AbstractAccountAuthenticator

public abstract class AbstractAccountAuthenticator
extends Object

java.lang.Object
   ↳ android.accounts.AbstractAccountAuthenticator


Abstract base class for creating AccountAuthenticators. In order to be an authenticator one must extend this class, provide implementations for the abstract methods, and write a service that returns the result of getIBinder() in the service's Service.onBind(android.content.Intent) when invoked with an intent with action AccountManager#ACTION_AUTHENTICATOR_INTENT. This service must specify the following intent filter and metadata tags in its AndroidManifest.xml file

   <intent-filter>
     <action android:name="android.accounts.AccountAuthenticator" />
   </intent-filter>
   <meta-data android:name="android.accounts.AccountAuthenticator"
             android:resource="@xml/authenticator" />
 
The android:resource attribute must point to a resource that looks like:
 <account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
    android:accountType="typeOfAuthenticator"
    android:icon="@drawable/icon"
    android:smallIcon="@drawable/miniIcon"
    android:label="@string/label"
    android:accountPreferences="@xml/account_preferences"
 />
 
Replace the icons and labels with your own resources. The android:accountType attribute must be a string that uniquely identifies your authenticator and will be the same string that user will use when making calls on the AccountManager and it also corresponds to Account#type for your accounts. One user of the android:icon is the "Account & Sync" settings page and one user of the android:smallIcon is the Contact Application's tab panels.

The preferences attribute points to a PreferenceScreen xml hierarchy that contains a list of PreferenceScreens that can be invoked to manage the authenticator. An example is:

 <PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android">
    <PreferenceCategory android:title="@string/title_fmt" />
    <PreferenceScreen
         android:key="key1"
         android:title="@string/key1_action"
         android:summary="@string/key1_summary">
         <intent
             android:action="key1.ACTION"
             android:targetPackage="key1.package"
             android:targetClass="key1.class" />
     </PreferenceScreen>
 </PreferenceScreen>
 

The standard pattern for implementing any of the abstract methods is the following:

The following descriptions of each of the abstract authenticator methods will not describe the possible asynchronous nature of the request handling and will instead just describe the input parameters and the expected result.

When writing an activity to satisfy these requests one must pass in the AccountManagerResponse and return the result via that response when the activity finishes (or whenever else the activity author deems it is the correct time to respond).

Summary

Constants

String KEY_CUSTOM_TOKEN_EXPIRY

Bundle key used for the long expiration time (in millis from the unix epoch) of the associated auth token.

Public constructors

AbstractAccountAuthenticator(Context context)

Public methods

abstract Bundle addAccount(AccountAuthenticatorResponse response, String accountType, String authTokenType, String[] requiredFeatures, Bundle options)

Adds an account of the specified accountType.

Bundle addAccountFromCredentials(AccountAuthenticatorResponse response, Account account, Bundle accountCredentials)

Creates an account based on credentials provided by the authenticator instance of another user on the device, who has chosen to share the account with this user.

abstract Bundle confirmCredentials(AccountAuthenticatorResponse response, Account account, Bundle options)

Checks that the user knows the credentials of an account.

abstract Bundle editProperties(AccountAuthenticatorResponse response, String accountType)

Returns a Bundle that contains the Intent of the activity that can be used to edit the properties.

Bundle finishSession(AccountAuthenticatorResponse response, String accountType, Bundle sessionBundle)

Finishes the session started by #startAddAccountSession or #startUpdateCredentials by installing the account to device with AccountManager, or updating the local credentials.

Bundle getAccountCredentialsForCloning(AccountAuthenticatorResponse response, Account account)

Returns a Bundle that contains whatever is required to clone the account on a different user.

Bundle getAccountRemovalAllowed(AccountAuthenticatorResponse response, Account account)

Checks if the removal of this account is allowed.

abstract Bundle getAuthToken(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options)

Gets an authtoken for an account.

abstract String getAuthTokenLabel(String authTokenType)

Ask the authenticator for a localized label for the given authTokenType.

final IBinder getIBinder()
abstract Bundle hasFeatures(AccountAuthenticatorResponse response, Account account, String[] features)

Checks if the account supports all the specified authenticator specific features.

Bundle isCredentialsUpdateSuggested(AccountAuthenticatorResponse response, Account account, String statusToken)

Checks if update of the account credentials is suggested.

Bundle startAddAccountSession(AccountAuthenticatorResponse response, String accountType, String authTokenType, String[] requiredFeatures, Bundle options)

Starts the add account session to authenticate user to an account of the specified accountType.

Bundle startUpdateCredentialsSession(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options)

Asks user to re-authenticate for an account but defers updating the locally stored credentials.

abstract Bundle updateCredentials(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options)

Update the locally stored credentials for an account.

