Refactor AO2TS to make it easier to componentize

This cl is dedicated to refactor token service to make it easier to componentize. It introduces a new class OAuth2TokenServiceDelegate for each platform to implement it. OAuth2TokenService and its subclasses will call into platform specific delegate and the user can get that delegate through public interface GetDelegate() of OAuth2TokenService.

BUG=490882

Review URL: https://codereview.chromium.org/1143323005

Cr-Commit-Position: refs/heads/master@{#337248}

12 files changed, 526 insertions, 255 deletions

diff --git a/google_apis/gaia/fake_oauth2_token_service.cc b/google_apis/gaia/fake_oauth2_token_service.cc
index adff32d..55b5cd5 100644
--- a/google_apis/gaia/fake_oauth2_token_service.cc
+++ b/google_apis/gaia/fake_oauth2_token_service.cc
@@ -10,16 +10,13 @@ FakeOAuth2TokenService::PendingRequest::PendingRequest() {
 FakeOAuth2TokenService::PendingRequest::~PendingRequest() {
 }
 
-FakeOAuth2TokenService::FakeOAuth2TokenService() : request_context_(NULL) {
+FakeOAuth2TokenService::FakeOAuth2TokenService()
+    : OAuth2TokenService(new FakeOAuth2TokenServiceDelegate(nullptr)) {
 }
 
 FakeOAuth2TokenService::~FakeOAuth2TokenService() {
 }
 
-std::vector<std::string> FakeOAuth2TokenService::GetAccounts() {
-  return std::vector<std::string>(account_ids_.begin(), account_ids_.end());
-}
-
 void FakeOAuth2TokenService::FetchOAuth2Token(
     RequestImpl* request,
     const std::string& account_id,
@@ -36,30 +33,19 @@ void FakeOAuth2TokenService::FetchOAuth2Token(
   pending_requests_.push_back(pending_request);
 }
 
-void FakeOAuth2TokenService::InvalidateOAuth2Token(
+void FakeOAuth2TokenService::InvalidateAccessTokenImpl(
     const std::string& account_id,
     const std::string& client_id,
     const ScopeSet& scopes,
     const std::string& access_token) {
 }
 
-net::URLRequestContextGetter* FakeOAuth2TokenService::GetRequestContext() {
-  return request_context_;
-}
-
-bool FakeOAuth2TokenService::RefreshTokenIsAvailable(
-    const std::string& account_id) const {
-  return account_ids_.count(account_id) != 0;
-};
-
 void FakeOAuth2TokenService::AddAccount(const std::string& account_id) {
-  account_ids_.insert(account_id);
-  FireRefreshTokenAvailable(account_id);
+  GetDelegate()->UpdateCredentials(account_id, "fake_refresh_token");
 }
 
 void FakeOAuth2TokenService::RemoveAccount(const std::string& account_id) {
-  account_ids_.erase(account_id);
-  FireRefreshTokenRevoked(account_id);
+  GetDelegate()->RevokeCredentials(account_id);
 }
 
 void FakeOAuth2TokenService::IssueAllTokensForAccount(
@@ -96,12 +82,7 @@ void FakeOAuth2TokenService::IssueErrorForAllPendingRequestsForAccount(
   }
 }
 
-OAuth2AccessTokenFetcher* FakeOAuth2TokenService::CreateAccessTokenFetcher(
-    const std::string& account_id,
-    net::URLRequestContextGetter* getter,
-    OAuth2AccessTokenConsumer* consumer) {
-  // |FakeOAuth2TokenService| overrides |FetchOAuth2Token| and thus
-  // |CreateAccessTokenFetcher| should never be called.
-  NOTREACHED();
-  return NULL;
+FakeOAuth2TokenServiceDelegate*
+FakeOAuth2TokenService::GetFakeOAuth2TokenServiceDelegate() {
+  return static_cast<FakeOAuth2TokenServiceDelegate*>(GetDelegate());
 }
diff --git a/google_apis/gaia/fake_oauth2_token_service.h b/google_apis/gaia/fake_oauth2_token_service.h
index ffe7b6a..77be353 100644
--- a/google_apis/gaia/fake_oauth2_token_service.h
+++ b/google_apis/gaia/fake_oauth2_token_service.h
@@ -5,11 +5,7 @@
 #ifndef GOOGLE_APIS_GAIA_FAKE_OAUTH2_TOKEN_SERVICE_H_
 #define GOOGLE_APIS_GAIA_FAKE_OAUTH2_TOKEN_SERVICE_H_
 
-#include <set>
-#include <string>
-
-#include "base/compiler_specific.h"
-#include "base/memory/weak_ptr.h"
+#include "google_apis/gaia/fake_oauth2_token_service_delegate.h"
 #include "google_apis/gaia/oauth2_token_service.h"
 
 namespace net {
@@ -22,8 +18,6 @@ class FakeOAuth2TokenService : public OAuth2TokenService {
   FakeOAuth2TokenService();
   ~FakeOAuth2TokenService() override;
 
-  std::vector<std::string> GetAccounts() override;
-
   void AddAccount(const std::string& account_id);
   void RemoveAccount(const std::string& account_id);
 
@@ -36,9 +30,7 @@ class FakeOAuth2TokenService : public OAuth2TokenService {
       const std::string& account_id,
       const GoogleServiceAuthError& auth_error);
 
-  void set_request_context(net::URLRequestContextGetter* request_context) {
-    request_context_ = request_context;
-  }
+  FakeOAuth2TokenServiceDelegate* GetFakeOAuth2TokenServiceDelegate();
 
  protected:
   // OAuth2TokenService overrides.
@@ -49,12 +41,10 @@ class FakeOAuth2TokenService : public OAuth2TokenService {
                         const std::string& client_secret,
                         const ScopeSet& scopes) override;
 
-  void InvalidateOAuth2Token(const std::string& account_id,
-                             const std::string& client_id,
-                             const ScopeSet& scopes,
-                             const std::string& access_token) override;
-
-  bool RefreshTokenIsAvailable(const std::string& account_id) const override;
+  void InvalidateAccessTokenImpl(const std::string& account_id,
+                                 const std::string& client_id,
+                                 const ScopeSet& scopes,
+                                 const std::string& access_token) override;
 
  private:
   struct PendingRequest {
@@ -68,19 +58,8 @@ class FakeOAuth2TokenService : public OAuth2TokenService {
     base::WeakPtr<RequestImpl> request;
   };
 
-  // OAuth2TokenService overrides.
-  net::URLRequestContextGetter* GetRequestContext() override;
-
-  OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
-      const std::string& account_id,
-      net::URLRequestContextGetter* getter,
-      OAuth2AccessTokenConsumer* consumer) override;
-
-  std::set<std::string> account_ids_;
   std::vector<PendingRequest> pending_requests_;
 
