Refresh access tokens for TiclInvalidationService

chrome/browser/invalidation/ticl_invalidation_service.cc

Index: chrome/browser/invalidation/ticl_invalidation_service.cc
diff --git a/chrome/browser/invalidation/ticl_invalidation_service.cc b/chrome/browser/invalidation/ticl_invalidation_service.cc
index ee2da37e8c620d76aadbbbd59df21dad82b69026..cc465e69a4e24c36d4c207cb42235b696404b427 100644
--- a/chrome/browser/invalidation/ticl_invalidation_service.cc
+++ b/chrome/browser/invalidation/ticl_invalidation_service.cc
@@ -258,7 +258,23 @@ void TiclInvalidationService::OnGetTokenFailure(
 
 void TiclInvalidationService::OnInvalidatorStateChange(
     syncer::InvalidatorState state) {
-  invalidator_registrar_->UpdateInvalidatorState(state);
+  if (state == syncer::INVALIDATION_CREDENTIALS_REJECTED) {
+    // This may be due to normal OAuth access token expiration.  If so, we must
+    // fetch a new one using our refresh token.  Resetting the invalidator's
+    // access token will not reset the invalidator's exponential backoff, so
+    // it's safe to try to update the token every time we receive this signal.
+    //
+    // We won't be receiving any invalidations while the refresh is in progress,
+    // we set our state to TRANSIENT_INVALIDATION_ERROR.  If the credentials
+    // really are invalid, the refresh request should fail and
+    // OnGetTokenFailure() will put us into a INVALIDATION_CREDENTIALS_REJECTED
+    // state.
+    invalidator_registrar_->UpdateInvalidatorState(
+        syncer::TRANSIENT_INVALIDATION_ERROR);
+    RequestAccessToken();
+  } else {
+    invalidator_registrar_->UpdateInvalidatorState(state);
+  }
 }
 
 void TiclInvalidationService::OnIncomingInvalidation(