Inherited methods

Constants

KEY_CUSTOM_TOKEN_EXPIRY

Added in API level 23
public static final String KEY_CUSTOM_TOKEN_EXPIRY

Bundle key used for the long expiration time (in millis from the unix epoch) of the associated auth token.

Constant Value: "android.accounts.expiry"

Public constructors

AbstractAccountAuthenticator

Added in API level 5
public AbstractAccountAuthenticator (Context context)

Parameters
context Context

Public methods

addAccount

Added in API level 5
public abstract Bundle addAccount (AccountAuthenticatorResponse response, 
                String accountType, 
                String authTokenType, 
                String[] requiredFeatures, 
                Bundle options)

Adds an account of the specified accountType.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

accountType String: the type of account to add, will never be null

authTokenType String: the type of auth token to retrieve after adding the account, may be null

requiredFeatures String: a String array of authenticator-specific features that the added account must support, may be null

options Bundle: a Bundle of authenticator-specific options. It always contains AccountManager#KEY_CALLER_PID and AccountManager#KEY_CALLER_UID fields which will let authenticator know the identity of the caller.

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

addAccountFromCredentials

Added in API level 18
public Bundle addAccountFromCredentials (AccountAuthenticatorResponse response, 
                Account account, 
                Bundle accountCredentials)

Creates an account based on credentials provided by the authenticator instance of another user on the device, who has chosen to share the account with this user.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account to clone, will never be null

accountCredentials Bundle: the Bundle containing the required credentials to create the account. Contents of the Bundle are only meaningful to the authenticator. This Bundle is provided by getAccountCredentialsForCloning(android.accounts.AccountAuthenticatorResponse, android.accounts.Account).

Returns
Bundle a Bundle result or null if the result is to be returned via the response.

Throws
android.accounts.NetworkErrorException
NetworkErrorException

confirmCredentials

Added in API level 5
public abstract Bundle confirmCredentials (AccountAuthenticatorResponse response, 
                Account account, 
                Bundle options)

Checks that the user knows the credentials of an account.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account whose credentials are to be checked, will never be null

options Bundle: a Bundle of authenticator-specific options, may be null

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

editProperties

Added in API level 5
public abstract Bundle editProperties (AccountAuthenticatorResponse response, 
                String accountType)

Returns a Bundle that contains the Intent of the activity that can be used to edit the properties. In order to indicate success the activity should call response.setResult() with a non-null Bundle.

Parameters
response AccountAuthenticatorResponse: used to set the result for the request. If the Constants.INTENT_KEY is set in the bundle then this response field is to be used for sending future results if and when the Intent is started.

accountType String: the AccountType whose properties are to be edited.

Returns
Bundle a Bundle containing the result or the Intent to start to continue the request. If this is null then the request is considered to still be active and the result should sent later using response.

finishSession

Added in API level 26
public Bundle finishSession (AccountAuthenticatorResponse response, 
                String accountType, 
                Bundle sessionBundle)

Finishes the session started by #startAddAccountSession or #startUpdateCredentials by installing the account to device with AccountManager, or updating the local credentials. File I/O may be performed in this call.

Note: when overriding this method, startAddAccountSession(AccountAuthenticatorResponse, String, String, String, Bundle) and startUpdateCredentialsSession(AccountAuthenticatorResponse, Account, String, Bundle) should be overridden too.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

accountType String: the type of account to authenticate with, will never be null

sessionBundle Bundle: a bundle of session data created by startAddAccountSession(AccountAuthenticatorResponse, String, String, String, Bundle) used for adding account to device, or by startUpdateCredentialsSession(AccountAuthenticatorResponse, Account, String, Bundle) used for updating local credentials.

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

getAccountCredentialsForCloning

Added in API level 18
public Bundle getAccountCredentialsForCloning (AccountAuthenticatorResponse response, 
                Account account)

Returns a Bundle that contains whatever is required to clone the account on a different user. The Bundle is passed to the authenticator instance in the target user via addAccountFromCredentials(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, android.os.Bundle). The default implementation returns null, indicating that cloning is not supported.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account to clone, will never be null

Returns
Bundle a Bundle result or null if the result is to be returned via the response.

Throws
android.accounts.NetworkErrorException
NetworkErrorException

getAccountRemovalAllowed

Added in API level 5
public Bundle getAccountRemovalAllowed (AccountAuthenticatorResponse response, 
                Account account)

Checks if the removal of this account is allowed.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account to check, will never be null

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

getAuthToken

Added in API level 5
public abstract Bundle getAuthToken (AccountAuthenticatorResponse response, 
                Account account, 
                String authTokenType, 
                Bundle options)

Gets an authtoken for an account. If not null, the resultant Bundle will contain different sets of keys depending on whether a token was successfully issued and, if not, whether one could be issued via some Activity.

