Added in API level 5

AbstractAccountAuthenticator


abstract class AbstractAccountAuthenticator
kotlin.Any
   ↳ android.accounts.AbstractAccountAuthenticator

Abstract base class for creating AccountAuthenticators. In order to be an authenticator one must extend this class, provide implementations for the abstract methods, and write a service that returns the result of getIBinder() in the service's android.app.Service#onBind(android.content.Intent) when invoked with an intent with action AccountManager#ACTION_AUTHENTICATOR_INTENT. This service must specify the following intent filter and metadata tags in its AndroidManifest.xml file

<intent-filter>
      <action android:name="android.accounts.AccountAuthenticator" />
    </intent-filter>
    <meta-data android:name="android.accounts.AccountAuthenticator"
              android:resource="@xml/authenticator" />
  
The android:resource attribute must point to a resource that looks like:
<account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
     android:accountType="typeOfAuthenticator"
     android:icon="@drawable/icon"
     android:smallIcon="@drawable/miniIcon"
     android:label="@string/label"
     android:accountPreferences="@xml/account_preferences"
  />
  
Replace the icons and labels with your own resources. The android:accountType attribute must be a string that uniquely identifies your authenticator and will be the same string that user will use when making calls on the AccountManager and it also corresponds to Account#type for your accounts. One user of the android:icon is the "Account & Sync" settings page and one user of the android:smallIcon is the Contact Application's tab panels.

The preferences attribute points to a PreferenceScreen xml hierarchy that contains a list of PreferenceScreens that can be invoked to manage the authenticator. An example is:

<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android">
     <PreferenceCategory android:title="@string/title_fmt" />
     <PreferenceScreen
          android:key="key1"
          android:title="@string/key1_action"
          android:summary="@string/key1_summary">
          <intent
              android:action="key1.ACTION"
              android:targetPackage="key1.package"
              android:targetClass="key1.class" />
      </PreferenceScreen>
  </PreferenceScreen>
  

The standard pattern for implementing any of the abstract methods is the following:

  • If the supplied arguments are enough for the authenticator to fully satisfy the request then it will do so and return a Bundle that contains the results.
  • If the authenticator needs information from the user to satisfy the request then it will create an Intent to an activity that will prompt the user for the information and then carry out the request. This intent must be returned in a Bundle as key AccountManager#KEY_INTENT.

    The activity needs to return the final result when it is complete so the Intent should contain the AccountAuthenticatorResponse as AccountManager#KEY_ACCOUNT_AUTHENTICATOR_RESPONSE. The activity must then call AccountAuthenticatorResponse#onResult or AccountAuthenticatorResponse#onError when it is complete.

  • If the authenticator cannot synchronously process the request and return a result then it may choose to return null and then use the AccountManagerResponse to send the result when it has completed the request. This asynchronous option is not available for the addAccount method, which must complete synchronously.

The following descriptions of each of the abstract authenticator methods will not describe the possible asynchronous nature of the request handling and will instead just describe the input parameters and the expected result.

When writing an activity to satisfy these requests one must pass in the AccountManagerResponse and return the result via that response when the activity finishes (or whenever else the activity author deems it is the correct time to respond).

Summary

Constants
static String

Bundle key used for the long expiration time (in millis from the unix epoch) of the associated auth token.

Public constructors

Public methods
abstract Bundle!
addAccount(response: AccountAuthenticatorResponse!, accountType: String!, authTokenType: String!, requiredFeatures: Array<String!>!, options: Bundle!)

Adds an account of the specified accountType.

open Bundle!
addAccountFromCredentials(response: AccountAuthenticatorResponse!, account: Account!, accountCredentials: Bundle!)

Creates an account based on credentials provided by the authenticator instance of another user on the device, who has chosen to share the account with this user.

abstract Bundle!
confirmCredentials(response: AccountAuthenticatorResponse!, account: Account!, options: Bundle!)

Checks that the user knows the credentials of an account.

abstract Bundle!

Returns a Bundle that contains the Intent of the activity that can be used to edit the properties.

open Bundle!
finishSession(response: AccountAuthenticatorResponse!, accountType: String!, sessionBundle: Bundle!)

Finishes the session started by #startAddAccountSession or #startUpdateCredentials by installing the account to device with AccountManager, or updating the local credentials.

open Bundle!

Returns a Bundle that contains whatever is required to clone the account on a different user.

open Bundle!

Checks if the removal of this account is allowed.

abstract Bundle!
getAuthToken(response: AccountAuthenticatorResponse!, account: Account!, authTokenType: String!, options: Bundle!)

Gets an authtoken for an account.

abstract String!
getAuthTokenLabel(authTokenType: String!)

Ask the authenticator for a localized label for the given authTokenType.

IBinder!

abstract Bundle!
hasFeatures(response: AccountAuthenticatorResponse!, account: Account!, features: Array<String!>!)

Checks if the account supports all the specified authenticator specific features.

open Bundle!

Checks if update of the account credentials is suggested.

open Bundle!
startAddAccountSession(response: AccountAuthenticatorResponse!, accountType: String!, authTokenType: String!, requiredFeatures: Array<String!>!, options: Bundle!)

