Issue 17109006: Device robot refresh token integrity validation.

Issue 17109006: Device robot refresh token integrity validation. (Closed)

Created:
7 years, 6 months ago by David Roche

Modified:
7 years, 6 months ago

Reviewers:
Bernhard Bauer, Roger Tawa OOO till Jul 10th, Wez, Mattias Nissler (ping if slow), Andrew T Wilson (Slow), zel, Vitaly Buka (NO REVIEWS)

CC:
chromium-reviews, oshima+watch_chromium.org, stevenjb+watch_chromium.org, nkostylev+watch_chromium.org, davemoore+watch_chromium.org

Base URL:
http://git.chromium.org/chromium/src.git@master

Visibility:
Public.

More Reviews

Description

Device robot refresh token integrity validation. Before using the robot account refresh token stored in an enterprise device's Local State, verify that the token is owned by the service account id found in the device policy. BUG=245121 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=208019

Patch Set 1 #

Total comments: 10

Patch Set 2 : addressed review comments #

Patch Set 3 : add GaiaOAuthClient tests for changed/added methods #

Patch Set 4 : Extend device_oauth2_token_service_unittest.cc to cover refresh token validation cases. #

Total comments: 22

Patch Set 5 : Moved validation logic out of OAuthTokenService base class. #

Total comments: 7

Patch Set 6 : addressed minor review comments #

Patch Set 7 : addressed atwilson's review comments #

Total comments: 7

Patch Set 8 : addressed bauerb's review comments #

Patch Set 9 : address last review comments #

Patch Set 10 : verify token owner via per-device service acct's email, not the issued_to client id #

Patch Set 11 : rebase #

Total comments: 12

Patch Set 12 : addressed rogerta's review comments #

Patch Set 13 : update test for change in Patch Set 10 #

Patch Set 14 : fix compile issue with remoting #

Patch Set 15 : fix android compile error #

Patch Set 16 : fix clank error #

Patch Set 17 : fix remoting compile error on windows #

Created: 7 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+860 lines, -170 lines)			Patch
M	chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+5 lines, -0 lines	0 comments	Download
M	chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+5 lines, -0 lines	0 comments	Download
M	chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos_unittest.cc	View	1 2 3 4 5 6 7 8 9 10	4 chunks	+7 lines, -2 lines	0 comments	Download
M	chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc	View	1	1 chunk	+0 lines, -1 line	0 comments	Download
M	chrome/browser/chromeos/settings/device_oauth2_token_service.h	View	1 2 3 4 5	3 chunks	+24 lines, -1 line	0 comments	Download
M	chrome/browser/chromeos/settings/device_oauth2_token_service.cc	View	1 2 3 4 5 6 7 8 9	2 chunks	+228 lines, -0 lines	0 comments	Download
M	chrome/browser/chromeos/settings/device_oauth2_token_service_unittest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12	3 chunks	+303 lines, -10 lines	0 comments	Download
M	chrome/browser/managed_mode/managed_user_refresh_token_fetcher.cc	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+1 line, -3 lines	0 comments	Download
M	chrome/browser/managed_mode/managed_user_refresh_token_fetcher_unittest.cc	View	1 2 3 4 5 6 7 8 9 10	2 chunks	+3 lines, -1 line	0 comments	Download
M	chrome/browser/policy/cloud/policy_builder.h	View	1 2 3	1 chunk	+1 line, -0 lines	0 comments	Download
M	chrome/browser/policy/cloud/policy_builder.cc	View	1 2 3	2 chunks	+2 lines, -0 lines	0 comments	Download
M	chrome/browser/policy/proto/cloud/device_management_backend.proto	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+4 lines, -0 lines	0 comments	Download
M	chrome/browser/signin/oauth2_token_service.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14	3 chunks	+24 lines, -20 lines	0 comments	Download
M	chrome/browser/signin/oauth2_token_service.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14	8 chunks	+33 lines, -30 lines	0 comments	Download
M	chrome/browser/signin/ubertoken_fetcher.cc	View	1 2 3 4 5 6 7 8 9 10	2 chunks	+8 lines, -3 lines	0 comments	Download
M	chrome/service/cloud_print/cloud_print_auth.cc	View	1 2 3 4 5 6 7 8 9 10	3 chunks	+2 lines, -3 lines	0 comments	Download
M	google_apis/gaia/gaia_oauth_client.h	View	1 2 3 4 5 6 7 8 9 10 11	4 chunks	+20 lines, -5 lines	0 comments	Download
M	google_apis/gaia/gaia_oauth_client.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	14 chunks	+68 lines, -21 lines	0 comments	Download
M	google_apis/gaia/gaia_oauth_client_unittest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15	14 chunks	+109 lines, -59 lines	0 comments	Download
M	google_apis/gaia/gaia_urls.h	View		2 chunks	+2 lines, -0 lines	0 comments	Download
M	google_apis/gaia/gaia_urls.cc	View		3 chunks	+6 lines, -0 lines	0 comments	Download
M	remoting/host/setup/host_starter.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13	1 chunk	+0 lines, -1 line	0 comments	Download
M	remoting/host/setup/host_starter.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13	1 chunk	+1 line, -3 lines	0 comments	Download
M	remoting/host/setup/start_host.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13	2 chunks	+0 lines, -2 lines	0 comments	Download
M	remoting/host/setup/win/start_host_window.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	1 chunk	+0 lines, -1 line	0 comments	Download
M	remoting/host/signaling_connector.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13	3 chunks	+4 lines, -4 lines	0 comments	Download