-  net::URLRequestContextGetter* request_context_;  // weak
-
   DISALLOW_COPY_AND_ASSIGN(FakeOAuth2TokenService);
 };
 
diff --git a/google_apis/gaia/fake_oauth2_token_service_delegate.cc b/google_apis/gaia/fake_oauth2_token_service_delegate.cc
new file mode 100644
index 0000000..580025c
--- /dev/null
+++ b/google_apis/gaia/fake_oauth2_token_service_delegate.cc
@@ -0,0 +1,93 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "google_apis/gaia/fake_oauth2_token_service_delegate.h"
+#include "google_apis/gaia/oauth2_access_token_fetcher_impl.h"
+
+FakeOAuth2TokenServiceDelegate::FakeOAuth2TokenServiceDelegate(
+    net::URLRequestContextGetter* request_context)
+    : request_context_(request_context) {
+}
+
+FakeOAuth2TokenServiceDelegate::~FakeOAuth2TokenServiceDelegate() {
+}
+
+OAuth2AccessTokenFetcher*
+FakeOAuth2TokenServiceDelegate::CreateAccessTokenFetcher(
+    const std::string& account_id,
+    net::URLRequestContextGetter* getter,
+    OAuth2AccessTokenConsumer* consumer) {
+  std::map<std::string, std::string>::const_iterator it =
+      refresh_tokens_.find(account_id);
+  DCHECK(it != refresh_tokens_.end());
+  std::string refresh_token(it->second);
+  return new OAuth2AccessTokenFetcherImpl(consumer, getter, refresh_token);
+}
+
+bool FakeOAuth2TokenServiceDelegate::RefreshTokenIsAvailable(
+    const std::string& account_id) const {
+  return !GetRefreshToken(account_id).empty();
+}
+
+std::string FakeOAuth2TokenServiceDelegate::GetRefreshToken(
+    const std::string& account_id) const {
+  std::map<std::string, std::string>::const_iterator it =
+      refresh_tokens_.find(account_id);
+  if (it != refresh_tokens_.end())
+    return it->second;
+  return std::string();
+}
+
+std::vector<std::string> FakeOAuth2TokenServiceDelegate::GetAccounts() {
+  std::vector<std::string> account_ids;
+  for (std::map<std::string, std::string>::const_iterator iter =
+           refresh_tokens_.begin();
+       iter != refresh_tokens_.end(); ++iter) {
+    account_ids.push_back(iter->first);
+  }
+  return account_ids;
+}
+
+void FakeOAuth2TokenServiceDelegate::RevokeAllCredentials() {
+  std::vector<std::string> account_ids = GetAccounts();
+  for (std::vector<std::string>::const_iterator it = account_ids.begin();
+       it != account_ids.end(); it++) {
+    RevokeCredentials(*it);
+  }
+}
+
+void FakeOAuth2TokenServiceDelegate::LoadCredentials(
+    const std::string& primary_account_id) {
+  FireRefreshTokensLoaded();
+}
+
+void FakeOAuth2TokenServiceDelegate::UpdateCredentials(
+    const std::string& account_id,
+    const std::string& refresh_token) {
+  IssueRefreshTokenForUser(account_id, refresh_token);
+}
+
+void FakeOAuth2TokenServiceDelegate::IssueRefreshTokenForUser(
+    const std::string& account_id,
+    const std::string& token) {
+  ScopedBatchChange batch(this);
+  if (token.empty()) {
+    refresh_tokens_.erase(account_id);
+    FireRefreshTokenRevoked(account_id);
+  } else {
+    refresh_tokens_[account_id] = token;
+    FireRefreshTokenAvailable(account_id);
+    // TODO(atwilson): Maybe we should also call FireRefreshTokensLoaded() here?
+  }
+}
+
+void FakeOAuth2TokenServiceDelegate::RevokeCredentials(
+    const std::string& account_id) {
+  IssueRefreshTokenForUser(account_id, std::string());
+}
+
+net::URLRequestContextGetter*
+FakeOAuth2TokenServiceDelegate::GetRequestContext() const {
+  return request_context_.get();
+}
diff --git a/google_apis/gaia/fake_oauth2_token_service_delegate.h b/google_apis/gaia/fake_oauth2_token_service_delegate.h
new file mode 100644
index 0000000..d75a22f
--- /dev/null
+++ b/google_apis/gaia/fake_oauth2_token_service_delegate.h
@@ -0,0 +1,51 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SIGNIN_FAKE_OAUTH2_TOKEN_SERVICE_DELEGATE_H_
+#define CHROME_BROWSER_SIGNIN_FAKE_OAUTH2_TOKEN_SERVICE_DELEGATE_H_
+
+#include "google_apis/gaia/oauth2_token_service_delegate.h"
+#include "net/url_request/url_request_context_getter.h"
+
+class FakeOAuth2TokenServiceDelegate : public OAuth2TokenServiceDelegate {
+ public:
+  FakeOAuth2TokenServiceDelegate(net::URLRequestContextGetter* request_context);
+  ~FakeOAuth2TokenServiceDelegate() override;
+
+  OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
+      const std::string& account_id,
+      net::URLRequestContextGetter* getter,
+      OAuth2AccessTokenConsumer* consumer) override;
+
+  // Overriden to make sure it works on Android.
+  bool RefreshTokenIsAvailable(const std::string& account_id) const override;
+
+  std::vector<std::string> GetAccounts() override;
+  void RevokeAllCredentials() override;
+
+  void LoadCredentials(const std::string& primary_account_id) override;
+
+  void UpdateCredentials(const std::string& account_id,
+                         const std::string& refresh_token) override;
+  void RevokeCredentials(const std::string& account_id) override;
+
+  net::URLRequestContextGetter* GetRequestContext() const override;
+
+  void set_request_context(net::URLRequestContextGetter* request_context) {
+    request_context_ = request_context;
+  }
+
+ private:
+  void IssueRefreshTokenForUser(const std::string& account_id,
+                                const std::string& token);
+  std::string GetRefreshToken(const std::string& account_id) const;
+
+  // Maps account ids to their refresh token strings.
+  std::map<std::string, std::string> refresh_tokens_;
+
+  scoped_refptr<net::URLRequestContextGetter> request_context_;
+
+  DISALLOW_COPY_AND_ASSIGN(FakeOAuth2TokenServiceDelegate);
+};
+#endif
diff --git a/google_apis/gaia/oauth2_token_service.cc b/google_apis/gaia/oauth2_token_service.cc
index f2a163d..01e5d96 100644
--- a/google_apis/gaia/oauth2_token_service.cc
+++ b/google_apis/gaia/oauth2_token_service.cc
@@ -18,6 +18,7 @@
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h"
+#include "google_apis/gaia/oauth2_token_service_delegate.h"
 #include "net/url_request/url_request_context_getter.h"
 
 int OAuth2TokenService::max_fetch_retry_num_ = 5;
@@ -79,16 +80,6 @@ void OAuth2TokenService::RequestImpl::InformConsumer(
     consumer_->OnGetTokenFailure(this, error);
 }
 
-OAuth2TokenService::ScopedBatchChange::ScopedBatchChange(
-    OAuth2TokenService* token_service) : token_service_(token_service) {
-  DCHECK(token_service_);
-  token_service_->StartBatchChanges();
-}
-
-OAuth2TokenService::ScopedBatchChange::~ScopedBatchChange() {
-  token_service_->EndBatchChanges();
-}
-
 // Class that fetches an OAuth2 access token for a given account id and set of
 // scopes.
 //
@@ -392,7 +383,9 @@ OAuth2TokenService::Consumer::Consumer(const std::string& id)
 OAuth2TokenService::Consumer::~Consumer() {
 }
 
