Code review comment for lp://qastaging/~mardy/ubuntuone-credentials/clear-stored-token

> Yes, I think U1 is special here, and the behavior should be different.
> As I previously said, we want to just invalidate the token, not
> immediately request a new one, for the cases where we need to
> invalidate the token. Because of how the credentials are used, and how
> those various pieces of the system work, I think we should avoid any
> drastic changes to the existing flow, which would add more confusion
> and possible points of failure.

I think I understand your points, and what I propose goes exactly in that direction. Just, I'm working step by step, first making sure that this plugin can accommodate all the use cases we need, and then I'll modify libubuntuoneauth accordingly. Therefore, while you review this branch please forget about the changes I made in the "signon-plugin-part2" branch: it will obviously need to be updated.

Now, this change I'm proposing here covers all the use cases that we have; it should work both with clients using libubuntuoneauth (which we'll carefully modify to retain most of its old behaviour) and clients directly using this plugin via the OA apis. I think you are confirming this yourself above, when you say that this is case #3 I previously mentioned, but if that's not the case, please correct me.

As for the scopes, I'm well aware of the issues there, because we met the same with the scopes using OAuth authentication; nowadays they should all be fixed, and the OAuth window never pops up unexpectedly, but only in response of the user pressing the "Login" button on the scope. It will be the same for UbuntuOne, don't worry. :-)