Messages

Total messages: 40 (0 generated)

Expand Messages | Collapse Messages

Mattias Nissler (ping if slow)

https://codereview.chromium.org/17109006/diff/1/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc File chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc (right): https://codereview.chromium.org/17109006/diff/1/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc#newcode162 chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc:162: if (policy) { nit: no need for curlies, I ...

7 years, 6 months ago (2013-06-17 05:34:17 UTC) #2

David Roche

7 years, 6 months ago (2013-06-18 04:12:08 UTC) #3

https://codereview.chromium.org/17109006/diff/1/chrome/browser/chromeos/polic...
File chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc
(right):

https://codereview.chromium.org/17109006/diff/1/chrome/browser/chromeos/polic...
chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc:162: if
(policy) {
On 2013/06/17 05:34:17, Mattias Nissler wrote:
> nit: no need for curlies, I guess you could switch to a ternary entirely.

Done.

https://codereview.chromium.org/17109006/diff/1/chrome/browser/chromeos/setti...
File chrome/browser/chromeos/settings/device_oauth2_token_service.cc (right):

https://codereview.chromium.org/17109006/diff/1/chrome/browser/chromeos/setti...
chrome/browser/chromeos/settings/device_oauth2_token_service.cc:123: LOG(INFO)
<< "Device service account owner in policy is empty.";
On 2013/06/17 05:34:17, Mattias Nissler wrote:
> I guess this should be at least WARN, if not ERROR.

Done.

https://codereview.chromium.org/17109006/diff/1/chrome/browser/signin/oauth2_...
File chrome/browser/signin/oauth2_token_service.h (right):

https://codereview.chromium.org/17109006/diff/1/chrome/browser/signin/oauth2_...
chrome/browser/signin/oauth2_token_service.h:137: virtual bool
StartRefreshTokenValidation(
On 2013/06/17 05:34:17, Mattias Nissler wrote:
> I wonder whether making the concept of refresh token validation visible on the
> OAuth2TokenService level is actually a good idea. Have you thought about just
> making GetRefreshToken asynchronous, i.e.:
> 
> void GetRefreshToken(base::Callback<void(const std::string&)>);
> 
> Then, you could hide away the validation part in DeviceOAuth2TokenService.

I started doing that initially, but unfortunately it got to be messy.  The
problem is that the refresh token getter is on the token-service singleton,
while the async/concurrent fetch requests are on the inner Fetcher class.  So,
to stay with the current design of OAuth2TokenService, the fetching should stay
in the Fetcher, since it automatically takes care of handling concurrent
fetches, etc.  Then the obvious idea is to continue with the attempt to make
GetRefreshToken async, but call it from the Fetcher.  This was my attempt #2,
but it had issues b/c the OAuth2TokenService keeps the map of in-flight Fetchers
indexed by refresh_token/scopes pair.  So, I need the refresh token value before
the Fetcher's CreateAndStart method is called.  I considered a big refactor of
the OAuth2TokenService logic around Fetcher lifecycle tracking, so that it was a
2-phase affair -- the first tracking a list of Fetchers that were getting the
refresh token (indexed only by scope) and the 2nd phase of Fetchers that had a
refresh token and were fetching the access token (indexed by refresh token /
scope pair).  But, in the end that seemed like a lot of changes.  So, what you
see is attempt #3 ... keeping the change as simple as possible by having the
fetcher created with the refresh token initially (so it can be added to the
existing map), and then optionally validating the token in the Fetcher. 
Conceptually, validating the refresh token is something that other subclasses
could want to do in the future, so it seemed reasonable enough.  Although, I
agree with your initial design instinct ... it would have been nice to hide the
validation in DeviceOAuth2TokenService, if it could have been done relatively
easily.