-OAuth2TokenService::OAuth2TokenService() : batch_change_depth_(0) {
+OAuth2TokenService::OAuth2TokenService(OAuth2TokenServiceDelegate* delegate)
+    : delegate_(delegate) {
+  DCHECK(delegate_);
 }
 
 OAuth2TokenService::~OAuth2TokenService() {
@@ -401,12 +394,16 @@ OAuth2TokenService::~OAuth2TokenService() {
       pending_fetchers_.begin(), pending_fetchers_.end());
 }
 
+OAuth2TokenServiceDelegate* OAuth2TokenService::GetDelegate() {
+  return delegate_.get();
+}
+
 void OAuth2TokenService::AddObserver(Observer* observer) {
-  observer_list_.AddObserver(observer);
+  delegate_->AddObserver(observer);
 }
 
 void OAuth2TokenService::RemoveObserver(Observer* observer) {
-  observer_list_.RemoveObserver(observer);
+  delegate_->RemoveObserver(observer);
 }
 
 void OAuth2TokenService::AddDiagnosticsObserver(DiagnosticsObserver* observer) {
@@ -418,10 +415,6 @@ void OAuth2TokenService::RemoveDiagnosticsObserver(
   diagnostics_observer_list_.RemoveObserver(observer);
 }
 
-std::vector<std::string> OAuth2TokenService::GetAccounts() {
-  return std::vector<std::string>();
-}
-
 scoped_ptr<OAuth2TokenService::Request> OAuth2TokenService::StartRequest(
     const std::string& account_id,
     const OAuth2TokenService::ScopeSet& scopes,
@@ -451,6 +444,10 @@ OAuth2TokenService::StartRequestForClient(
       consumer);
 }
 
+net::URLRequestContextGetter* OAuth2TokenService::GetRequestContext() const {
+  return delegate_->GetRequestContext();
+}
+
 scoped_ptr<OAuth2TokenService::Request>
 OAuth2TokenService::StartRequestWithContext(
     const std::string& account_id,
@@ -481,7 +478,6 @@ OAuth2TokenService::StartRequestForClientWithContext(
   tracked_objects::ScopedTracker tracking_profile1(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "422460 OAuth2TokenService::StartRequestForClientWithContext 1"));
-
   scoped_ptr<RequestImpl> request(new RequestImpl(account_id, consumer));
   FOR_EACH_OBSERVER(DiagnosticsObserver, diagnostics_observer_list_,
                     OnAccessTokenRequested(account_id,
@@ -568,6 +564,13 @@ void OAuth2TokenService::FetchOAuth2Token(RequestImpl* request,
                               request->AsWeakPtr());
 }
 
+OAuth2AccessTokenFetcher* OAuth2TokenService::CreateAccessTokenFetcher(
+    const std::string& account_id,
+    net::URLRequestContextGetter* getter,
+    OAuth2AccessTokenConsumer* consumer) {
+  return delegate_->CreateAccessTokenFetcher(account_id, getter, consumer);
+}
+
 void OAuth2TokenService::StartCacheLookupRequest(
     RequestImpl* request,
     const OAuth2TokenService::RequestParameters& request_parameters,
@@ -589,24 +592,39 @@ void OAuth2TokenService::StartCacheLookupRequest(
       cache_entry->expiration_date));
 }
 
-void OAuth2TokenService::InvalidateToken(const std::string& account_id,
-                                         const ScopeSet& scopes,
-                                         const std::string& access_token) {
-  InvalidateOAuth2Token(account_id,
-                        GaiaUrls::GetInstance()->oauth2_chrome_client_id(),
-                        scopes,
-                        access_token);
+std::vector<std::string> OAuth2TokenService::GetAccounts() const {
+  return delegate_->GetAccounts();
+}
+
+bool OAuth2TokenService::RefreshTokenIsAvailable(
+    const std::string& account_id) const {
+  return delegate_->RefreshTokenIsAvailable(account_id);
 }
 
-void OAuth2TokenService::InvalidateTokenForClient(
+void OAuth2TokenService::RevokeAllCredentials() {
+  CancelAllRequests();
+  ClearCache();
+  delegate_->RevokeAllCredentials();
+}
+
+void OAuth2TokenService::InvalidateAccessToken(
+    const std::string& account_id,
+    const ScopeSet& scopes,
+    const std::string& access_token) {
+  InvalidateAccessTokenImpl(account_id,
+                            GaiaUrls::GetInstance()->oauth2_chrome_client_id(),
+                            scopes, access_token);
+}
+
+void OAuth2TokenService::InvalidateAccessTokenForClient(
     const std::string& account_id,
     const std::string& client_id,
     const ScopeSet& scopes,
     const std::string& access_token) {
-  InvalidateOAuth2Token(account_id, client_id, scopes, access_token);
+  InvalidateAccessTokenImpl(account_id, client_id, scopes, access_token);
 }
 
-void OAuth2TokenService::InvalidateOAuth2Token(
+void OAuth2TokenService::InvalidateAccessTokenImpl(
     const std::string& account_id,
     const std::string& client_id,
     const ScopeSet& scopes,
@@ -617,6 +635,7 @@ void OAuth2TokenService::InvalidateOAuth2Token(
                         account_id,
                         scopes),
       access_token);
+  delegate_->InvalidateAccessToken(account_id, client_id, scopes, access_token);
 }
 
 void OAuth2TokenService::OnFetchComplete(Fetcher* fetcher) {
@@ -711,6 +730,10 @@ bool OAuth2TokenService::RemoveCacheEntry(
   }
   return false;
 }
+void OAuth2TokenService::UpdateAuthError(const std::string& account_id,
+                                         const GoogleServiceAuthError& error) {
+  delegate_->UpdateAuthError(account_id, error);
+}
 
 void OAuth2TokenService::RegisterCacheEntry(
     const std::string& client_id,
@@ -727,12 +750,6 @@ void OAuth2TokenService::RegisterCacheEntry(
   token.expiration_date = expiration_date;
 }
 
-void OAuth2TokenService::UpdateAuthError(
-    const std::string& account_id,
-    const GoogleServiceAuthError& error) {
-  // Default implementation does nothing.
-}
-
 void OAuth2TokenService::ClearCache() {
   DCHECK(CalledOnValidThread());
   for (TokenCache::iterator iter = token_cache_.begin();
@@ -794,51 +811,6 @@ void OAuth2TokenService::CancelFetchers(
   }
 }
 
-void OAuth2TokenService::FireRefreshTokenAvailable(
-    const std::string& account_id) {
-  // TODO(robliao): Remove ScopedTracker below once https://crbug.com/422460 is
-  // fixed.
-  tracked_objects::ScopedTracker tracking_profile(
-      FROM_HERE_WITH_EXPLICIT_FUNCTION(
-          "422460 OAuth2TokenService::FireRefreshTokenAvailable"));
-
-  FOR_EACH_OBSERVER(Observer, observer_list_,
-                    OnRefreshTokenAvailable(account_id));
-}
-
-void OAuth2TokenService::FireRefreshTokenRevoked(
-    const std::string& account_id) {
-  FOR_EACH_OBSERVER(Observer, observer_list_,
-                    OnRefreshTokenRevoked(account_id));
-}
-
-void OAuth2TokenService::FireRefreshTokensLoaded() {
-  // TODO(robliao): Remove ScopedTracker below once https://crbug.com/422460 is
-  // fixed.
-  tracked_objects::ScopedTracker tracking_profile(
-      FROM_HERE_WITH_EXPLICIT_FUNCTION(
-          "422460 OAuth2TokenService::FireRefreshTokensLoaded"));
-
-  FOR_EACH_OBSERVER(Observer, observer_list_, OnRefreshTokensLoaded());
-}
-
-void OAuth2TokenService::StartBatchChanges() {
-  ++batch_change_depth_;
-  if (batch_change_depth_ == 1)
-    FOR_EACH_OBSERVER(Observer, observer_list_, OnStartBatchChanges());
-}
-
-void OAuth2TokenService::EndBatchChanges() {
-  --batch_change_depth_;
-  DCHECK_LE(0, batch_change_depth_);
-  if (batch_change_depth_ == 0)
-    FOR_EACH_OBSERVER(Observer, observer_list_, OnEndBatchChanges());
-}
-
-int OAuth2TokenService::cache_size_for_testing() const {
-  return token_cache_.size();
-}
-
 void OAuth2TokenService::set_max_authorization_token_fetch_retries_for_testing(
     int max_retries) {
   DCHECK(CalledOnValidThread());
diff --git a/google_apis/gaia/oauth2_token_service.h b/google_apis/gaia/oauth2_token_service.h
index 4decbf4..85c3fc8 100644
--- a/google_apis/gaia/oauth2_token_service.h
+++ b/google_apis/gaia/oauth2_token_service.h
@@ -26,6 +26,7 @@ class URLRequestContextGetter;
 
 class GoogleServiceAuthError;
 class OAuth2AccessTokenFetcher;
+class OAuth2TokenServiceDelegate;
 
 // Abstract base class for a service that fetches and caches OAuth2 access
 // tokens. Concrete subclasses should implement GetRefreshToken to return
@@ -129,7 +130,7 @@ class OAuth2TokenService : public base::NonThreadSafe {
                                 const ScopeSet& scopes) = 0;
   };
 
-  OAuth2TokenService();
+  explicit OAuth2TokenService(OAuth2TokenServiceDelegate* delegate);
   virtual ~OAuth2TokenService();
 
   // Add or remove observers of this token service.
@@ -172,31 +173,32 @@ class OAuth2TokenService : public base::NonThreadSafe {
 
   // Lists account IDs of all accounts with a refresh token maintained by this
   // instance.
-  virtual std::vector<std::string> GetAccounts();
+  std::vector<std::string> GetAccounts() const;
 
   // Returns true if a refresh token exists for |account_id|. If false, calls to
   // |StartRequest| will result in a Consumer::OnGetTokenFailure callback.
-  virtual bool RefreshTokenIsAvailable(const std::string& account_id) const = 0;
+  bool RefreshTokenIsAvailable(const std::string& account_id) const;
+
+  // This method cancels all token requests, revoke all refresh tokens and
+  // cached access tokens.
+  void RevokeAllCredentials();
 
   // Mark an OAuth2 |access_token| issued for |account_id| and |scopes| as
   // invalid. This should be done if the token was received from this class,
   // but was not accepted by the server (e.g., the server returned
   // 401 Unauthorized). The token will be removed from the cache for the given
   // scopes.
-  void InvalidateToken(const std::string& account_id,
-                       const ScopeSet& scopes,
-                       const std::string& access_token);
+  void InvalidateAccessToken(const std::string& account_id,
+                             const ScopeSet& scopes,
+                             const std::string& access_token);
 
   // Like |InvalidateToken| except is uses |client_id| to identity OAuth2 client
   // app that issued the request instead of Chrome's default values.
-  void InvalidateTokenForClient(const std::string& account_id,
-                                const std::string& client_id,
-                                const ScopeSet& scopes,
-                                const std::string& access_token);
+  void InvalidateAccessTokenForClient(const std::string& account_id,
+                                      const std::string& client_id,
+                                      const ScopeSet& scopes,
+                                      const std::string& access_token);
 
-
-  // Return the current number of entries in the cache.
-  int cache_size_for_testing() const;
   void set_max_authorization_token_fetch_retries_for_testing(int max_retries);
   // Returns the current number of pending fetchers matching given params.
   size_t GetNumPendingRequestsForTesting(
@@ -204,6 +206,8 @@ class OAuth2TokenService : public base::NonThreadSafe {
       const std::string& account_id,
       const ScopeSet& scopes) const;
 
+  OAuth2TokenServiceDelegate* GetDelegate();
+
  protected:
   // Implements a cancelable |OAuth2TokenService::Request|, which should be
   // operated on the UI thread.
@@ -232,20 +236,9 @@ class OAuth2TokenService : public base::NonThreadSafe {
     Consumer* const consumer_;
   };
 
-  // Helper class to scope batch changes.
-  class ScopedBatchChange {
-   public:
-    explicit ScopedBatchChange(OAuth2TokenService* token_service);
-    ~ScopedBatchChange();
-   private:
-    OAuth2TokenService* token_service_;  // Weak.
-    DISALLOW_COPY_AND_ASSIGN(ScopedBatchChange);
-  };
-
-  // Subclasses can override if they want to report errors to the user.
-  virtual void UpdateAuthError(
-      const std::string& account_id,
-      const GoogleServiceAuthError& error);
+  // Implement it in delegates if they want to report errors to the user.
+  void UpdateAuthError(const std::string& account_id,
+                       const GoogleServiceAuthError& error);
 
   // Add a new entry to the cache.
   // Subclasses can override if there are implementation-specific reasons
@@ -270,16 +263,8 @@ class OAuth2TokenService : public base::NonThreadSafe {
   // Cancels all requests related to a given |account_id|.
   void CancelRequestsForAccount(const std::string& account_id);
 
-  // Called by subclasses to notify observers.
-  virtual void FireRefreshTokenAvailable(const std::string& account_id);
-  virtual void FireRefreshTokenRevoked(const std::string& account_id);
-  virtual void FireRefreshTokensLoaded();
-
-  virtual void StartBatchChanges();
-  virtual void EndBatchChanges();
-
   // Fetches an OAuth token for the specified client/scopes. Virtual so it can
-  // be overridden for tests and for platform-specific behavior on Android.
+  // be overridden for tests and for platform-specific behavior.
   virtual void FetchOAuth2Token(RequestImpl* request,
                                 const std::string& account_id,
                                 net::URLRequestContextGetter* getter,
@@ -287,27 +272,24 @@ class OAuth2TokenService : public base::NonThreadSafe {
                                 const std::string& client_secret,
                                 const ScopeSet& scopes);
 