Starts the add account session to authenticate user to an account of the specified accountType.

open Bundle!
startUpdateCredentialsSession(response: AccountAuthenticatorResponse!, account: Account!, authTokenType: String!, options: Bundle!)

Asks user to re-authenticate for an account but defers updating the locally stored credentials.

abstract Bundle!
updateCredentials(response: AccountAuthenticatorResponse!, account: Account!, authTokenType: String!, options: Bundle!)

Update the locally stored credentials for an account.

Constants

KEY_CUSTOM_TOKEN_EXPIRY

Added in API level 23
static val KEY_CUSTOM_TOKEN_EXPIRY: String

Bundle key used for the long expiration time (in millis from the unix epoch) of the associated auth token.

Value: "android.accounts.expiry"

See Also

Public constructors

AbstractAccountAuthenticator

Added in API level 5
AbstractAccountAuthenticator(context: Context!)

Public methods

addAccount

Added in API level 5
abstract fun addAccount(
    response: AccountAuthenticatorResponse!,
    accountType: String!,
    authTokenType: String!,
    requiredFeatures: Array<String!>!,
    options: Bundle!
): Bundle!

Adds an account of the specified accountType.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
accountType String!: the type of account to add, will never be null
authTokenType String!: the type of auth token to retrieve after adding the account, may be null
requiredFeatures Array<String!>!: a String array of authenticator-specific features that the added account must support, may be null
options Bundle!: a Bundle of authenticator-specific options. It always contains AccountManager#KEY_CALLER_PID and AccountManager#KEY_CALLER_UID fields which will let authenticator know the identity of the caller.
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

addAccountFromCredentials

Added in API level 18
open fun addAccountFromCredentials(
    response: AccountAuthenticatorResponse!,
    account: Account!,
    accountCredentials: Bundle!
): Bundle!

Creates an account based on credentials provided by the authenticator instance of another user on the device, who has chosen to share the account with this user.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account to clone, will never be null
accountCredentials Bundle!: the Bundle containing the required credentials to create the account. Contents of the Bundle are only meaningful to the authenticator. This Bundle is provided by getAccountCredentialsForCloning(android.accounts.AccountAuthenticatorResponse,android.accounts.Account).
Return
Bundle! a Bundle result or null if the result is to be returned via the response.
Exceptions
android.accounts.NetworkErrorException

confirmCredentials

Added in API level 5
abstract fun confirmCredentials(
    response: AccountAuthenticatorResponse!,
    account: Account!,
    options: Bundle!
): Bundle!

Checks that the user knows the credentials of an account.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account whose credentials are to be checked, will never be null
options Bundle!: a Bundle of authenticator-specific options, may be null
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

editProperties

Added in API level 5
abstract fun editProperties(
    response: AccountAuthenticatorResponse!,
    accountType: String!
): Bundle!

Returns a Bundle that contains the Intent of the activity that can be used to edit the properties. In order to indicate success the activity should call response.setResult() with a non-null Bundle.

Parameters
response AccountAuthenticatorResponse!: used to set the result for the request. If the Constants.INTENT_KEY is set in the bundle then this response field is to be used for sending future results if and when the Intent is started.
accountType String!: the AccountType whose properties are to be edited.
Return
Bundle! a Bundle containing the result or the Intent to start to continue the request. If this is null then the request is considered to still be active and the result should sent later using response.

finishSession

Added in API level 26
open fun finishSession(
    response: AccountAuthenticatorResponse!,
    accountType: String!,
    sessionBundle: Bundle!
): Bundle!

Finishes the session started by #startAddAccountSession or #startUpdateCredentials by installing the account to device with AccountManager, or updating the local credentials. File I/O may be performed in this call.

Note: when overriding this method, startAddAccountSession and startUpdateCredentialsSession should be overridden too.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
accountType String!: the type of account to authenticate with, will never be null
sessionBundle Bundle!: a bundle of session data created by startAddAccountSession used for adding account to device, or by startUpdateCredentialsSession used for updating local credentials.
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

getAccountCredentialsForCloning

Added in API level 18
open fun getAccountCredentialsForCloning(
    response: AccountAuthenticatorResponse!,
    account: Account!
): Bundle!

Returns a Bundle that contains whatever is required to clone the account on a different user. The Bundle is passed to the authenticator instance in the target user via addAccountFromCredentials(android.accounts.AccountAuthenticatorResponse,android.accounts.Account,android.os.Bundle). The default implementation returns null, indicating that cloning is not supported.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account to clone, will never be null
Return
Bundle! a Bundle result or null if the result is to be returned via the response.
Exceptions
android.accounts.NetworkErrorException

getAccountRemovalAllowed

Added in API level 5
open fun getAccountRemovalAllowed(
    response: AccountAuthenticatorResponse!,
    account: Account!
): Bundle!

Checks if the removal of this account is allowed.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account to check, will never be null
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

getAuthToken

Added in API level 5
abstract fun getAuthToken(
    response: AccountAuthenticatorResponse!,
    account: Account!,
    authTokenType: String!,
    options: Bundle!
): Bundle!