https://codereview.chromium.org/17109006/diff/1/google_apis/gaia/gaia_oauth_c...
File google_apis/gaia/gaia_oauth_client.cc (right):

https://codereview.chromium.org/17109006/diff/1/google_apis/gaia/gaia_oauth_c...
google_apis/gaia/gaia_oauth_client.cc:131: void
GaiaOAuthClient::Core::GetTokenInfo(const std::string& oauth_access_token,
On 2013/06/17 05:34:17, Mattias Nissler wrote:
> Hm, shouldn't this logically be closer to GetUserInfo() than
MakeGaiaRequest()?
> You seem to follow the latter pattern.

I'm not sure I follow.  Are you saying to keep the order of the methods
GetUserInfo
GetTokenInfo
... here as it is above and below?

I swapped the 2 *Info methods here due to the line 180 comment in
MakeGaiaRequest referencing the comment "above", but I suppose the comment is
still valid even if I separate the 2 comments a bit more with an extra method.

https://codereview.chromium.org/17109006/diff/1/google_apis/gaia/gaia_oauth_c...
google_apis/gaia/gaia_oauth_client.cc:289: // TODO: remove passed-in gaia_url?
On 2013/06/17 05:34:17, Mattias Nissler wrote:
> TODOs without owners/bugs are not worth much...

Oops, left that as a note to be cleaned up before I sent the review.  I went
ahead and made the change.  It doesn't make sense to pass in the URL when 1/2
the methods ignore it and use another flag value.  All the clients of this class
passed in the same flag value anyway...

David Roche

Mattias, I've added unit tests for everything I can think of. PTAL.

7 years, 6 months ago (2013-06-19 03:35:57 UTC) #4

Mattias Nissler (ping if slow)

Couple more comments, the policy stuff LGTM at this point. I'm still a bit uncomfortable ...

7 years, 6 months ago (2013-06-19 17:53:17 UTC) #5

David Roche

Mattias, I moved the validation logic out of the OAuth2TokenService API, as discussed. I think ...

7 years, 6 months ago (2013-06-20 02:07:25 UTC) #6

Andrew T Wilson (Slow)

signin/* lgtm with a few suggestions https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oauth2_token_service.cc File chrome/browser/signin/oauth2_token_service.cc (right): https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oauth2_token_service.cc#newcode200 chrome/browser/signin/oauth2_token_service.cc:200: InformWaitingRequestsAndQuit(); "AndQuit" -> ...

7 years, 6 months ago (2013-06-20 17:47:27 UTC) #7

David Roche

https://codereview.chromium.org/17109006/diff/14001/chrome/browser/chromeos/settings/device_oauth2_token_service.cc File chrome/browser/chromeos/settings/device_oauth2_token_service.cc (right): https://codereview.chromium.org/17109006/diff/14001/chrome/browser/chromeos/settings/device_oauth2_token_service.cc#newcode109 chrome/browser/chromeos/settings/device_oauth2_token_service.cc:109: if (connector) { On 2013/06/19 17:53:17, Mattias Nissler wrote: ...

7 years, 6 months ago (2013-06-20 17:49:29 UTC) #8

David Roche

https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oauth2_token_service.cc File chrome/browser/signin/oauth2_token_service.cc (right): https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oauth2_token_service.cc#newcode200 chrome/browser/signin/oauth2_token_service.cc:200: InformWaitingRequestsAndQuit(); On 2013/06/20 17:47:28, Andrew T Wilson wrote: > ...

7 years, 6 months ago (2013-06-20 18:17:17 UTC) #9

https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
File chrome/browser/signin/oauth2_token_service.cc (right):

https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
chrome/browser/signin/oauth2_token_service.cc:200:
InformWaitingRequestsAndQuit();
On 2013/06/20 17:47:28, Andrew T Wilson wrote:
> "AndQuit" -> "AndDelete" since "Quit" doesn't mean anything.

Done.

https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
File chrome/browser/signin/oauth2_token_service.h (right):

https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
chrome/browser/signin/oauth2_token_service.h:99: void
set_max_authorization_token_fetch_retries_for_testing(int max_retries);
On 2013/06/20 17:47:28, Andrew T Wilson wrote:
> can we inject this in the constructor instead and pass that along to the
> Fetcher?