-  // Creates an access token fetcher for the given account id.
-  //
-  // Subclasses should override to create an access token fetcher for the given
-  // |account_id|. This method is only called if subclasses use the default
-  // implementation of |FetchOAuth2Token|.
-  virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
+  // Create an access token fetcher for the given account id.
+  OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
       const std::string& account_id,
       net::URLRequestContextGetter* getter,
-      OAuth2AccessTokenConsumer* consumer) = 0;
+      OAuth2AccessTokenConsumer* consumer);
 
   // Invalidates the |access_token| issued for |account_id|, |client_id| and
   // |scopes|. Virtual so it can be overriden for tests and for platform-
   // specifc behavior.
-  virtual void InvalidateOAuth2Token(const std::string& account_id,
-                                     const std::string& client_id,
-                                     const ScopeSet& scopes,
-                                     const std::string& access_token);
+  virtual void InvalidateAccessTokenImpl(const std::string& account_id,
+                                         const std::string& client_id,
+                                         const ScopeSet& scopes,
+                                         const std::string& access_token);
 
  private:
   class Fetcher;
   friend class Fetcher;
+  friend class OAuth2TokenServiceDelegate;
 
   // The parameters used to fetch an OAuth2 access token.
   struct RequestParameters {
@@ -327,9 +309,9 @@ class OAuth2TokenService : public base::NonThreadSafe {
 
   typedef std::map<RequestParameters, Fetcher*> PendingFetcherMap;
 
-  // Derived classes must provide a request context used for fetching access
-  // tokens with the |StartRequest| method.
-  virtual net::URLRequestContextGetter* GetRequestContext() = 0;
+  // Provide a request context used for fetching access tokens with the
+  // |StartRequest| method.
+  net::URLRequestContextGetter* GetRequestContext() const;
 
   // Struct that contains the information of an OAuth2 access token.
   struct CacheEntry {
@@ -379,14 +361,12 @@ class OAuth2TokenService : public base::NonThreadSafe {
   typedef std::map<RequestParameters, CacheEntry> TokenCache;
   TokenCache token_cache_;
 
+  scoped_ptr<OAuth2TokenServiceDelegate> delegate_;
+
   // A map from fetch parameters to a fetcher that is fetching an OAuth2 access
   // token using these parameters.
   PendingFetcherMap pending_fetchers_;
 
-  // List of observers to notify when refresh token availability changes.
-  // Makes sure list is empty on destruction.
-  base::ObserverList<Observer, true> observer_list_;
-
   // List of observers to notify when access token status changes.
   base::ObserverList<DiagnosticsObserver, true> diagnostics_observer_list_;
 
@@ -399,6 +379,7 @@ class OAuth2TokenService : public base::NonThreadSafe {
   FRIEND_TEST_ALL_PREFIXES(OAuth2TokenServiceTest, RequestParametersOrderTest);
   FRIEND_TEST_ALL_PREFIXES(OAuth2TokenServiceTest,
                            SameScopesRequestedForDifferentClients);
+  FRIEND_TEST_ALL_PREFIXES(OAuth2TokenServiceTest, UpdateClearsCache);
 
