService::OnInvalidatorStateChange(
     syncer::InvalidatorState state) {
   if (state == syncer::INVALIDATION_CREDENTIALS_REJECTED) {
@@ -291,10 +298,8 @@ std::string TiclInvalidationService::GetOwnerName() const { return "TICL"; }
 
 void TiclInvalidationService::Shutdown() {
   DCHECK(CalledOnValidThread());
-  SigninManagerBase* signin_manager =
-      SigninManagerFactory::GetForProfile(profile_);
-  signin_manager->RemoveObserver(this);
-  oauth2_token_service_->RemoveObserver(this);
+  auth_provider_->GetTokenService()->RemoveObserver(this);
+  auth_provider_->RemoveObserver(this);
   if (IsStarted()) {
     StopInvalidator();
   }
@@ -308,20 +313,20 @@ bool TiclInvalidationService::IsReadyToStart() {
     return false;
   }
 
-  if (signin_manager_->GetAuthenticatedUsername().empty()) {
+  if (auth_provider_->GetAccountId().empty()) {
     DVLOG(2) << "Not starting TiclInvalidationService: User is not signed in.";
     return false;
   }
 
-  if (!oauth2_token_service_) {
+  OAuth2TokenService* token_service = auth_provider_->GetTokenService();
+  if (!token_service) {
     DVLOG(2)
         << "Not starting TiclInvalidationService: "
         << "OAuth2TokenService unavailable.";
     return false;
   }
 
-  if (!oauth2_token_service_->RefreshTokenIsAvailable(
-          signin_manager_->GetAuthenticatedAccountId())) {
+  if (!token_service->RefreshTokenIsAvailable(auth_provider_->GetAccountId())) {
     DVLOG(2)
         << "Not starting TiclInvalidationServce: Waiting for refresh token.";
     return false;
@@ -367,7 +372,10 @@ void TiclInvalidationService::StartInvalidator(
       break;
     }
     case GCM_NETWORK_CHANNEL: {
-      gcm_invalidation_bridge_.reset(new GCMInvalidationBridge(profile_));
+      gcm::GCMProfileService* gcm_profile_service =
+          gcm::GCMProfileServiceFactory::GetForProfile(profile_);
+      gcm_invalidation_bridge_.reset(
+          new GCMInvalidationBridge(gcm_profile_service, auth_provider_.get()));
       network_channel_creator =
           syncer::NonBlockingInvalidator::MakeGCMNetworkChannelCreator(
               profile_->GetRequestContext(),
@@ -398,7 +406,7 @@ void TiclInvalidationService::StartInvalidator(
 }
 
 void TiclInvalidationService::UpdateInvalidatorCredentials() {
-  std::string email = signin_manager_->GetAuthenticatedUsername();
+  std::string email = auth_provider_->GetAccountId();
 
   DCHECK(!email.empty()) << "Expected user to be signed in.";
 
@@ -413,19 +421,4 @@ void TiclInvalidationService::StopInvalidator() {
   invalidator_.reset();
 }
 
-void TiclInvalidationService::Logout() {
-  access_token_request_.reset();
-  request_access_token_retry_timer_.Stop();
-
-  if (IsStarted()) {
-    StopInvalidator();
-  }
-
-  // This service always expects to have a valid invalidator storage.
-  // So we must not only clear the old one, but also start a new one.
-  invalidator_storage_->Clear();
-  invalidator_storage_.reset(new InvalidatorStorage(profile_->GetPrefs()));
-  invalidator_storage_->SetInvalidatorClientId(GenerateInvalidatorClientId());
-}
-
 }  // namespace invalidation
diff --git a/chrome/browser/invalidation/ticl_invalidation_service.h b/chrome/browser/invalidation/ticl_invalidation_service.h
index c5c2c53..c28e585 100644
--- a/chrome/browser/invalidation/ticl_invalidation_service.h
+++ b/chrome/browser/invalidation/ticl_invalidation_service.h
@@ -5,13 +5,15 @@
 #ifndef CHROME_BROWSER_INVALIDATION_TICL_INVALIDATION_SERVICE_H_
 #define CHROME_BROWSER_INVALIDATION_TICL_INVALIDATION_SERVICE_H_
 