Passing this to the constructor would require plumbing it through to all the
subclass implementations and the factories that create them:

DeviceOAuth2TokenService
DeviceOAuth2TokenServiceFactory
ProfileOAuth2TokenService
ProfileOAuth2TokenServiceFactory
AndroidProfileOAuth2TokenService

Since this was only for test purposes, I was inclined to keep this as a simple
*_for_testing method rather that impacting all those classes.  WDYT?

https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
chrome/browser/signin/oauth2_token_service.h:104: class RequestImpl : public
base::SupportsWeakPtr<RequestImpl>,
On 2013/06/20 17:47:28, Andrew T Wilson wrote:
> This is fine, but I wonder now if it's time to move this into a separate
header
> file rather than in this public file.

Ideally this would just be hidden, since it's an impl detail of this class.  I
could do that now, but I need to work cancellable requests into
DeviceOAuth2TokenService, which may call for this to be exposed to subclasses. 
I'll take a note to resolve this one way or the other when I'm making that
change.

Andrew T Wilson (Slow)

On 2013/06/20 18:17:17, David Roche wrote: > https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oauth2_token_service.cc > File chrome/browser/signin/oauth2_token_service.cc (right): > > https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oauth2_token_service.cc#newcode200 ...

7 years, 6 months ago (2013-06-20 18:36:57 UTC) #10

On 2013/06/20 18:17:17, David Roche wrote:
>
https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
> File chrome/browser/signin/oauth2_token_service.cc (right):
> 
>
https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
> chrome/browser/signin/oauth2_token_service.cc:200:
> InformWaitingRequestsAndQuit();
> On 2013/06/20 17:47:28, Andrew T Wilson wrote:
> > "AndQuit" -> "AndDelete" since "Quit" doesn't mean anything.
> 
> Done.
> 
>
https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
> File chrome/browser/signin/oauth2_token_service.h (right):
> 
>
https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
> chrome/browser/signin/oauth2_token_service.h:99: void
> set_max_authorization_token_fetch_retries_for_testing(int max_retries);
> On 2013/06/20 17:47:28, Andrew T Wilson wrote:
> > can we inject this in the constructor instead and pass that along to the
> > Fetcher?
> 
> Passing this to the constructor would require plumbing it through to all the
> subclass implementations and the factories that create them:
> 
> DeviceOAuth2TokenService
> DeviceOAuth2TokenServiceFactory
> ProfileOAuth2TokenService
> ProfileOAuth2TokenServiceFactory
> AndroidProfileOAuth2TokenService
> 
> Since this was only for test purposes, I was inclined to keep this as a simple
> *_for_testing method rather that impacting all those classes.  WDYT?

SGTM

> 
>
https://codereview.chromium.org/17109006/diff/25001/chrome/browser/signin/oau...
> chrome/browser/signin/oauth2_token_service.h:104: class RequestImpl : public
> base::SupportsWeakPtr<RequestImpl>,
> On 2013/06/20 17:47:28, Andrew T Wilson wrote:
> > This is fine, but I wonder now if it's time to move this into a separate
> header
> > file rather than in this public file.
> 
> Ideally this would just be hidden, since it's an impl detail of this class.  I
> could do that now, but I need to work cancellable requests into
> DeviceOAuth2TokenService, which may call for this to be exposed to subclasses.

> I'll take a note to resolve this one way or the other when I'm making that
> change.

Sure, a TODO is fine here.

David Roche

pam@: can you review the small tweaks to chrome/browser/managed_mode/ due to GaiaOAuthClient API changes? vitalybuka@: ...

7 years, 6 months ago (2013-06-20 18:47:35 UTC) #11

Mattias Nissler (ping if slow)

https://chromiumcodereview.appspot.com/17109006/diff/29002/chrome/browser/chromeos/settings/device_oauth2_token_service.cc File chrome/browser/chromeos/settings/device_oauth2_token_service.cc (right): https://chromiumcodereview.appspot.com/17109006/diff/29002/chrome/browser/chromeos/settings/device_oauth2_token_service.cc#newcode209 chrome/browser/chromeos/settings/device_oauth2_token_service.cc:209: // object owns. The other problem now is that ...

7 years, 6 months ago (2013-06-20 18:58:29 UTC) #12

David Roche

7 years, 6 months ago (2013-06-20 20:13:59 UTC) #13

Pam (message me for reviews)

Bernhard is the right person to review these managed_mode/ changes.