   DISALLOW_COPY_AND_ASSIGN(OAuth2TokenService);
 };
diff --git a/google_apis/gaia/oauth2_token_service_delegate.cc b/google_apis/gaia/oauth2_token_service_delegate.cc
new file mode 100644
index 0000000..afe6e6f
--- /dev/null
+++ b/google_apis/gaia/oauth2_token_service_delegate.cc
@@ -0,0 +1,100 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/profiler/scoped_tracker.h"
+#include "google_apis/gaia/oauth2_token_service.h"
+#include "google_apis/gaia/oauth2_token_service_delegate.h"
+
+OAuth2TokenServiceDelegate::ScopedBatchChange::ScopedBatchChange(
+    OAuth2TokenServiceDelegate* delegate)
+    : delegate_(delegate) {
+  DCHECK(delegate_);
+  delegate_->StartBatchChanges();
+}
+
+OAuth2TokenServiceDelegate::ScopedBatchChange::~ScopedBatchChange() {
+  delegate_->EndBatchChanges();
+}
+
+OAuth2TokenServiceDelegate::OAuth2TokenServiceDelegate()
+    : batch_change_depth_(0) {
+}
+
+OAuth2TokenServiceDelegate::~OAuth2TokenServiceDelegate() {
+}
+
+void OAuth2TokenServiceDelegate::ValidateAccountId(
+    const std::string& account_id) const {
+  DCHECK(!account_id.empty());
+
+  // If the account is given as an email, make sure its a canonical email.
+  // Note that some tests don't use email strings as account id, and after
+  // the gaia id migration it won't be an email.  So only check for
+  // canonicalization if the account_id is suspected to be an email.
+  if (account_id.find('@') != std::string::npos)
+    DCHECK_EQ(gaia::CanonicalizeEmail(account_id), account_id);
+}
+
+void OAuth2TokenServiceDelegate::AddObserver(
+    OAuth2TokenService::Observer* observer) {
+  observer_list_.AddObserver(observer);
+}
+
+void OAuth2TokenServiceDelegate::RemoveObserver(
+    OAuth2TokenService::Observer* observer) {
+  observer_list_.RemoveObserver(observer);
+}
+
+void OAuth2TokenServiceDelegate::StartBatchChanges() {
+  ++batch_change_depth_;
+  if (batch_change_depth_ == 1)
+    FOR_EACH_OBSERVER(OAuth2TokenService::Observer, observer_list_,
+                      OnStartBatchChanges());
+}
+
+void OAuth2TokenServiceDelegate::EndBatchChanges() {
+  --batch_change_depth_;
+  DCHECK_LE(0, batch_change_depth_);
+  if (batch_change_depth_ == 0)
+    FOR_EACH_OBSERVER(OAuth2TokenService::Observer, observer_list_,
+                      OnEndBatchChanges());
+}
+
+void OAuth2TokenServiceDelegate::FireRefreshTokenAvailable(
+    const std::string& account_id) {
+  // TODO(robliao): Remove ScopedTracker below once https://crbug.com/422460 is
+  // fixed.
+  tracked_objects::ScopedTracker tracking_profile(
+      FROM_HERE_WITH_EXPLICIT_FUNCTION(
+          "422460 OAuth2TokenService::FireRefreshTokenAvailable"));
+
+  FOR_EACH_OBSERVER(OAuth2TokenService::Observer, observer_list_,
+                    OnRefreshTokenAvailable(account_id));
+}
+
+void OAuth2TokenServiceDelegate::FireRefreshTokenRevoked(
+    const std::string& account_id) {
+  FOR_EACH_OBSERVER(OAuth2TokenService::Observer, observer_list_,
+                    OnRefreshTokenRevoked(account_id));
+}
+
+void OAuth2TokenServiceDelegate::FireRefreshTokensLoaded() {
+  // TODO(robliao): Remove ScopedTracker below once https://crbug.com/422460 is
+  // fixed.
+  tracked_objects::ScopedTracker tracking_profile(
+      FROM_HERE_WITH_EXPLICIT_FUNCTION(
+          "422460 OAuth2TokenService::FireRefreshTokensLoaded"));
+
+  FOR_EACH_OBSERVER(OAuth2TokenService::Observer, observer_list_,
+                    OnRefreshTokensLoaded());
+}
+
+net::URLRequestContextGetter* OAuth2TokenServiceDelegate::GetRequestContext()
+    const {
+  return nullptr;
+}
+
+std::vector<std::string> OAuth2TokenServiceDelegate::GetAccounts() {
+  return std::vector<std::string>();
+}
diff --git a/google_apis/gaia/oauth2_token_service_delegate.h b/google_apis/gaia/oauth2_token_service_delegate.h
new file mode 100644
index 0000000..cb38c2e
--- /dev/null
+++ b/google_apis/gaia/oauth2_token_service_delegate.h
@@ -0,0 +1,87 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef GOOGLE_APIS_GAIA_OAUTH2_TOKEN_SERVICE_DELEGATE_H_
+#define GOOGLE_APIS_GAIA_OAUTH2_TOKEN_SERVICE_DELEGATE_H_
+
+#include "base/observer_list.h"
+#include "google_apis/gaia/gaia_auth_util.h"
+#include "google_apis/gaia/oauth2_token_service.h"
+
+namespace net {
+class URLRequestContextGetter;
+}
+
+class SigninClient;
+
+// Abstract base class to fetch and maintain refresh tokens from various
+// entities. Concrete subclasses should implement RefreshTokenIsAvailable and
+// CreateAccessTokenFetcher properly.
+class OAuth2TokenServiceDelegate {
+ public:
+  OAuth2TokenServiceDelegate();
+  virtual ~OAuth2TokenServiceDelegate();
+
+  virtual OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
+      const std::string& account_id,
+      net::URLRequestContextGetter* getter,
+      OAuth2AccessTokenConsumer* consumer) = 0;
+
+  virtual bool RefreshTokenIsAvailable(const std::string& account_id) const = 0;
+  virtual void UpdateAuthError(const std::string& account_id,
+                               const GoogleServiceAuthError& error){};
+
+  virtual std::vector<std::string> GetAccounts();
+  virtual void RevokeAllCredentials(){};
+
+  virtual void InvalidateAccessToken(const std::string& account_id,
+                                     const std::string& client_id,
+                                     const std::set<std::string>& scopes,
+                                     const std::string& access_token) {}
+
+  virtual void Shutdown() {}
+  virtual void LoadCredentials(const std::string& primary_account_id) {}
+  virtual void UpdateCredentials(const std::string& account_id,
+                                 const std::string& refresh_token) {}
+  virtual void RevokeCredentials(const std::string& account_id) {}
+  virtual net::URLRequestContextGetter* GetRequestContext() const;
+
+  void ValidateAccountId(const std::string& account_id) const;
+
+  // Add or remove observers of this token service.
+  void AddObserver(OAuth2TokenService::Observer* observer);
+  void RemoveObserver(OAuth2TokenService::Observer* observer);
+
+ protected:
+  // Called by subclasses to notify observers.
+  virtual void FireRefreshTokenAvailable(const std::string& account_id);
+  virtual void FireRefreshTokenRevoked(const std::string& account_id);
+  virtual void FireRefreshTokensLoaded();
+
+  // Helper class to scope batch changes.
+  class ScopedBatchChange {
+   public:
+    explicit ScopedBatchChange(OAuth2TokenServiceDelegate* delegate);
+    ~ScopedBatchChange();
+
+   private:
+    OAuth2TokenServiceDelegate* delegate_;  // Weak.
+    DISALLOW_COPY_AND_ASSIGN(ScopedBatchChange);
+  };
+
+ private:
+  // List of observers to notify when refresh token availability changes.
+  // Makes sure list is empty on destruction.
+  base::ObserverList<OAuth2TokenService::Observer, true> observer_list_;
+
+  void StartBatchChanges();
+  void EndBatchChanges();
+
+  // The depth of batch changes.
+  int batch_change_depth_;
+
+  DISALLOW_COPY_AND_ASSIGN(OAuth2TokenServiceDelegate);
+};
+
+#endif  // GOOGLE_APIS_GAIA_OAUTH2_TOKEN_SERVICE_DELEGATE_H_
diff --git a/google_apis/gaia/oauth2_token_service_request.cc b/google_apis/gaia/oauth2_token_service_request.cc
index f01979d..3af40c3 100644
--- a/google_apis/gaia/oauth2_token_service_request.cc
+++ b/google_apis/gaia/oauth2_token_service_request.cc
@@ -314,7 +314,7 @@ InvalidateCore::~InvalidateCore() {
 
 void InvalidateCore::StartOnTokenServiceThread() {
   DCHECK(token_service_task_runner()->BelongsToCurrentThread());
-  token_service()->InvalidateToken(account_id_, scopes_, access_token_);
+  token_service()->InvalidateAccessToken(account_id_, scopes_, access_token_);
 }
 
 void InvalidateCore::StopOnTokenServiceThread() {
diff --git a/google_apis/gaia/oauth2_token_service_request_unittest.cc b/google_apis/gaia/oauth2_token_service_request_unittest.cc
index 5b5a7b3..d514f93 100644
--- a/google_apis/gaia/oauth2_token_service_request_unittest.cc
+++ b/google_apis/gaia/oauth2_token_service_request_unittest.cc
@@ -90,10 +90,10 @@ class MockOAuth2TokenService : public FakeOAuth2TokenService {
                         const std::string& client_secret,
                         const ScopeSet& scopes) override;
 
-  void InvalidateOAuth2Token(const std::string& account_id,
-                             const std::string& client_id,
-                             const ScopeSet& scopes,
-                             const std::string& access_token) override;
+  void InvalidateAccessTokenImpl(const std::string& account_id,
+                                 const std::string& client_id,
+                                 const ScopeSet& scopes,
+                                 const std::string& access_token) override;
 
  private:
   GoogleServiceAuthError response_error_;
@@ -137,7 +137,7 @@ void MockOAuth2TokenService::FetchOAuth2Token(
                  response_expiration_));
 }
 
-void MockOAuth2TokenService::InvalidateOAuth2Token(
+void MockOAuth2TokenService::InvalidateAccessTokenImpl(
     const std::string& account_id,
     const std::string& client_id,
     const ScopeSet& scopes,
diff --git a/google_apis/gaia/oauth2_token_service_unittest.cc b/google_apis/gaia/oauth2_token_service_unittest.cc
index 138ba86..924ae4c 100644
--- a/google_apis/gaia/oauth2_token_service_unittest.cc
+++ b/google_apis/gaia/oauth2_token_service_unittest.cc
@@ -6,6 +6,7 @@
 
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
+#include "google_apis/gaia/fake_oauth2_token_service_delegate.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_consumer.h"
@@ -43,9 +44,8 @@ class RetryingTestingOAuth2TokenServiceConsumer
 
 class TestOAuth2TokenService : public OAuth2TokenService {
  public:
-  explicit TestOAuth2TokenService(net::TestURLRequestContextGetter* getter)
-      : request_context_getter_(getter) {
-  }
+  explicit TestOAuth2TokenService(FakeOAuth2TokenServiceDelegate* delegate)
+      : OAuth2TokenService(delegate) {}
 
   void CancelAllRequestsForTest() { CancelAllRequests(); }
 
@@ -53,49 +53,17 @@ class TestOAuth2TokenService : public OAuth2TokenService {
     CancelRequestsForAccount(account_id);
   }
 