+#include <string>
+
 #include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/timer/timer.h"
+#include "chrome/browser/invalidation/invalidation_auth_provider.h"
 #include "chrome/browser/invalidation/invalidation_logger.h"
 #include "chrome/browser/invalidation/invalidation_service.h"
 #include "chrome/browser/invalidation/invalidator_storage.h"
-#include "chrome/browser/signin/signin_manager.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "components/signin/core/profile_oauth2_token_service.h"
 #include "google_apis/gaia/oauth2_token_service.h"
@@ -34,11 +36,10 @@ class TiclInvalidationService : public base::NonThreadSafe,
                                 public InvalidationService,
                                 public OAuth2TokenService::Consumer,
                                 public OAuth2TokenService::Observer,
-                                public SigninManagerBase::Observer,
+                                public InvalidationAuthProvider::Observer,
                                 public syncer::InvalidationHandler {
  public:
-  TiclInvalidationService(SigninManagerBase* signin,
-                          ProfileOAuth2TokenService* oauth2_token_service,
+  TiclInvalidationService(scoped_ptr<InvalidationAuthProvider> auth_provider,
                           Profile* profile);
   virtual ~TiclInvalidationService();
 
@@ -58,6 +59,7 @@ class TiclInvalidationService : public base::NonThreadSafe,
   virtual InvalidationLogger* GetInvalidationLogger() OVERRIDE;
   virtual void RequestDetailedStatus(
       base::Callback<void(const base::DictionaryValue&)> caller) OVERRIDE;
+  virtual InvalidationAuthProvider* GetInvalidationAuthProvider() OVERRIDE;
 
   void RequestAccessToken();
 
@@ -74,8 +76,8 @@ class TiclInvalidationService : public base::NonThreadSafe,
   virtual void OnRefreshTokenAvailable(const std::string& account_id) OVERRIDE;
   virtual void OnRefreshTokenRevoked(const std::string& account_id) OVERRIDE;
 
-  // SigninManagerBase::Observer implementation.
-  virtual void GoogleSignedOut(const std::string& username) OVERRIDE;
+  // InvalidationAuthProvider::Observer implementation.
+  virtual void OnInvalidationAuthLogout() OVERRIDE;
 
   // syncer::InvalidationHandler implementation.
   virtual void OnInvalidatorStateChange(
@@ -105,11 +107,9 @@ class TiclInvalidationService : public base::NonThreadSafe,
   void StartInvalidator(InvalidationNetworkChannel network_channel);
   void UpdateInvalidatorCredentials();
   void StopInvalidator();
-  void Logout();
 
   Profile *const profile_;
-  SigninManagerBase *const signin_manager_;
-  ProfileOAuth2TokenService *const oauth2_token_service_;
+  scoped_ptr<InvalidationAuthProvider> auth_provider_;
 
   scoped_ptr<syncer::InvalidatorRegistrar> invalidator_registrar_;
   scoped_ptr<InvalidatorStorage> invalidator_storage_;
diff --git a/chrome/browser/invalidation/ticl_invalidation_service_unittest.cc b/chrome/browser/invalidation/ticl_invalidation_service_unittest.cc
index 64379ec..f86dc5a 100644
--- a/chrome/browser/invalidation/ticl_invalidation_service_unittest.cc
+++ b/chrome/browser/invalidation/ticl_invalidation_service_unittest.cc
@@ -6,7 +6,10 @@
 
 #include "chrome/browser/invalidation/invalidation_service_factory.h"
 #include "chrome/browser/invalidation/invalidation_service_test_template.h"
+#include "chrome/browser/invalidation/profile_invalidation_auth_provider.h"
 #include "chrome/browser/signin/fake_profile_oauth2_token_service.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/test/base/testing_profile.h"
 #include "sync/notifier/fake_invalidation_handler.h"
 #include "sync/notifier/fake_invalidator.h"
@@ -27,10 +30,13 @@ class TiclInvalidationServiceTestDelegate {
     fake_invalidator_ = new syncer::FakeInvalidator();
     profile_.reset(new TestingProfile());
     token_service_.reset(new FakeProfileOAuth2TokenService);
-    invalidation_service_.reset(
-        new TiclInvalidationService(NULL,
-                                    token_service_.get(),
-                                    profile_.get()));
+    invalidation_service_.reset(new TiclInvalidationService(
+        scoped_ptr<InvalidationAuthProvider>(
+            new ProfileInvalidationAuthProvider(
+                SigninManagerFactory::GetForProfile(profile_.get()),
+                token_service_.get(),
+                NULL)),
+        profile_.get()));
     invalidation_service_->InitForTest(fake_invalidator_);
   }
 