Gets an authtoken for an account. If not null, the resultant Bundle will contain different sets of keys depending on whether a token was successfully issued and, if not, whether one could be issued via some android.app.Activity.

If a token cannot be provided without some additional activity, the Bundle should contain AccountManager#KEY_INTENT with an associated Intent. On the other hand, if there is no such activity, then a Bundle containing AccountManager#KEY_ERROR_CODE and AccountManager#KEY_ERROR_MESSAGE should be returned.

If a token can be successfully issued, the implementation should return the AccountManager#KEY_ACCOUNT_NAME and AccountManager#KEY_ACCOUNT_TYPE of the account associated with the token as well as the AccountManager#KEY_AUTHTOKEN. In addition AbstractAccountAuthenticator implementations that declare themselves android:customTokens=true may also provide a non-negative KEY_CUSTOM_TOKEN_EXPIRY long value containing the expiration timestamp of the expiration time (in millis since the unix epoch), tokens will be cached in memory based on application's packageName/signature for however long that was specified.

Implementers should assume that tokens will be cached on the basis of account and authTokenType. The system may ignore the contents of the supplied options Bundle when determining to re-use a cached token. Furthermore, implementers should assume a supplied expiration time will be treated as non-binding advice.

Finally, note that for android:customTokens=false authenticators, tokens are cached indefinitely until some client calls android.accounts.AccountManager#invalidateAuthToken(java.lang.String,java.lang.String).

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account whose credentials are to be retrieved, will never be null
authTokenType String!: the type of auth token to retrieve, will never be null
options Bundle!: a Bundle of authenticator-specific options. It always contains AccountManager#KEY_CALLER_PID and AccountManager#KEY_CALLER_UID fields which will let authenticator know the identity of the caller.
Return
Bundle! a Bundle result or null if the result is to be returned via the response.
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

getAuthTokenLabel

Added in API level 5
abstract fun getAuthTokenLabel(authTokenType: String!): String!

Ask the authenticator for a localized label for the given authTokenType.

Parameters
authTokenType String!: the authTokenType whose label is to be returned, will never be null
Return
String! the localized label of the auth token type, may be null if the type isn't known

getIBinder

Added in API level 5
fun getIBinder(): IBinder!
Return
IBinder! the IBinder for the AccountAuthenticator

hasFeatures

Added in API level 5
abstract fun hasFeatures(
    response: AccountAuthenticatorResponse!,
    account: Account!,
    features: Array<String!>!
): Bundle!

Checks if the account supports all the specified authenticator specific features.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account to check, will never be null
features Array<String!>!: an array of features to check, will never be null
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

isCredentialsUpdateSuggested

Added in API level 26
open fun isCredentialsUpdateSuggested(
    response: AccountAuthenticatorResponse!,
    account: Account!,
    statusToken: String!
): Bundle!

Checks if update of the account credentials is suggested.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null.
account Account!: the account to check, will never be null
statusToken String!: a String of token which can be used to check the status of locally stored credentials and if update of credentials is suggested
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

startAddAccountSession

Added in API level 26
open fun startAddAccountSession(
    response: AccountAuthenticatorResponse!,
    accountType: String!,
    authTokenType: String!,
    requiredFeatures: Array<String!>!,
    options: Bundle!
): Bundle!

Starts the add account session to authenticate user to an account of the specified accountType. No file I/O should be performed in this call. Account should be added to device only when finishSession is called after this.

Note: when overriding this method, finishSession should be overridden too.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
accountType String!: the type of account to authenticate with, will never be null
authTokenType String!: the type of auth token to retrieve after authenticating with the account, may be null
requiredFeatures Array<String!>!: a String array of authenticator-specific features that the account authenticated with must support, may be null
options Bundle!: a Bundle of authenticator-specific options, may be null
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

startUpdateCredentialsSession

Added in API level 26
open fun startUpdateCredentialsSession(
    response: AccountAuthenticatorResponse!,
    account: Account!,
    authTokenType: String!,
    options: Bundle!
): Bundle!

Asks user to re-authenticate for an account but defers updating the locally stored credentials. No file I/O should be performed in this call. Local credentials should be updated only when finishSession is called after this.

Note: when overriding this method, finishSession should be overridden too.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account whose credentials are to be updated, will never be null
authTokenType String!: the type of auth token to retrieve after updating the credentials, may be null
options Bundle!: a Bundle of authenticator-specific options, may be null
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error

updateCredentials

Added in API level 5
abstract fun updateCredentials(
    response: AccountAuthenticatorResponse!,
    account: Account!,
    authTokenType: String!,
    options: Bundle!
): Bundle!

Update the locally stored credentials for an account.

Parameters
response AccountAuthenticatorResponse!: to send the result back to the AccountManager, will never be null
account Account!: the account whose credentials are to be updated, will never be null
authTokenType String!: the type of auth token to retrieve after updating the credentials, may be null
options Bundle!: a Bundle of authenticator-specific options, may be null
Return
Bundle! a Bundle result or null if the result is to be returned via the response. The result will contain either:
Exceptions
android.accounts.NetworkErrorException if the authenticator could not honor the request due to a network error