If a token cannot be provided without some additional activity, the Bundle should contain AccountManager#KEY_INTENT with an associated Intent. On the other hand, if there is no such activity, then a Bundle containing AccountManager#KEY_ERROR_CODE and AccountManager#KEY_ERROR_MESSAGE should be returned.

If a token can be successfully issued, the implementation should return the AccountManager#KEY_ACCOUNT_NAME and AccountManager#KEY_ACCOUNT_TYPE of the account associated with the token as well as the AccountManager#KEY_AUTHTOKEN. In addition AbstractAccountAuthenticator implementations that declare themselves android:customTokens=true may also provide a non-negative KEY_CUSTOM_TOKEN_EXPIRY long value containing the expiration timestamp of the expiration time (in millis since the unix epoch), tokens will be cached in memory based on application's packageName/signature for however long that was specified.

Implementers should assume that tokens will be cached on the basis of account and authTokenType. The system may ignore the contents of the supplied options Bundle when determining to re-use a cached token. Furthermore, implementers should assume a supplied expiration time will be treated as non-binding advice.

Finally, note that for android:customTokens=false authenticators, tokens are cached indefinitely until some client calls AccountManager.invalidateAuthToken(java.lang.String, java.lang.String).

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account whose credentials are to be retrieved, will never be null

authTokenType String: the type of auth token to retrieve, will never be null

options Bundle: a Bundle of authenticator-specific options. It always contains AccountManager#KEY_CALLER_PID and AccountManager#KEY_CALLER_UID fields which will let authenticator know the identity of the caller.

Returns
Bundle a Bundle result or null if the result is to be returned via the response.

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

getAuthTokenLabel

Added in API level 5
public abstract String getAuthTokenLabel (String authTokenType)

Ask the authenticator for a localized label for the given authTokenType.

Parameters
authTokenType String: the authTokenType whose label is to be returned, will never be null

Returns
String the localized label of the auth token type, may be null if the type isn't known

getIBinder

Added in API level 5
public final IBinder getIBinder ()

Returns
IBinder the IBinder for the AccountAuthenticator

hasFeatures

Added in API level 5
public abstract Bundle hasFeatures (AccountAuthenticatorResponse response, 
                Account account, 
                String[] features)

Checks if the account supports all the specified authenticator specific features.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account to check, will never be null

features String: an array of features to check, will never be null

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

isCredentialsUpdateSuggested

Added in API level 26
public Bundle isCredentialsUpdateSuggested (AccountAuthenticatorResponse response, 
                Account account, 
                String statusToken)

Checks if update of the account credentials is suggested.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null.

account Account: the account to check, will never be null

statusToken String: a String of token which can be used to check the status of locally stored credentials and if update of credentials is suggested

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

startAddAccountSession

Added in API level 26
public Bundle startAddAccountSession (AccountAuthenticatorResponse response, 
                String accountType, 
                String authTokenType, 
                String[] requiredFeatures, 
                Bundle options)

Starts the add account session to authenticate user to an account of the specified accountType. No file I/O should be performed in this call. Account should be added to device only when finishSession(AccountAuthenticatorResponse, String, Bundle) is called after this.

Note: when overriding this method, finishSession(AccountAuthenticatorResponse, String, Bundle) should be overridden too.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

accountType String: the type of account to authenticate with, will never be null

authTokenType String: the type of auth token to retrieve after authenticating with the account, may be null

requiredFeatures String: a String array of authenticator-specific features that the account authenticated with must support, may be null

options Bundle: a Bundle of authenticator-specific options, may be null

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

startUpdateCredentialsSession

Added in API level 26
public Bundle startUpdateCredentialsSession (AccountAuthenticatorResponse response, 
                Account account, 
                String authTokenType, 
                Bundle options)

Asks user to re-authenticate for an account but defers updating the locally stored credentials. No file I/O should be performed in this call. Local credentials should be updated only when finishSession(AccountAuthenticatorResponse, String, Bundle) is called after this.

Note: when overriding this method, finishSession(AccountAuthenticatorResponse, String, Bundle) should be overridden too.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account whose credentials are to be updated, will never be null

authTokenType String: the type of auth token to retrieve after updating the credentials, may be null

options Bundle: a Bundle of authenticator-specific options, may be null

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error

updateCredentials

Added in API level 5
public abstract Bundle updateCredentials (AccountAuthenticatorResponse response, 
                Account account, 
                String authTokenType, 
                Bundle options)

Update the locally stored credentials for an account.

Parameters
response AccountAuthenticatorResponse: to send the result back to the AccountManager, will never be null

account Account: the account whose credentials are to be updated, will never be null

authTokenType String: the type of auth token to retrieve after updating the credentials, may be null

options Bundle: a Bundle of authenticator-specific options, may be null

Returns
Bundle a Bundle result or null if the result is to be returned via the response. The result will contain either:

Throws
NetworkErrorException if the authenticator could not honor the request due to a network error