-  // For testing: set the refresh token to be used.
-  void set_refresh_token(const std::string& account_id,
-                         const std::string& refresh_token) {
-    if (refresh_token.empty())
-      refresh_tokens_.erase(account_id);
-    else
-      refresh_tokens_[account_id] = refresh_token;
-  }
-
-  bool RefreshTokenIsAvailable(const std::string& account_id) const override {
-    std::map<std::string, std::string>::const_iterator it =
-        refresh_tokens_.find(account_id);
-
-    return it != refresh_tokens_.end();
-  };
-
- private:
-  // OAuth2TokenService implementation.
-  net::URLRequestContextGetter* GetRequestContext() override {
-    return request_context_getter_.get();
+  FakeOAuth2TokenServiceDelegate* GetFakeOAuth2TokenServiceDelegate() {
+    return static_cast<FakeOAuth2TokenServiceDelegate*>(GetDelegate());
   }
-
-  OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
-      const std::string& account_id,
-      net::URLRequestContextGetter* getter,
-      OAuth2AccessTokenConsumer* consumer) override {
-    std::map<std::string, std::string>::const_iterator it =
-        refresh_tokens_.find(account_id);
-    DCHECK(it != refresh_tokens_.end());
-    std::string refresh_token(it->second);
-    return new OAuth2AccessTokenFetcherImpl(consumer, getter, refresh_token);
-  };
-
-  std::map<std::string, std::string> refresh_tokens_;
-  scoped_refptr<net::TestURLRequestContextGetter> request_context_getter_;
 };
 
 class OAuth2TokenServiceTest : public testing::Test {
  public:
   void SetUp() override {
-    oauth2_service_.reset(
-        new TestOAuth2TokenService(new net::TestURLRequestContextGetter(
-            message_loop_.task_runner())));
+    oauth2_service_.reset(new TestOAuth2TokenService(
+        new FakeOAuth2TokenServiceDelegate(new net::TestURLRequestContextGetter(
+            message_loop_.task_runner()))));
     account_id_ = "test_user@gmail.com";
   }
 
@@ -123,7 +91,8 @@ TEST_F(OAuth2TokenServiceTest, NoOAuth2RefreshToken) {
 }
 
 TEST_F(OAuth2TokenServiceTest, FailureShouldNotRetry) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
   scoped_ptr<OAuth2TokenService::Request> request(
       oauth2_service_->StartRequest(account_id_,
                                     OAuth2TokenService::ScopeSet(),
@@ -143,7 +112,8 @@ TEST_F(OAuth2TokenServiceTest, FailureShouldNotRetry) {
 }
 
 TEST_F(OAuth2TokenServiceTest, SuccessWithoutCaching) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
   scoped_ptr<OAuth2TokenService::Request> request(
       oauth2_service_->StartRequest(account_id_,
                                     OAuth2TokenService::ScopeSet(),
@@ -172,7 +142,8 @@ TEST_F(OAuth2TokenServiceTest, SuccessWithCaching) {
   OAuth2TokenService::ScopeSet scopes2;
   scopes2.insert("s3");
 
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
 
   // First request.
   scoped_ptr<OAuth2TokenService::Request> request(
@@ -218,7 +189,8 @@ TEST_F(OAuth2TokenServiceTest, SuccessWithCaching) {
 }
 
 TEST_F(OAuth2TokenServiceTest, SuccessAndExpirationAndFailure) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
 
   // First request.
   scoped_ptr<OAuth2TokenService::Request> request(
@@ -257,7 +229,8 @@ TEST_F(OAuth2TokenServiceTest, SuccessAndExpirationAndFailure) {
 }
 
 TEST_F(OAuth2TokenServiceTest, SuccessAndExpirationAndSuccess) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
 
   // First request.
   scoped_ptr<OAuth2TokenService::Request> request(
@@ -296,7 +269,8 @@ TEST_F(OAuth2TokenServiceTest, SuccessAndExpirationAndSuccess) {
 }
 
 TEST_F(OAuth2TokenServiceTest, RequestDeletedBeforeCompletion) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
 
   scoped_ptr<OAuth2TokenService::Request> request(
       oauth2_service_->StartRequest(account_id_,
@@ -318,7 +292,8 @@ TEST_F(OAuth2TokenServiceTest, RequestDeletedBeforeCompletion) {
 }
 
 TEST_F(OAuth2TokenServiceTest, RequestDeletedAfterCompletion) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
 
   scoped_ptr<OAuth2TokenService::Request> request(oauth2_service_->StartRequest(
       account_id_, OAuth2TokenService::ScopeSet(), &consumer_));
@@ -340,7 +315,8 @@ TEST_F(OAuth2TokenServiceTest, RequestDeletedAfterCompletion) {
 }
 
 TEST_F(OAuth2TokenServiceTest, MultipleRequestsForTheSameScopesWithOneDeleted) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
 
   scoped_ptr<OAuth2TokenService::Request> request(oauth2_service_->StartRequest(
       account_id_, OAuth2TokenService::ScopeSet(), &consumer_));
@@ -363,7 +339,8 @@ TEST_F(OAuth2TokenServiceTest, MultipleRequestsForTheSameScopesWithOneDeleted) {
 
 TEST_F(OAuth2TokenServiceTest, ClearedRefreshTokenFailsSubsequentRequests) {
   // We have a valid refresh token; the first request is successful.
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
   scoped_ptr<OAuth2TokenService::Request> request(oauth2_service_->StartRequest(
       account_id_, OAuth2TokenService::ScopeSet(), &consumer_));
   base::RunLoop().RunUntilIdle();
@@ -377,7 +354,8 @@ TEST_F(OAuth2TokenServiceTest, ClearedRefreshTokenFailsSubsequentRequests) {
   EXPECT_EQ("token", consumer_.last_token_);
 
   // The refresh token is no longer available; subsequent requests fail.
-  oauth2_service_->set_refresh_token(account_id_, "");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "");
   request = oauth2_service_->StartRequest(account_id_,
       OAuth2TokenService::ScopeSet(), &consumer_);
   base::RunLoop().RunUntilIdle();
@@ -387,7 +365,8 @@ TEST_F(OAuth2TokenServiceTest, ClearedRefreshTokenFailsSubsequentRequests) {
 
 TEST_F(OAuth2TokenServiceTest,
        ChangedRefreshTokenDoesNotAffectInFlightRequests) {
-  oauth2_service_->set_refresh_token(account_id_, "first refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "first refreshToken");
   OAuth2TokenService::ScopeSet scopes;
   scopes.insert("s1");
   scopes.insert("s2");
@@ -402,7 +381,8 @@ TEST_F(OAuth2TokenServiceTest,
   ASSERT_TRUE(fetcher1);
 
   // Note |request| is still pending when the refresh token changes.
-  oauth2_service_->set_refresh_token(account_id_, "second refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "second refreshToken");
 