@@ -52,9 +58,9 @@ class TiclInvalidationServiceTestDelegate {
   }
 
   syncer::FakeInvalidator* fake_invalidator_;  // owned by the service.
-  scoped_ptr<TiclInvalidationService> invalidation_service_;
   scoped_ptr<TestingProfile> profile_;
   scoped_ptr<FakeProfileOAuth2TokenService> token_service_;
+  scoped_ptr<TiclInvalidationService> invalidation_service_;
 };
 
 INSTANTIATE_TYPED_TEST_CASE_P(
diff --git a/chrome/browser/sync/test/integration/sync_test.cc b/chrome/browser/sync/test/integration/sync_test.cc
index c133b3b..fb7953b 100644
--- a/chrome/browser/sync/test/integration/sync_test.cc
+++ b/chrome/browser/sync/test/integration/sync_test.cc
@@ -25,11 +25,15 @@
 #include "chrome/browser/history/history_service_factory.h"
 #include "chrome/browser/invalidation/invalidation_service_factory.h"
 #include "chrome/browser/invalidation/p2p_invalidation_service.h"
+#include "chrome/browser/invalidation/profile_invalidation_auth_provider.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/search_engines/template_url_service.h"
 #include "chrome/browser/search_engines/template_url_service_factory.h"
+#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/browser/sync/test/integration/profile_sync_service_harness.h"
 #include "chrome/browser/sync/test/integration/sync_datatype_helper.h"
@@ -37,6 +41,7 @@
 #include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/host_desktop.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/test/base/testing_browser_process.h"
@@ -107,7 +112,13 @@ void SetProxyConfigCallback(
 
 KeyedService* BuildP2PInvalidationService(content::BrowserContext* context) {
   Profile* profile = static_cast<Profile*>(context);
-  return new invalidation::P2PInvalidationService(profile);
+  return new invalidation::P2PInvalidationService(
+      profile,
+      scoped_ptr<invalidation::InvalidationAuthProvider>(
+          new invalidation::ProfileInvalidationAuthProvider(
+              SigninManagerFactory::GetForProfile(profile),
+              ProfileOAuth2TokenServiceFactory::GetForProfile(profile),
+              LoginUIServiceFactory::GetForProfile(profile))));
 }
 
 SyncTest::SyncTest(TestType test_type)
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index 281b759..6ed95e1 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -982,12 +982,16 @@
         'browser/internal_auth.h',
         'browser/intranet_redirect_detector.cc',
         'browser/intranet_redirect_detector.h',
-        'browser/invalidation/invalidation_logger.cc',
-        'browser/invalidation/invalidation_logger.h',
+        'browser/invalidation/device_invalidation_auth_provider_chromeos.cc',
+        'browser/invalidation/device_invalidation_auth_provider_chromeos.h',
         'browser/invalidation/gcm_invalidation_bridge.cc',
         'browser/invalidation/gcm_invalidation_bridge.h',
+        'browser/invalidation/invalidation_auth_provider.cc',
+        'browser/invalidation/invalidation_auth_provider.h',
         'browser/invalidation/invalidation_controller_android.cc',
         'browser/invalidation/invalidation_controller_android.h',
+        'browser/invalidation/invalidation_logger.cc',
+        'browser/invalidation/invalidation_logger.h',
         'browser/invalidation/invalidation_service.h',
         'browser/invalidation/invalidation_service_android.cc',
         'browser/invalidation/invalidation_service_android.h',
@@ -997,6 +1001,8 @@
         'browser/invalidation/invalidation_service_util.h',
         'browser/invalidation/invalidator_storage.cc',
         'browser/invalidation/invalidator_storage.h',
+        'browser/invalidation/profile_invalidation_auth_provider.cc',
+        'browser/invalidation/profile_invalidation_auth_provider.h',
         'browser/invalidation/ticl_invalidation_service.cc',
         'browser/invalidation/ticl_invalidation_service.h',
         'browser/io_thread.cc',
author	mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-03-21 11:22:27 +0000
committer	mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-03-21 11:22:27 +0000
commit	842a39d667e8473411ff8a9eb915dadf82d07f81 (patch)
tree	7a97dbf842cb88eb9e162bf58135e7a9af61e585
parent	da9a32b9e282c1653bb6b5c1b8c89a1970905f21 (diff)
download	chromium_src-842a39d667e8473411ff8a9eb915dadf82d07f81.zip chromium_src-842a39d667e8473411ff8a9eb915dadf82d07f81.tar.gz chromium_src-842a39d667e8473411ff8a9eb915dadf82d07f81.tar.bz2