7 years, 6 months ago (2013-06-20 20:38:32 UTC) #14

Vitaly Buka (NO REVIEWS)

chrome/service/cloud_print/cloud_print_auth.cc LGTM

7 years, 6 months ago (2013-06-20 20:46:45 UTC) #15

Bernhard Bauer

https://codereview.chromium.org/17109006/diff/29002/google_apis/gaia/gaia_oauth_client.cc File google_apis/gaia/gaia_oauth_client.cc (right): https://codereview.chromium.org/17109006/diff/29002/google_apis/gaia/gaia_oauth_client.cc#newcode10 google_apis/gaia/gaia_oauth_client.cc:10: #include "base/string_util.cc" Wut? https://codereview.chromium.org/17109006/diff/29002/google_apis/gaia/gaia_oauth_client.cc#newcode30 google_apis/gaia/gaia_oauth_client.cc:30: const int GaiaOAuthClient::kUrlFetcherId = ...

7 years, 6 months ago (2013-06-20 20:47:06 UTC) #16

David Roche

https://codereview.chromium.org/17109006/diff/29002/google_apis/gaia/gaia_oauth_client.cc File google_apis/gaia/gaia_oauth_client.cc (right): https://codereview.chromium.org/17109006/diff/29002/google_apis/gaia/gaia_oauth_client.cc#newcode10 google_apis/gaia/gaia_oauth_client.cc:10: #include "base/string_util.cc" On 2013/06/20 20:47:06, Bernhard Bauer wrote: > ...

7 years, 6 months ago (2013-06-20 20:57:32 UTC) #17

Bernhard Bauer

7 years, 6 months ago (2013-06-20 21:22:17 UTC) #18

David Roche

rogerta@: can you review the google_apis/gaia changes to GaiaOAuthClient?

7 years, 6 months ago (2013-06-21 02:19:12 UTC) #20

Roger Tawa OOO till Jul 10th

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oauth_client.cc File google_apis/gaia/gaia_oauth_client.cc (right): https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oauth_client.cc#newcode30 google_apis/gaia/gaia_oauth_client.cc:30: const int GaiaOAuthClient::kUrlFetcherId = 17109006; For my own info, ...

7 years, 6 months ago (2013-06-21 18:22:41 UTC) #21

David Roche

7 years, 6 months ago (2013-06-21 18:40:45 UTC) #22

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
File google_apis/gaia/gaia_oauth_client.cc (right):

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
google_apis/gaia/gaia_oauth_client.cc:30: const int
GaiaOAuthClient::kUrlFetcherId = 17109006;
On 2013/06/21 18:22:41, Roger Tawa wrote:
> For my own info, can you explain this further?  I don't see the unit tests
doing
> anything different based on fetcher ids.

This ID is used only for testing.  The DeviceOAuth2TokenService unit test needs
to address 2 parallel URLFetchers, so they can't both hard-code and ID of 0. 
Any int is fine, but another class already uses 1, so I chose the code review #
to make it unique.

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
google_apis/gaia/gaia_oauth_client.cc:185: request_->Start();
On 2013/06/21 18:22:41, Roger Tawa wrote:
> Seems like there is an opportunity to refactor this code and have
> GaiaOAuthClient::Core::GetUserInfo() call this.  Seems the only difference
> between GetUserInfo() and this method is that the former does a GET and the
> latter does a POST?

Yeah, I wasn't sure how to test the GetUserInfo, so I was hesitant to change it.
 I do know that GetTokenInfo didn't work with a GET, so I was hesitant to change
the GetUserInfo impl...

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
File google_apis/gaia/gaia_oauth_client.h (right):

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
google_apis/gaia/gaia_oauth_client.h:41: int expires_in_seconds) {};
On 2013/06/21 18:22:41, Roger Tawa wrote:
> don't need trailing ; here and lines 44 and 46.

Done.

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
google_apis/gaia/gaia_oauth_client.h:82: Delegate* delegate);
On 2013/06/21 18:22:41, Roger Tawa wrote:
> Can you please document the args for these three methods?  The comment at
lines
> 64-67 explains |max_retries| but none of the method specific args are
described.
>  I know you didn't write all these functions, but since you're here and adding
> methods/args... :-)

Sure, I can document this.  Can I do this in a CL on Monday and send to you?  I
need to look up a few details to get the docs right, and would like to get this
CL slogging through the CQ ASAP.

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
File google_apis/gaia/gaia_oauth_client_unittest.cc (right):

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
google_apis/gaia/gaia_oauth_client_unittest.cc:164: } OVERRIDE;
On 2013/06/21 18:22:41, Roger Tawa wrote:
> The OVERRIDE macro should go at line 160 above.

Done.

https://codereview.chromium.org/17109006/diff/59001/google_apis/gaia/gaia_oau...
google_apis/gaia/gaia_oauth_client_unittest.cc:192: virtual void
OnGetTokenInfoResponse(scoped_ptr<DictionaryValue> token_info) {
On 2013/06/21 18:22:41, Roger Tawa wrote:
> Need OVERRIDE macro.

Done.