   // A 2nd request (using the new refresh token) that occurs and completes
   // while the 1st request is in flight is successful.
@@ -428,7 +408,8 @@ TEST_F(OAuth2TokenServiceTest,
 }
 
 TEST_F(OAuth2TokenServiceTest, ServiceShutDownBeforeFetchComplete) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
   scoped_ptr<OAuth2TokenService::Request> request(oauth2_service_->StartRequest(
       account_id_, OAuth2TokenService::ScopeSet(), &consumer_));
   base::RunLoop().RunUntilIdle();
@@ -443,7 +424,8 @@ TEST_F(OAuth2TokenServiceTest, ServiceShutDownBeforeFetchComplete) {
 }
 
 TEST_F(OAuth2TokenServiceTest, RetryingConsumer) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
   RetryingTestingOAuth2TokenServiceConsumer consumer(oauth2_service_.get(),
       account_id_);
   scoped_ptr<OAuth2TokenService::Request> request(oauth2_service_->StartRequest(
@@ -471,7 +453,8 @@ TEST_F(OAuth2TokenServiceTest, RetryingConsumer) {
 
 TEST_F(OAuth2TokenServiceTest, InvalidateToken) {
   OAuth2TokenService::ScopeSet scopes;
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
 
   // First request.
   scoped_ptr<OAuth2TokenService::Request> request(
@@ -501,7 +484,8 @@ TEST_F(OAuth2TokenServiceTest, InvalidateToken) {
   EXPECT_EQ("token", consumer_.last_token_);
 
   // Invalidating the token should return a new token on the next request.
-  oauth2_service_->InvalidateToken(account_id_, scopes, consumer_.last_token_);
+  oauth2_service_->InvalidateAccessToken(account_id_, scopes,
+                                         consumer_.last_token_);
   scoped_ptr<OAuth2TokenService::Request> request3(
       oauth2_service_->StartRequest(account_id_, scopes, &consumer_));
   base::RunLoop().RunUntilIdle();
@@ -518,12 +502,14 @@ TEST_F(OAuth2TokenServiceTest, InvalidateToken) {
 }
 
 TEST_F(OAuth2TokenServiceTest, CancelAllRequests) {
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
   scoped_ptr<OAuth2TokenService::Request> request(
       oauth2_service_->StartRequest(account_id_, OAuth2TokenService::ScopeSet(),
           &consumer_));
 
-  oauth2_service_->set_refresh_token("account_id_2", "refreshToken2");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      "account_id_2", "refreshToken2");
   scoped_ptr<OAuth2TokenService::Request> request2(
       oauth2_service_->StartRequest(account_id_, OAuth2TokenService::ScopeSet(),
           &consumer_));
@@ -546,14 +532,16 @@ TEST_F(OAuth2TokenServiceTest, CancelRequestsForAccount) {
                                            scope_set_1.end());
   scope_set_2.insert("scope3");
 
-  oauth2_service_->set_refresh_token(account_id_, "refreshToken");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, "refreshToken");
   scoped_ptr<OAuth2TokenService::Request> request1(
       oauth2_service_->StartRequest(account_id_, scope_set_1, &consumer_));
   scoped_ptr<OAuth2TokenService::Request> request2(
       oauth2_service_->StartRequest(account_id_, scope_set_2, &consumer_));
 
   std::string account_id_2("account_id_2");
-  oauth2_service_->set_refresh_token(account_id_2, "refreshToken2");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_2, "refreshToken2");
   scoped_ptr<OAuth2TokenService::Request> request3(
       oauth2_service_->StartRequest(account_id_2, scope_set_1, &consumer_));
 
@@ -582,7 +570,8 @@ TEST_F(OAuth2TokenServiceTest, SameScopesRequestedForDifferentClients) {
   scope_set.insert("scope2");
 
   std::string refresh_token("refreshToken");
-  oauth2_service_->set_refresh_token(account_id_, refresh_token);
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      account_id_, refresh_token);
 
   scoped_ptr<OAuth2TokenService::Request> request1(
       oauth2_service_->StartRequestForClient(account_id_,
@@ -648,3 +637,41 @@ TEST_F(OAuth2TokenServiceTest, RequestParametersOrderTest) {
     }
   }
 }
+
+TEST_F(OAuth2TokenServiceTest, UpdateClearsCache) {
+  std::string kEmail = "test@gmail.com";
+  std::set<std::string> scope_list;
+  scope_list.insert("scope");
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      kEmail, "refreshToken");
+  scoped_ptr<OAuth2TokenService::Request> request(
+      oauth2_service_->StartRequest(kEmail, scope_list, &consumer_));
+  base::RunLoop().RunUntilIdle();
+  net::TestURLFetcher* fetcher = factory_.GetFetcherByID(0);
+  ASSERT_TRUE(fetcher);
+  fetcher->set_response_code(net::HTTP_OK);
+  fetcher->SetResponseString(GetValidTokenResponse("token", 3600));
+  fetcher->delegate()->OnURLFetchComplete(fetcher);
+  EXPECT_EQ(1, consumer_.number_of_successful_tokens_);
+  EXPECT_EQ(0, consumer_.number_of_errors_);
+  EXPECT_EQ("token", consumer_.last_token_);
+  EXPECT_EQ(1, (int)oauth2_service_->token_cache_.size());
+
+  // Signs out and signs in
+  oauth2_service_->RevokeAllCredentials();
+
+  EXPECT_EQ(0, (int)oauth2_service_->token_cache_.size());
+  oauth2_service_->GetFakeOAuth2TokenServiceDelegate()->UpdateCredentials(
+      kEmail, "refreshToken");
+  request = oauth2_service_->StartRequest(kEmail, scope_list, &consumer_);
+  base::RunLoop().RunUntilIdle();
+  fetcher = factory_.GetFetcherByID(0);
+  // ASSERT_TRUE(fetcher);
+  fetcher->set_response_code(net::HTTP_OK);
+  fetcher->SetResponseString(GetValidTokenResponse("another token", 3600));
+  fetcher->delegate()->OnURLFetchComplete(fetcher);
+  EXPECT_EQ(2, consumer_.number_of_successful_tokens_);
+  EXPECT_EQ(0, consumer_.number_of_errors_);
+  EXPECT_EQ("another token", consumer_.last_token_);
+  EXPECT_EQ(1, (int)oauth2_service_->token_cache_.size());
+}
diff --git a/google_apis/gaia/ubertoken_fetcher.cc b/google_apis/gaia/ubertoken_fetcher.cc
index d72c60c..0e65e91 100644
--- a/google_apis/gaia/ubertoken_fetcher.cc
+++ b/google_apis/gaia/ubertoken_fetcher.cc
@@ -105,7 +105,7 @@ void UbertokenFetcher::OnUberAuthTokenFailure(
     // The access token is invalid.  Tell the token service.
     OAuth2TokenService::ScopeSet scopes;
     scopes.insert(GaiaConstants::kOAuth1LoginScope);
-    token_service_->InvalidateToken(account_id_, scopes, access_token_);
+    token_service_->InvalidateAccessToken(account_id_, scopes, access_token_);
 
     // In case the access was just stale, try one more time.
     if (!second_access_token_request_) {