[sync] Force re-auth during sync setup if Oauth2 token is unavailable

chrome/browser/signin/profile_oauth2_token_service.cc

Index: chrome/browser/signin/profile_oauth2_token_service.cc
diff --git a/chrome/browser/signin/profile_oauth2_token_service.cc b/chrome/browser/signin/profile_oauth2_token_service.cc
index 6c00938c6acde13cdb628931cba2d4e0ba0954c3..718f41e08d255fa36812c2536795eff59d7ea78d 100644
--- a/chrome/browser/signin/profile_oauth2_token_service.cc
+++ b/chrome/browser/signin/profile_oauth2_token_service.cc
@@ -152,6 +152,15 @@ void ProfileOAuth2TokenService::Observe(
       break;
     }
     case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED:
+      // During startup, if the user is signed in and the OAuth2 refresh token
+      // is empty, flag it as an error by badging the menu. Otherwise, if the
+      // user goes on to set up sync, they will have to make two attempts:
+      // One to surface the OAuth2 error, and a second one after signing in.
+      // See crbug.com/276650.
+      if (!GetAccountId(profile_).empty() && GetRefreshToken().empty()) {
+        UpdateAuthError(GoogleServiceAuthError(
+            GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
+      }
       FireRefreshTokensLoaded();
       break;
     default: