2 * Copyright (C) 2009 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package android.accounts;
19 import static android.Manifest.permission.GET_ACCOUNTS;
21 import android.annotation.IntDef;
22 import android.annotation.NonNull;
23 import android.annotation.RequiresPermission;
24 import android.annotation.SdkConstant;
25 import android.annotation.Size;
26 import android.annotation.SystemApi;
27 import android.annotation.SystemService;
28 import android.annotation.SdkConstant.SdkConstantType;
29 import android.annotation.BroadcastBehavior;
30 import android.app.Activity;
31 import android.content.BroadcastReceiver;
32 import android.content.ComponentName;
33 import android.content.Context;
34 import android.content.Intent;
35 import android.content.IntentFilter;
36 import android.content.IntentSender;
37 import android.content.res.Resources;
38 import android.content.pm.ApplicationInfo;
39 import android.content.pm.PackageManager;
40 import android.database.SQLException;
41 import android.os.Build;
42 import android.os.Bundle;
43 import android.os.Handler;
44 import android.os.Looper;
45 import android.os.Parcelable;
46 import android.os.Process;
47 import android.os.RemoteException;
48 import android.os.UserHandle;
49 import android.text.TextUtils;
50 import android.util.Log;
52 import com.android.internal.R;
53 import com.google.android.collect.Maps;
55 import java.io.IOException;
56 import java.lang.annotation.Retention;
57 import java.lang.annotation.RetentionPolicy;
58 import java.lang.SuppressWarnings;
59 import java.util.ArrayList;
60 import java.util.Arrays;
61 import java.util.HashMap;
62 import java.util.HashSet;
63 import java.util.List;
66 import java.util.concurrent.Callable;
67 import java.util.concurrent.CancellationException;
68 import java.util.concurrent.ExecutionException;
69 import java.util.concurrent.FutureTask;
70 import java.util.concurrent.TimeUnit;
71 import java.util.concurrent.TimeoutException;
74 * This class provides access to a centralized registry of the user's
75 * online accounts. The user enters credentials (username and password) once
76 * per account, granting applications access to online resources with
77 * "one-click" approval.
79 * <p>Different online services have different ways of handling accounts and
80 * authentication, so the account manager uses pluggable <em>authenticator</em>
81 * modules for different <em>account types</em>. Authenticators (which may be
82 * written by third parties) handle the actual details of validating account
83 * credentials and storing account information. For example, Google, Facebook,
84 * and Microsoft Exchange each have their own authenticator.
86 * <p>Many servers support some notion of an <em>authentication token</em>,
87 * which can be used to authenticate a request to the server without sending
88 * the user's actual password. (Auth tokens are normally created with a
89 * separate request which does include the user's credentials.) AccountManager
90 * can generate auth tokens for applications, so the application doesn't need to
91 * handle passwords directly. Auth tokens are normally reusable and cached by
92 * AccountManager, but must be refreshed periodically. It's the responsibility
93 * of applications to <em>invalidate</em> auth tokens when they stop working so
94 * the AccountManager knows it needs to regenerate them.
96 * <p>Applications accessing a server normally go through these steps:
99 * <li>Get an instance of AccountManager using {@link #get(Context)}.
101 * <li>List the available accounts using {@link #getAccountsByType} or
102 * {@link #getAccountsByTypeAndFeatures}. Normally applications will only
103 * be interested in accounts with one particular <em>type</em>, which
104 * identifies the authenticator. Account <em>features</em> are used to
105 * identify particular account subtypes and capabilities. Both the account
106 * type and features are authenticator-specific strings, and must be known by
107 * the application in coordination with its preferred authenticators.
109 * <li>Select one or more of the available accounts, possibly by asking the
110 * user for their preference. If no suitable accounts are available,
111 * {@link #addAccount} may be called to prompt the user to create an
112 * account of the appropriate type.
114 * <li><b>Important:</b> If the application is using a previously remembered
115 * account selection, it must make sure the account is still in the list
116 * of accounts returned by {@link #getAccountsByType}. Requesting an auth token
117 * for an account no longer on the device results in an undefined failure.
119 * <li>Request an auth token for the selected account(s) using one of the
120 * {@link #getAuthToken} methods or related helpers. Refer to the description
121 * of each method for exact usage and error handling details.
123 * <li>Make the request using the auth token. The form of the auth token,
124 * the format of the request, and the protocol used are all specific to the
125 * service you are accessing. The application may use whatever network and
126 * protocol libraries are useful.
128 * <li><b>Important:</b> If the request fails with an authentication error,
129 * it could be that a cached auth token is stale and no longer honored by
130 * the server. The application must call {@link #invalidateAuthToken} to remove
131 * the token from the cache, otherwise requests will continue failing! After
132 * invalidating the auth token, immediately go back to the "Request an auth
133 * token" step above. If the process fails the second time, then it can be
134 * treated as a "genuine" authentication failure and the user notified or other
135 * appropriate actions taken.
138 * <p>Some AccountManager methods may need to interact with the user to
139 * prompt for credentials, present options, or ask the user to add an account.
140 * The caller may choose whether to allow AccountManager to directly launch the
141 * necessary user interface and wait for the user, or to return an Intent which
142 * the caller may use to launch the interface, or (in some cases) to install a
143 * notification which the user can select at any time to launch the interface.
144 * To have AccountManager launch the interface directly, the caller must supply
145 * the current foreground {@link Activity} context.
147 * <p>Many AccountManager methods take {@link AccountManagerCallback} and
148 * {@link Handler} as parameters. These methods return immediately and
149 * run asynchronously. If a callback is provided then
150 * {@link AccountManagerCallback#run} will be invoked on the Handler's
151 * thread when the request completes, successfully or not.
152 * The result is retrieved by calling {@link AccountManagerFuture#getResult()}
153 * on the {@link AccountManagerFuture} returned by the method (and also passed
154 * to the callback). This method waits for the operation to complete (if
155 * necessary) and either returns the result or throws an exception if an error
156 * occurred during the operation. To make the request synchronously, call
157 * {@link AccountManagerFuture#getResult()} immediately on receiving the
158 * future from the method; no callback need be supplied.
160 * <p>Requests which may block, including
161 * {@link AccountManagerFuture#getResult()}, must never be called on
162 * the application's main event thread. These operations throw
163 * {@link IllegalStateException} if they are used on the main thread.
165 @SystemService(Context.ACCOUNT_SERVICE)
166 public class AccountManager {
168 private static final String TAG = "AccountManager";
170 public static final int ERROR_CODE_REMOTE_EXCEPTION = 1;
171 public static final int ERROR_CODE_NETWORK_ERROR = 3;
172 public static final int ERROR_CODE_CANCELED = 4;
173 public static final int ERROR_CODE_INVALID_RESPONSE = 5;
174 public static final int ERROR_CODE_UNSUPPORTED_OPERATION = 6;
175 public static final int ERROR_CODE_BAD_ARGUMENTS = 7;
176 public static final int ERROR_CODE_BAD_REQUEST = 8;
177 public static final int ERROR_CODE_BAD_AUTHENTICATION = 9;
180 public static final int ERROR_CODE_USER_RESTRICTED = 100;
182 public static final int ERROR_CODE_MANAGEMENT_DISABLED_FOR_ACCOUNT_TYPE = 101;
185 * Bundle key used for the {@link String} account name in results
186 * from methods which return information about a particular account.
188 public static final String KEY_ACCOUNT_NAME = "authAccount";
191 * Bundle key used for the {@link String} account type in results
192 * from methods which return information about a particular account.
194 public static final String KEY_ACCOUNT_TYPE = "accountType";
197 * Bundle key used for the account access id used for noting the
198 * account was accessed when unmarshaled from a parcel.
202 public static final String KEY_ACCOUNT_ACCESS_ID = "accountAccessId";
205 * Bundle key used for the auth token value in results
206 * from {@link #getAuthToken} and friends.
208 public static final String KEY_AUTHTOKEN = "authtoken";
211 * Bundle key used for an {@link Intent} in results from methods that
212 * may require the caller to interact with the user. The Intent can
213 * be used to start the corresponding user interface activity.
215 public static final String KEY_INTENT = "intent";
218 * Bundle key used to supply the password directly in options to
219 * {@link #confirmCredentials}, rather than prompting the user with
220 * the standard password prompt.
222 public static final String KEY_PASSWORD = "password";
224 public static final String KEY_ACCOUNTS = "accounts";
226 public static final String KEY_ACCOUNT_AUTHENTICATOR_RESPONSE = "accountAuthenticatorResponse";
227 public static final String KEY_ACCOUNT_MANAGER_RESPONSE = "accountManagerResponse";
228 public static final String KEY_AUTHENTICATOR_TYPES = "authenticator_types";
229 public static final String KEY_AUTH_FAILED_MESSAGE = "authFailedMessage";
230 public static final String KEY_AUTH_TOKEN_LABEL = "authTokenLabelKey";
231 public static final String KEY_BOOLEAN_RESULT = "booleanResult";
232 public static final String KEY_ERROR_CODE = "errorCode";
233 public static final String KEY_ERROR_MESSAGE = "errorMessage";
234 public static final String KEY_USERDATA = "userdata";
237 * Bundle key used to supply the last time the credentials of the account
238 * were authenticated successfully. Time is specified in milliseconds since
239 * epoch. Associated time is updated on successful authentication of account
240 * on adding account, confirming credentials, or updating credentials.
242 public static final String KEY_LAST_AUTHENTICATED_TIME = "lastAuthenticatedTime";
245 * The UID of caller app.
247 public static final String KEY_CALLER_UID = "callerUid";
250 * The process id of caller app.
252 public static final String KEY_CALLER_PID = "callerPid";
255 * The Android package of the caller will be set in the options bundle by the
256 * {@link AccountManager} and will be passed to the AccountManagerService and
257 * to the AccountAuthenticators. The uid of the caller will be known by the
258 * AccountManagerService as well as the AccountAuthenticators so they will be able to
259 * verify that the package is consistent with the uid (a uid might be shared by many
262 public static final String KEY_ANDROID_PACKAGE_NAME = "androidPackageName";
265 * Boolean, if set and 'customTokens' the authenticator is responsible for
269 public static final String KEY_NOTIFY_ON_FAILURE = "notifyOnAuthFailure";
272 * Bundle key used for a {@link Bundle} in result from
273 * {@link #startAddAccountSession} and friends which returns session data
274 * for installing an account later.
276 public static final String KEY_ACCOUNT_SESSION_BUNDLE = "accountSessionBundle";
279 * Bundle key used for the {@link String} account status token in result
280 * from {@link #startAddAccountSession} and friends which returns
281 * information about a particular account.
283 public static final String KEY_ACCOUNT_STATUS_TOKEN = "accountStatusToken";
285 public static final String ACTION_AUTHENTICATOR_INTENT =
286 "android.accounts.AccountAuthenticator";
287 public static final String AUTHENTICATOR_META_DATA_NAME =
288 "android.accounts.AccountAuthenticator";
289 public static final String AUTHENTICATOR_ATTRIBUTES_NAME = "account-authenticator";
292 @Retention(RetentionPolicy.SOURCE)
293 @IntDef({VISIBILITY_UNDEFINED, VISIBILITY_VISIBLE, VISIBILITY_USER_MANAGED_VISIBLE,
294 VISIBILITY_NOT_VISIBLE, VISIBILITY_USER_MANAGED_NOT_VISIBLE})
295 public @interface AccountVisibility {
299 * Account visibility was not set. Default visibility value will be used.
300 * See {@link #PACKAGE_NAME_KEY_LEGACY_VISIBLE}, {@link #PACKAGE_NAME_KEY_LEGACY_NOT_VISIBLE}
302 public static final int VISIBILITY_UNDEFINED = 0;
305 * Account is always visible to given application and only authenticator can revoke visibility.
307 public static final int VISIBILITY_VISIBLE = 1;
310 * Account is visible to given application, but user can revoke visibility.
312 public static final int VISIBILITY_USER_MANAGED_VISIBLE = 2;
315 * Account is not visible to given application and only authenticator can grant visibility.
317 public static final int VISIBILITY_NOT_VISIBLE = 3;
320 * Account is not visible to given application, but user can reveal it, for example, using
321 * {@link #newChooseAccountIntent(Account, List, String[], String, String, String[], Bundle)}
323 public static final int VISIBILITY_USER_MANAGED_NOT_VISIBLE = 4;
326 * Token type for the special case where a UID has access only to an account
327 * but no authenticator specific auth token types.
331 public static final String ACCOUNT_ACCESS_TOKEN_TYPE =
332 "com.android.AccountManager.ACCOUNT_ACCESS_TOKEN_TYPE";
334 private final Context mContext;
335 private final IAccountManager mService;
336 private final Handler mMainHandler;
339 * Action sent as a broadcast Intent by the AccountsService when accounts are added, accounts
340 * are removed, or an account's credentials (saved password, etc) are changed.
342 * @see #addOnAccountsUpdatedListener
343 * @see #ACTION_ACCOUNT_REMOVED
345 * @deprecated use {@link #addOnAccountsUpdatedListener} to get account updates in runtime.
347 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
348 @BroadcastBehavior(includeBackground = true)
349 public static final String LOGIN_ACCOUNTS_CHANGED_ACTION =
350 "android.accounts.LOGIN_ACCOUNTS_CHANGED";
353 * Action sent as a broadcast Intent by the AccountsService when any account is removed
354 * or renamed. Only applications which were able to see the account will receive the intent.
355 * Intent extra will include the following fields:
357 * <li> {@link #KEY_ACCOUNT_NAME} - the name of the removed account
358 * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
361 @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
362 @BroadcastBehavior(includeBackground = true)
363 public static final String ACTION_ACCOUNT_REMOVED =
364 "android.accounts.action.ACCOUNT_REMOVED";
367 * Action sent as a broadcast Intent to specific package by the AccountsService
368 * when account visibility or account's credentials (saved password, etc) are changed.
370 * @see #addOnAccountsUpdatedListener
374 public static final String ACTION_VISIBLE_ACCOUNTS_CHANGED =
375 "android.accounts.action.VISIBLE_ACCOUNTS_CHANGED";
378 * Key to set visibility for applications which satisfy one of the following conditions:
380 * <li>Target API level below {@link android.os.Build.VERSION_CODES#O} and have
381 * deprecated {@link android.Manifest.permission#GET_ACCOUNTS} permission.
383 * <li> Have {@link android.Manifest.permission#GET_ACCOUNTS_PRIVILEGED} permission. </li>
384 * <li> Have the same signature as authenticator. </li>
385 * <li> Have {@link android.Manifest.permission#READ_CONTACTS} permission and
386 * account type may be associated with contacts data - (verified by
387 * {@link android.Manifest.permission#WRITE_CONTACTS} permission check for the authenticator).
390 * See {@link #getAccountVisibility}. If the value was not set by authenticator
391 * {@link #VISIBILITY_USER_MANAGED_VISIBLE} is used.
393 public static final String PACKAGE_NAME_KEY_LEGACY_VISIBLE =
394 "android:accounts:key_legacy_visible";
397 * Key to set default visibility for applications which don't satisfy conditions in
398 * {@link PACKAGE_NAME_KEY_LEGACY_VISIBLE}. If the value was not set by authenticator
399 * {@link #VISIBILITY_USER_MANAGED_NOT_VISIBLE} is used.
401 public static final String PACKAGE_NAME_KEY_LEGACY_NOT_VISIBLE =
402 "android:accounts:key_legacy_not_visible";
407 public AccountManager(Context context, IAccountManager service) {
410 mMainHandler = new Handler(mContext.getMainLooper());
414 * @hide used for testing only
416 public AccountManager(Context context, IAccountManager service, Handler handler) {
419 mMainHandler = handler;
423 * @hide for internal use only
425 public static Bundle sanitizeResult(Bundle result) {
426 if (result != null) {
427 if (result.containsKey(KEY_AUTHTOKEN)
428 && !TextUtils.isEmpty(result.getString(KEY_AUTHTOKEN))) {
429 final Bundle newResult = new Bundle(result);
430 newResult.putString(KEY_AUTHTOKEN, "<omitted for logging purposes>");
438 * Gets an AccountManager instance associated with a Context.
439 * The {@link Context} will be used as long as the AccountManager is
440 * active, so make sure to use a {@link Context} whose lifetime is
441 * commensurate with any listeners registered to
442 * {@link #addOnAccountsUpdatedListener} or similar methods.
444 * <p>It is safe to call this method from the main thread.
446 * <p>No permission is required to call this method.
448 * @param context The {@link Context} to use when necessary
449 * @return An {@link AccountManager} instance
451 public static AccountManager get(Context context) {
452 if (context == null) throw new IllegalArgumentException("context is null");
453 return (AccountManager) context.getSystemService(Context.ACCOUNT_SERVICE);
457 * Gets the saved password associated with the account. This is intended for authenticators and
458 * related code; applications should get an auth token instead.
461 * It is safe to call this method from the main thread.
464 * This method requires the caller to have a signature match with the authenticator that owns
465 * the specified account.
468 * <b>NOTE:</b> If targeting your app to work on API level
469 * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1} and before, AUTHENTICATE_ACCOUNTS
470 * permission is needed for those platforms. See docs for this function in API level
471 * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1}.
473 * @param account The account to query for a password. Must not be {@code null}.
474 * @return The account's password, null if none or if the account doesn't exist
476 public String getPassword(final Account account) {
477 if (account == null) throw new IllegalArgumentException("account is null");
479 return mService.getPassword(account);
480 } catch (RemoteException e) {
481 throw e.rethrowFromSystemServer();
486 * Gets the user data named by "key" associated with the account. This is intended for
487 * authenticators and related code to store arbitrary metadata along with accounts. The meaning
488 * of the keys and values is up to the authenticator for the account.
491 * It is safe to call this method from the main thread.
494 * This method requires the caller to have a signature match with the authenticator that owns
495 * the specified account.
498 * <b>NOTE:</b> If targeting your app to work on API level
499 * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1} and before, AUTHENTICATE_ACCOUNTS
500 * permission is needed for those platforms. See docs for this function in API level
501 * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1}.
503 * @param account The account to query for user data
504 * @return The user data, null if the account or key doesn't exist
506 public String getUserData(final Account account, final String key) {
507 if (account == null) throw new IllegalArgumentException("account is null");
508 if (key == null) throw new IllegalArgumentException("key is null");
510 return mService.getUserData(account, key);
511 } catch (RemoteException e) {
512 throw e.rethrowFromSystemServer();
517 * Lists the currently registered authenticators.
519 * <p>It is safe to call this method from the main thread.
521 * <p>No permission is required to call this method.
523 * @return An array of {@link AuthenticatorDescription} for every
524 * authenticator known to the AccountManager service. Empty (never
525 * null) if no authenticators are known.
527 public AuthenticatorDescription[] getAuthenticatorTypes() {
529 return mService.getAuthenticatorTypes(UserHandle.getCallingUserId());
530 } catch (RemoteException e) {
531 throw e.rethrowFromSystemServer();
537 * Lists the currently registered authenticators for a given user id.
539 * <p>It is safe to call this method from the main thread.
541 * <p>The caller has to be in the same user or have the permission
542 * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL}.
544 * @return An array of {@link AuthenticatorDescription} for every
545 * authenticator known to the AccountManager service. Empty (never
546 * null) if no authenticators are known.
548 public AuthenticatorDescription[] getAuthenticatorTypesAsUser(int userId) {
550 return mService.getAuthenticatorTypes(userId);
551 } catch (RemoteException e) {
552 throw e.rethrowFromSystemServer();
557 * Lists all accounts visible to the caller regardless of type. Equivalent to
558 * getAccountsByType(null). These accounts may be visible because the user granted access to the
559 * account, or the AbstractAcccountAuthenticator managing the account did so or because the
560 * client shares a signature with the managing AbstractAccountAuthenticator.
563 * It is safe to call this method from the main thread.
565 * @return An array of {@link Account}, one for each account. Empty (never null) if no accounts
569 public Account[] getAccounts() {
571 return mService.getAccounts(null, mContext.getOpPackageName());
572 } catch (RemoteException e) {
573 throw e.rethrowFromSystemServer();
579 * Lists all accounts visible to caller regardless of type for a given user id. Equivalent to
580 * getAccountsByType(null).
583 * It is safe to call this method from the main thread.
585 * @return An array of {@link Account}, one for each account. Empty (never null) if no accounts
589 public Account[] getAccountsAsUser(int userId) {
591 return mService.getAccountsAsUser(null, userId, mContext.getOpPackageName());
592 } catch (RemoteException e) {
593 throw e.rethrowFromSystemServer();
599 * For use by internal activities. Returns the list of accounts that the calling package
600 * is authorized to use, particularly for shared accounts.
601 * @param packageName package name of the calling app.
602 * @param uid the uid of the calling app.
603 * @return the accounts that are available to this package and user.
606 public Account[] getAccountsForPackage(String packageName, int uid) {
608 return mService.getAccountsForPackage(packageName, uid, mContext.getOpPackageName());
609 } catch (RemoteException re) {
610 throw re.rethrowFromSystemServer();
615 * Returns the accounts visible to the specified package in an environment where some apps are
616 * not authorized to view all accounts. This method can only be called by system apps and
617 * authenticators managing the type.
618 * Beginning API level {@link android.os.Build.VERSION_CODES#O} it also return accounts
619 * which user can make visible to the application (see {@link VISIBILITY_USER_MANAGED_VISIBLE}).
621 * @param type The type of accounts to return, null to retrieve all accounts
622 * @param packageName The package name of the app for which the accounts are to be returned
623 * @return An array of {@link Account}, one per matching account. Empty (never null) if no
624 * accounts of the specified type can be accessed by the package.
628 public Account[] getAccountsByTypeForPackage(String type, String packageName) {
630 return mService.getAccountsByTypeForPackage(type, packageName,
631 mContext.getOpPackageName());
632 } catch (RemoteException re) {
633 throw re.rethrowFromSystemServer();
638 * Lists all accounts of particular type visible to the caller. These accounts may be visible
639 * because the user granted access to the account, or the AbstractAcccountAuthenticator managing
640 * the account did so or because the client shares a signature with the managing
641 * AbstractAccountAuthenticator.
644 * The account type is a string token corresponding to the authenticator and useful domain of
645 * the account. For example, there are types corresponding to Google and Facebook. The exact
646 * string token to use will be published somewhere associated with the authenticator in
650 * It is safe to call this method from the main thread.
653 * Caller targeting API level {@link android.os.Build.VERSION_CODES#O} and above, will get list
654 * of accounts made visible to it by user
655 * (see {@link #newChooseAccountIntent(Account, List, String[], String,
656 * String, String[], Bundle)}) or AbstractAcccountAuthenticator
657 * using {@link setAccountVisibility}.
658 * {@link android.Manifest.permission#GET_ACCOUNTS} permission is not used.
661 * Caller targeting API level below {@link android.os.Build.VERSION_CODES#O} that have not been
662 * granted the {@link android.Manifest.permission#GET_ACCOUNTS} permission, will only see those
663 * accounts managed by AbstractAccountAuthenticators whose signature matches the client.
666 * <b>NOTE:</b> If targeting your app to work on API level
667 * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1} and before,
668 * {@link android.Manifest.permission#GET_ACCOUNTS} permission is
669 * needed for those platforms, irrespective of uid or signature match. See docs for this
670 * function in API level {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1}.
672 * @param type The type of accounts to return, null to retrieve all accounts
673 * @return An array of {@link Account}, one per matching account. Empty (never null) if no
674 * accounts of the specified type have been added.
677 public Account[] getAccountsByType(String type) {
678 return getAccountsByTypeAsUser(type, Process.myUserHandle());
681 /** @hide Same as {@link #getAccountsByType(String)} but for a specific user. */
683 public Account[] getAccountsByTypeAsUser(String type, UserHandle userHandle) {
685 return mService.getAccountsAsUser(type, userHandle.getIdentifier(),
686 mContext.getOpPackageName());
687 } catch (RemoteException e) {
688 throw e.rethrowFromSystemServer();
693 * Change whether or not an app (identified by its uid) is allowed to retrieve an authToken
696 * This is only meant to be used by system activities and is not in the SDK.
697 * @param account The account whose permissions are being modified
698 * @param authTokenType The type of token whose permissions are being modified
699 * @param uid The uid that identifies the app which is being granted or revoked permission.
700 * @param value true is permission is being granted, false for revoked
703 public void updateAppPermission(Account account, String authTokenType, int uid, boolean value) {
705 mService.updateAppPermission(account, authTokenType, uid, value);
706 } catch (RemoteException e) {
707 throw e.rethrowFromSystemServer();
712 * Get the user-friendly label associated with an authenticator's auth token.
713 * @param accountType the type of the authenticator. must not be null.
714 * @param authTokenType the token type. must not be null.
715 * @param callback callback to invoke when the result is available. may be null.
716 * @param handler the handler on which to invoke the callback, or null for the main thread
717 * @return a future containing the label string
720 public AccountManagerFuture<String> getAuthTokenLabel(
721 final String accountType, final String authTokenType,
722 AccountManagerCallback<String> callback, Handler handler) {
723 if (accountType == null) throw new IllegalArgumentException("accountType is null");
724 if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
725 return new Future2Task<String>(handler, callback) {
727 public void doWork() throws RemoteException {
728 mService.getAuthTokenLabel(mResponse, accountType, authTokenType);
732 public String bundleToResult(Bundle bundle) throws AuthenticatorException {
733 if (!bundle.containsKey(KEY_AUTH_TOKEN_LABEL)) {
734 throw new AuthenticatorException("no result in response");
736 return bundle.getString(KEY_AUTH_TOKEN_LABEL);
742 * Finds out whether a particular account has all the specified features. Account features are
743 * authenticator-specific string tokens identifying boolean account properties. For example,
744 * features are used to tell whether Google accounts have a particular service (such as Google
745 * Calendar or Google Talk) enabled. The feature names and their meanings are published
746 * somewhere associated with the authenticator in question.
749 * This method may be called from any thread, but the returned {@link AccountManagerFuture} must
750 * not be used on the main thread.
753 * If caller target API level is below {@link android.os.Build.VERSION_CODES#O}, it is
754 * required to hold the permission {@link android.Manifest.permission#GET_ACCOUNTS} or have a
755 * signature match with the AbstractAccountAuthenticator that manages the account.
757 * @param account The {@link Account} to test
758 * @param features An array of the account features to check
759 * @param callback Callback to invoke when the request completes, null for no callback
760 * @param handler {@link Handler} identifying the callback thread, null for the main thread
761 * @return An {@link AccountManagerFuture} which resolves to a Boolean, true if the account
762 * exists and has all of the specified features.
764 public AccountManagerFuture<Boolean> hasFeatures(final Account account,
765 final String[] features,
766 AccountManagerCallback<Boolean> callback, Handler handler) {
767 if (account == null) throw new IllegalArgumentException("account is null");
768 if (features == null) throw new IllegalArgumentException("features is null");
769 return new Future2Task<Boolean>(handler, callback) {
771 public void doWork() throws RemoteException {
772 mService.hasFeatures(mResponse, account, features, mContext.getOpPackageName());
775 public Boolean bundleToResult(Bundle bundle) throws AuthenticatorException {
776 if (!bundle.containsKey(KEY_BOOLEAN_RESULT)) {
777 throw new AuthenticatorException("no result in response");
779 return bundle.getBoolean(KEY_BOOLEAN_RESULT);
785 * Lists all accounts of a type which have certain features. The account type identifies the
786 * authenticator (see {@link #getAccountsByType}). Account features are authenticator-specific
787 * string tokens identifying boolean account properties (see {@link #hasFeatures}).
790 * Unlike {@link #getAccountsByType}, this method calls the authenticator, which may contact the
791 * server or do other work to check account features, so the method returns an
792 * {@link AccountManagerFuture}.
795 * This method may be called from any thread, but the returned {@link AccountManagerFuture} must
796 * not be used on the main thread.
799 * Caller targeting API level {@link android.os.Build.VERSION_CODES#O} and above, will get list
800 * of accounts made visible to it by user
801 * (see {@link #newChooseAccountIntent(Account, List, String[], String,
802 * String, String[], Bundle)}) or AbstractAcccountAuthenticator
803 * using {@link setAccountVisibility}.
804 * {@link android.Manifest.permission#GET_ACCOUNTS} permission is not used.
807 * Caller targeting API level below {@link android.os.Build.VERSION_CODES#O} that have not been
808 * granted the {@link android.Manifest.permission#GET_ACCOUNTS} permission, will only see those
809 * accounts managed by AbstractAccountAuthenticators whose signature matches the client.
811 * <b>NOTE:</b> If targeting your app to work on API level
812 * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1} and before,
813 * {@link android.Manifest.permission#GET_ACCOUNTS} permission is
814 * needed for those platforms, irrespective of uid or signature match. See docs for this
815 * function in API level {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1}.
818 * @param type The type of accounts to return, must not be null
819 * @param features An array of the account features to require, may be null or empty *
820 * @param callback Callback to invoke when the request completes, null for no callback
821 * @param handler {@link Handler} identifying the callback thread, null for the main thread
822 * @return An {@link AccountManagerFuture} which resolves to an array of {@link Account}, one
823 * per account of the specified type which matches the requested features.
825 public AccountManagerFuture<Account[]> getAccountsByTypeAndFeatures(
826 final String type, final String[] features,
827 AccountManagerCallback<Account[]> callback, Handler handler) {
828 if (type == null) throw new IllegalArgumentException("type is null");
829 return new Future2Task<Account[]>(handler, callback) {
831 public void doWork() throws RemoteException {
832 mService.getAccountsByFeatures(mResponse, type, features,
833 mContext.getOpPackageName());
836 public Account[] bundleToResult(Bundle bundle) throws AuthenticatorException {
837 if (!bundle.containsKey(KEY_ACCOUNTS)) {
838 throw new AuthenticatorException("no result in response");
840 final Parcelable[] parcelables = bundle.getParcelableArray(KEY_ACCOUNTS);
841 Account[] descs = new Account[parcelables.length];
842 for (int i = 0; i < parcelables.length; i++) {
843 descs[i] = (Account) parcelables[i];
851 * Adds an account directly to the AccountManager. Normally used by sign-up
852 * wizards associated with authenticators, not directly by applications.
853 * <p>Calling this method does not update the last authenticated timestamp,
854 * referred by {@link #KEY_LAST_AUTHENTICATED_TIME}. To update it, call
855 * {@link #notifyAccountAuthenticated(Account)} after getting success.
856 * However, if this method is called when it is triggered by addAccount() or
857 * addAccountAsUser() or similar functions, then there is no need to update
858 * timestamp manually as it is updated automatically by framework on
859 * successful completion of the mentioned functions.
860 * <p>It is safe to call this method from the main thread.
861 * <p>This method requires the caller to have a signature match with the
862 * authenticator that owns the specified account.
864 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
865 * AUTHENTICATE_ACCOUNTS permission is needed for those platforms. See docs
866 * for this function in API level 22.
868 * @param account The {@link Account} to add
869 * @param password The password to associate with the account, null for none
870 * @param userdata String values to use for the account's userdata, null for
872 * @return True if the account was successfully added, false if the account
873 * already exists, the account is null, or another error occurs.
875 public boolean addAccountExplicitly(Account account, String password, Bundle userdata) {
876 if (account == null) throw new IllegalArgumentException("account is null");
878 return mService.addAccountExplicitly(account, password, userdata);
879 } catch (RemoteException e) {
880 throw e.rethrowFromSystemServer();
885 * Adds an account directly to the AccountManager. Additionally it specifies Account visibility
886 * for given list of packages.
888 * Normally used by sign-up wizards associated with authenticators, not directly by
891 * Calling this method does not update the last authenticated timestamp, referred by
892 * {@link #KEY_LAST_AUTHENTICATED_TIME}. To update it, call
893 * {@link #notifyAccountAuthenticated(Account)} after getting success.
895 * It is safe to call this method from the main thread.
897 * This method requires the caller to have a signature match with the authenticator that owns
898 * the specified account.
900 * @param account The {@link Account} to add
901 * @param password The password to associate with the account, null for none
902 * @param extras String values to use for the account's userdata, null for none
903 * @param visibility Map from packageName to visibility values which will be set before account
904 * is added. See {@link #getAccountVisibility} for possible values.
906 * @return True if the account was successfully added, false if the account already exists, the
907 * account is null, or another error occurs.
909 public boolean addAccountExplicitly(Account account, String password, Bundle extras,
910 Map<String, Integer> visibility) {
912 throw new IllegalArgumentException("account is null");
914 return mService.addAccountExplicitlyWithVisibility(account, password, extras,
916 } catch (RemoteException e) {
917 throw e.rethrowFromSystemServer();
922 * Returns package names and visibility which were explicitly set for given account.
924 * This method requires the caller to have a signature match with the authenticator that owns
925 * the specified account.
927 * @param account The account for which visibility data should be returned
929 * @return Map from package names to visibility for given account
931 public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) {
934 throw new IllegalArgumentException("account is null");
935 @SuppressWarnings("unchecked")
936 Map<String, Integer> result = (Map<String, Integer>) mService
937 .getPackagesAndVisibilityForAccount(account);
939 } catch (RemoteException re) {
940 throw re.rethrowFromSystemServer();
945 * Gets all accounts of given type and their visibility for specific package. This method
946 * requires the caller to have a signature match with the authenticator that manages
947 * accountType. It is a helper method which combines calls to {@link #getAccountsByType} by
948 * authenticator and {@link #getAccountVisibility} for every returned account.
952 * @param packageName Package name
953 * @param accountType {@link Account} type
955 * @return Map with visibility for all accounts of given type
956 * See {@link #getAccountVisibility} for possible values
958 public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,
959 String accountType) {
961 @SuppressWarnings("unchecked")
962 Map<Account, Integer> result = (Map<Account, Integer>) mService
963 .getAccountsAndVisibilityForPackage(packageName, accountType);
965 } catch (RemoteException re) {
966 throw re.rethrowFromSystemServer();
971 * Set visibility value of given account to certain package.
972 * Package name must match installed application, or be equal to
973 * {@link #PACKAGE_NAME_KEY_LEGACY_VISIBLE} or {@link #PACKAGE_NAME_KEY_LEGACY_NOT_VISIBLE}.
975 * Possible visibility values:
977 * <li>{@link #VISIBILITY_UNDEFINED}</li>
978 * <li>{@link #VISIBILITY_VISIBLE}</li>
979 * <li>{@link #VISIBILITY_USER_MANAGED_VISIBLE}</li>
980 * <li>{@link #VISIBILITY_NOT_VISIBLE}
981 * <li>{@link #VISIBILITY_USER_MANAGED_NOT_VISIBLE}</li>
984 * This method requires the caller to have a signature match with the authenticator that owns
985 * the specified account.
987 * @param account {@link Account} to update visibility
988 * @param packageName Package name of the application to modify account visibility
989 * @param visibility New visibility value
991 * @return True, if visibility value was successfully updated.
993 public boolean setAccountVisibility(Account account, String packageName,
994 @AccountVisibility int visibility) {
996 throw new IllegalArgumentException("account is null");
998 return mService.setAccountVisibility(account, packageName, visibility);
999 } catch (RemoteException re) {
1000 throw re.rethrowFromSystemServer();
1005 * Get visibility of certain account for given application. Possible returned values are:
1007 * <li>{@link #VISIBILITY_VISIBLE}</li>
1008 * <li>{@link #VISIBILITY_USER_MANAGED_VISIBLE}</li>
1009 * <li>{@link #VISIBILITY_NOT_VISIBLE}
1010 * <li>{@link #VISIBILITY_USER_MANAGED_NOT_VISIBLE}</li>
1014 * This method requires the caller to have a signature match with the authenticator that owns
1015 * the specified account.
1017 * @param account {@link Account} to get visibility
1018 * @param packageName Package name of the application to get account visibility
1020 * @return int Visibility of given account.
1022 public @AccountVisibility int getAccountVisibility(Account account, String packageName) {
1023 if (account == null)
1024 throw new IllegalArgumentException("account is null");
1026 return mService.getAccountVisibility(account, packageName);
1027 } catch (RemoteException re) {
1028 throw re.rethrowFromSystemServer();
1033 * Notifies the system that the account has just been authenticated. This
1034 * information may be used by other applications to verify the account. This
1035 * should be called only when the user has entered correct credentials for
1038 * It is not safe to call this method from the main thread. As such, call it
1039 * from another thread.
1040 * <p>This method requires the caller to have a signature match with the
1041 * authenticator that owns the specified account.
1043 * @param account The {@link Account} to be updated.
1044 * @return boolean {@code true} if the authentication of the account has been successfully
1045 * acknowledged. Otherwise {@code false}.
1047 public boolean notifyAccountAuthenticated(Account account) {
1048 if (account == null)
1049 throw new IllegalArgumentException("account is null");
1051 return mService.accountAuthenticated(account);
1052 } catch (RemoteException e) {
1053 throw e.rethrowFromSystemServer();
1058 * Rename the specified {@link Account}. This is equivalent to removing
1059 * the existing account and adding a new renamed account with the old
1060 * account's user data.
1062 * <p>It is safe to call this method from the main thread.
1064 * <p>This method requires the caller to have a signature match with the
1065 * authenticator that manages the specified account.
1067 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1068 * AUTHENTICATE_ACCOUNTS permission and same UID as account's authenticator
1069 * is needed for those platforms. See docs for this function in API level 22.
1071 * @param account The {@link Account} to rename
1072 * @param newName String name to be associated with the account.
1073 * @param callback Callback to invoke when the request completes, null for
1075 * @param handler {@link Handler} identifying the callback thread, null for
1077 * @return An {@link AccountManagerFuture} which resolves to the Account
1078 * after the name change. If successful the account's name will be the
1079 * specified new name.
1081 public AccountManagerFuture<Account> renameAccount(
1082 final Account account,
1083 @Size(min = 1) final String newName,
1084 AccountManagerCallback<Account> callback,
1086 if (account == null) throw new IllegalArgumentException("account is null.");
1087 if (TextUtils.isEmpty(newName)) {
1088 throw new IllegalArgumentException("newName is empty or null.");
1090 return new Future2Task<Account>(handler, callback) {
1092 public void doWork() throws RemoteException {
1093 mService.renameAccount(mResponse, account, newName);
1096 public Account bundleToResult(Bundle bundle) throws AuthenticatorException {
1097 String name = bundle.getString(KEY_ACCOUNT_NAME);
1098 String type = bundle.getString(KEY_ACCOUNT_TYPE);
1099 String accessId = bundle.getString(KEY_ACCOUNT_ACCESS_ID);
1100 return new Account(name, type, accessId);
1106 * Gets the previous name associated with the account or {@code null}, if
1107 * none. This is intended so that clients of
1108 * {@link OnAccountsUpdateListener} can determine if an
1109 * authenticator has renamed an account.
1111 * <p>It is safe to call this method from the main thread.
1113 * @param account The account to query for a previous name.
1114 * @return The account's previous name, null if the account has never been
1117 public String getPreviousName(final Account account) {
1118 if (account == null) throw new IllegalArgumentException("account is null");
1120 return mService.getPreviousName(account);
1121 } catch (RemoteException e) {
1122 throw e.rethrowFromSystemServer();
1127 * Removes an account from the AccountManager. Does nothing if the account
1128 * does not exist. Does not delete the account from the server.
1129 * The authenticator may have its own policies preventing account
1130 * deletion, in which case the account will not be deleted.
1132 * <p>This method requires the caller to have a signature match with the
1133 * authenticator that manages the specified account.
1135 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1136 * MANAGE_ACCOUNTS permission is needed for those platforms. See docs for
1137 * this function in API level 22.
1139 * @param account The {@link Account} to remove
1140 * @param callback Callback to invoke when the request completes,
1141 * null for no callback
1142 * @param handler {@link Handler} identifying the callback thread,
1143 * null for the main thread
1144 * @return An {@link AccountManagerFuture} which resolves to a Boolean,
1145 * true if the account has been successfully removed
1147 * {@link #removeAccount(Account, Activity, AccountManagerCallback, Handler)}
1151 public AccountManagerFuture<Boolean> removeAccount(final Account account,
1152 AccountManagerCallback<Boolean> callback, Handler handler) {
1153 if (account == null) throw new IllegalArgumentException("account is null");
1154 return new Future2Task<Boolean>(handler, callback) {
1156 public void doWork() throws RemoteException {
1157 mService.removeAccount(mResponse, account, false);
1160 public Boolean bundleToResult(Bundle bundle) throws AuthenticatorException {
1161 if (!bundle.containsKey(KEY_BOOLEAN_RESULT)) {
1162 throw new AuthenticatorException("no result in response");
1164 return bundle.getBoolean(KEY_BOOLEAN_RESULT);
1170 * Removes an account from the AccountManager. Does nothing if the account
1171 * does not exist. Does not delete the account from the server.
1172 * The authenticator may have its own policies preventing account
1173 * deletion, in which case the account will not be deleted.
1175 * <p>This method may be called from any thread, but the returned
1176 * {@link AccountManagerFuture} must not be used on the main thread.
1178 * <p>This method requires the caller to have a signature match with the
1179 * authenticator that manages the specified account.
1181 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1182 * MANAGE_ACCOUNTS permission is needed for those platforms. See docs for
1183 * this function in API level 22.
1185 * @param account The {@link Account} to remove
1186 * @param activity The {@link Activity} context to use for launching a new
1187 * authenticator-defined sub-Activity to prompt the user to delete an
1188 * account; used only to call startActivity(); if null, the prompt
1189 * will not be launched directly, but the {@link Intent} may be
1190 * returned to the caller instead
1191 * @param callback Callback to invoke when the request completes,
1192 * null for no callback
1193 * @param handler {@link Handler} identifying the callback thread,
1194 * null for the main thread
1195 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
1196 * {@link #KEY_BOOLEAN_RESULT} if activity was specified and an account
1197 * was removed or if active. If no activity was specified, the returned
1198 * Bundle contains only {@link #KEY_INTENT} with the {@link Intent}
1199 * needed to launch the actual account removal process, if authenticator
1200 * needs the activity launch. If an error occurred,
1201 * {@link AccountManagerFuture#getResult()} throws:
1203 * <li> {@link AuthenticatorException} if no authenticator was registered for
1204 * this account type or the authenticator failed to respond
1205 * <li> {@link OperationCanceledException} if the operation was canceled for
1206 * any reason, including the user canceling the creation process or
1207 * adding accounts (of this type) has been disabled by policy
1210 public AccountManagerFuture<Bundle> removeAccount(final Account account,
1211 final Activity activity, AccountManagerCallback<Bundle> callback, Handler handler) {
1212 if (account == null) throw new IllegalArgumentException("account is null");
1213 return new AmsTask(activity, handler, callback) {
1215 public void doWork() throws RemoteException {
1216 mService.removeAccount(mResponse, account, activity != null);
1222 * @see #removeAccount(Account, AccountManagerCallback, Handler)
1225 * {@link #removeAccountAsUser(Account, Activity, AccountManagerCallback, Handler)}
1229 public AccountManagerFuture<Boolean> removeAccountAsUser(final Account account,
1230 AccountManagerCallback<Boolean> callback, Handler handler,
1231 final UserHandle userHandle) {
1232 if (account == null) throw new IllegalArgumentException("account is null");
1233 if (userHandle == null) throw new IllegalArgumentException("userHandle is null");
1234 return new Future2Task<Boolean>(handler, callback) {
1236 public void doWork() throws RemoteException {
1237 mService.removeAccountAsUser(mResponse, account, false, userHandle.getIdentifier());
1240 public Boolean bundleToResult(Bundle bundle) throws AuthenticatorException {
1241 if (!bundle.containsKey(KEY_BOOLEAN_RESULT)) {
1242 throw new AuthenticatorException("no result in response");
1244 return bundle.getBoolean(KEY_BOOLEAN_RESULT);
1250 * @see #removeAccount(Account, Activity, AccountManagerCallback, Handler)
1253 public AccountManagerFuture<Bundle> removeAccountAsUser(final Account account,
1254 final Activity activity, AccountManagerCallback<Bundle> callback, Handler handler,
1255 final UserHandle userHandle) {
1256 if (account == null)
1257 throw new IllegalArgumentException("account is null");
1258 if (userHandle == null)
1259 throw new IllegalArgumentException("userHandle is null");
1260 return new AmsTask(activity, handler, callback) {
1262 public void doWork() throws RemoteException {
1263 mService.removeAccountAsUser(mResponse, account, activity != null,
1264 userHandle.getIdentifier());
1270 * Removes an account directly. Normally used by authenticators, not
1271 * directly by applications. Does not delete the account from the server.
1272 * The authenticator may have its own policies preventing account deletion,
1273 * in which case the account will not be deleted.
1275 * It is safe to call this method from the main thread.
1276 * <p>This method requires the caller to have a signature match with the
1277 * authenticator that manages the specified account.
1279 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1280 * AUTHENTICATE_ACCOUNTS permission and same UID as account's authenticator
1281 * is needed for those platforms. See docs for this function in API level 22.
1283 * @param account The {@link Account} to delete.
1284 * @return True if the account was successfully deleted, false if the
1285 * account did not exist, the account is null, or another error
1288 public boolean removeAccountExplicitly(Account account) {
1289 if (account == null) throw new IllegalArgumentException("account is null");
1291 return mService.removeAccountExplicitly(account);
1292 } catch (RemoteException e) {
1293 throw e.rethrowFromSystemServer();
1298 * Removes an auth token from the AccountManager's cache. Does nothing if
1299 * the auth token is not currently in the cache. Applications must call this
1300 * method when the auth token is found to have expired or otherwise become
1301 * invalid for authenticating requests. The AccountManager does not validate
1302 * or expire cached auth tokens otherwise.
1304 * <p>It is safe to call this method from the main thread.
1306 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1307 * MANAGE_ACCOUNTS or USE_CREDENTIALS permission is needed for those
1308 * platforms. See docs for this function in API level 22.
1310 * @param accountType The account type of the auth token to invalidate, must not be null
1311 * @param authToken The auth token to invalidate, may be null
1313 public void invalidateAuthToken(final String accountType, final String authToken) {
1314 if (accountType == null) throw new IllegalArgumentException("accountType is null");
1316 if (authToken != null) {
1317 mService.invalidateAuthToken(accountType, authToken);
1319 } catch (RemoteException e) {
1320 throw e.rethrowFromSystemServer();
1325 * Gets an auth token from the AccountManager's cache. If no auth
1326 * token is cached for this account, null will be returned -- a new
1327 * auth token will not be generated, and the server will not be contacted.
1328 * Intended for use by the authenticator, not directly by applications.
1330 * <p>It is safe to call this method from the main thread.
1332 * <p>This method requires the caller to have a signature match with the
1333 * authenticator that manages the specified account.
1335 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1336 * AUTHENTICATE_ACCOUNTS permission and same UID as account's authenticator
1337 * is needed for those platforms. See docs for this function in API level 22.
1339 * @param account The account for which an auth token is to be fetched. Cannot be {@code null}.
1340 * @param authTokenType The type of auth token to fetch. Cannot be {@code null}.
1341 * @return The cached auth token for this account and type, or null if
1342 * no auth token is cached or the account does not exist.
1343 * @see #getAuthToken
1345 public String peekAuthToken(final Account account, final String authTokenType) {
1346 if (account == null) throw new IllegalArgumentException("account is null");
1347 if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
1349 return mService.peekAuthToken(account, authTokenType);
1350 } catch (RemoteException e) {
1351 throw e.rethrowFromSystemServer();
1356 * Sets or forgets a saved password. This modifies the local copy of the
1357 * password used to automatically authenticate the user; it does not change
1358 * the user's account password on the server. Intended for use by the
1359 * authenticator, not directly by applications.
1360 * <p>Calling this method does not update the last authenticated timestamp,
1361 * referred by {@link #KEY_LAST_AUTHENTICATED_TIME}. To update it, call
1362 * {@link #notifyAccountAuthenticated(Account)} after getting success.
1363 * <p>It is safe to call this method from the main thread.
1364 * <p>This method requires the caller to have a signature match with the
1365 * authenticator that manages the specified account.
1367 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1368 * AUTHENTICATE_ACCOUNTS permission and same UID as account's authenticator
1369 * is needed for those platforms. See docs for this function in API level 22.
1371 * @param account The account whose password is to be set. Cannot be
1373 * @param password The password to set, null to clear the password
1375 public void setPassword(final Account account, final String password) {
1376 if (account == null) throw new IllegalArgumentException("account is null");
1378 mService.setPassword(account, password);
1379 } catch (RemoteException e) {
1380 throw e.rethrowFromSystemServer();
1385 * Forgets a saved password. This erases the local copy of the password;
1386 * it does not change the user's account password on the server.
1387 * Has the same effect as setPassword(account, null) but requires fewer
1388 * permissions, and may be used by applications or management interfaces
1389 * to "sign out" from an account.
1391 * <p>This method only successfully clear the account's password when the
1392 * caller has the same signature as the authenticator that owns the
1393 * specified account. Otherwise, this method will silently fail.
1395 * <p>It is safe to call this method from the main thread.
1397 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1398 * MANAGE_ACCOUNTS permission is needed for those platforms. See docs for
1399 * this function in API level 22.
1401 * @param account The account whose password to clear
1403 public void clearPassword(final Account account) {
1404 if (account == null) throw new IllegalArgumentException("account is null");
1406 mService.clearPassword(account);
1407 } catch (RemoteException e) {
1408 throw e.rethrowFromSystemServer();
1413 * Sets one userdata key for an account. Intended by use for the
1414 * authenticator to stash state for itself, not directly by applications.
1415 * The meaning of the keys and values is up to the authenticator.
1417 * <p>It is safe to call this method from the main thread.
1419 * <p>This method requires the caller to have a signature match with the
1420 * authenticator that manages the specified account.
1422 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1423 * AUTHENTICATE_ACCOUNTS permission and same UID as account's authenticator
1424 * is needed for those platforms. See docs for this function in API level 22.
1426 * @param account Account whose user data is to be set. Must not be {@code null}.
1427 * @param key String user data key to set. Must not be null
1428 * @param value String value to set, {@code null} to clear this user data key
1430 public void setUserData(final Account account, final String key, final String value) {
1431 if (account == null) throw new IllegalArgumentException("account is null");
1432 if (key == null) throw new IllegalArgumentException("key is null");
1434 mService.setUserData(account, key, value);
1435 } catch (RemoteException e) {
1436 throw e.rethrowFromSystemServer();
1441 * Adds an auth token to the AccountManager cache for an account.
1442 * If the account does not exist then this call has no effect.
1443 * Replaces any previous auth token for this account and auth token type.
1444 * Intended for use by the authenticator, not directly by applications.
1446 * <p>It is safe to call this method from the main thread.
1448 * <p>This method requires the caller to have a signature match with the
1449 * authenticator that manages the specified account.
1451 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1452 * AUTHENTICATE_ACCOUNTS permission and same UID as account's authenticator
1453 * is needed for those platforms. See docs for this function in API level 22.
1455 * @param account The account to set an auth token for
1456 * @param authTokenType The type of the auth token, see {#getAuthToken}
1457 * @param authToken The auth token to add to the cache
1459 public void setAuthToken(Account account, final String authTokenType, final String authToken) {
1460 if (account == null) throw new IllegalArgumentException("account is null");
1461 if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
1463 mService.setAuthToken(account, authTokenType, authToken);
1464 } catch (RemoteException e) {
1465 throw e.rethrowFromSystemServer();
1470 * This convenience helper synchronously gets an auth token with
1471 * {@link #getAuthToken(Account, String, boolean, AccountManagerCallback, Handler)}.
1473 * <p>This method may block while a network request completes, and must
1474 * never be made from the main thread.
1476 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1477 * USE_CREDENTIALS permission is needed for those platforms. See docs for
1478 * this function in API level 22.
1480 * @param account The account to fetch an auth token for
1481 * @param authTokenType The auth token type, see {@link #getAuthToken getAuthToken()}
1482 * @param notifyAuthFailure If true, display a notification and return null
1483 * if authentication fails; if false, prompt and wait for the user to
1484 * re-enter correct credentials before returning
1485 * @return An auth token of the specified type for this account, or null
1486 * if authentication fails or none can be fetched.
1487 * @throws AuthenticatorException if the authenticator failed to respond
1488 * @throws OperationCanceledException if the request was canceled for any
1489 * reason, including the user canceling a credential request
1490 * @throws java.io.IOException if the authenticator experienced an I/O problem
1491 * creating a new auth token, usually because of network trouble
1493 public String blockingGetAuthToken(Account account, String authTokenType,
1494 boolean notifyAuthFailure)
1495 throws OperationCanceledException, IOException, AuthenticatorException {
1496 if (account == null) throw new IllegalArgumentException("account is null");
1497 if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
1498 Bundle bundle = getAuthToken(account, authTokenType, notifyAuthFailure, null /* callback */,
1499 null /* handler */).getResult();
1500 if (bundle == null) {
1501 // This should never happen, but it does, occasionally. If it does return null to
1502 // signify that we were not able to get the authtoken.
1503 // TODO: remove this when the bug is found that sometimes causes a null bundle to be
1505 Log.e(TAG, "blockingGetAuthToken: null was returned from getResult() for "
1506 + account + ", authTokenType " + authTokenType);
1509 return bundle.getString(KEY_AUTHTOKEN);
1513 * Gets an auth token of the specified type for a particular account,
1514 * prompting the user for credentials if necessary. This method is
1515 * intended for applications running in the foreground where it makes
1516 * sense to ask the user directly for a password.
1518 * <p>If a previously generated auth token is cached for this account and
1519 * type, then it is returned. Otherwise, if a saved password is
1520 * available, it is sent to the server to generate a new auth token.
1521 * Otherwise, the user is prompted to enter a password.
1523 * <p>Some authenticators have auth token <em>types</em>, whose value
1524 * is authenticator-dependent. Some services use different token types to
1525 * access different functionality -- for example, Google uses different auth
1526 * tokens to access Gmail and Google Calendar for the same account.
1528 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1529 * USE_CREDENTIALS permission is needed for those platforms. See docs for
1530 * this function in API level 22.
1532 * <p>This method may be called from any thread, but the returned
1533 * {@link AccountManagerFuture} must not be used on the main thread.
1535 * @param account The account to fetch an auth token for
1536 * @param authTokenType The auth token type, an authenticator-dependent
1537 * string token, must not be null
1538 * @param options Authenticator-specific options for the request,
1539 * may be null or empty
1540 * @param activity The {@link Activity} context to use for launching a new
1541 * authenticator-defined sub-Activity to prompt the user for a password
1542 * if necessary; used only to call startActivity(); must not be null.
1543 * @param callback Callback to invoke when the request completes,
1544 * null for no callback
1545 * @param handler {@link Handler} identifying the callback thread,
1546 * null for the main thread
1547 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
1548 * at least the following fields:
1550 * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account you supplied
1551 * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
1552 * <li> {@link #KEY_AUTHTOKEN} - the auth token you wanted
1555 * (Other authenticator-specific values may be returned.) If an auth token
1556 * could not be fetched, {@link AccountManagerFuture#getResult()} throws:
1558 * <li> {@link AuthenticatorException} if the authenticator failed to respond
1559 * <li> {@link OperationCanceledException} if the operation is canceled for
1560 * any reason, incluidng the user canceling a credential request
1561 * <li> {@link IOException} if the authenticator experienced an I/O problem
1562 * creating a new auth token, usually because of network trouble
1564 * If the account is no longer present on the device, the return value is
1565 * authenticator-dependent. The caller should verify the validity of the
1566 * account before requesting an auth token.
1568 public AccountManagerFuture<Bundle> getAuthToken(
1569 final Account account, final String authTokenType, final Bundle options,
1570 final Activity activity, AccountManagerCallback<Bundle> callback, Handler handler) {
1571 if (account == null) throw new IllegalArgumentException("account is null");
1572 if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
1573 final Bundle optionsIn = new Bundle();
1574 if (options != null) {
1575 optionsIn.putAll(options);
1577 optionsIn.putString(KEY_ANDROID_PACKAGE_NAME, mContext.getPackageName());
1578 return new AmsTask(activity, handler, callback) {
1580 public void doWork() throws RemoteException {
1581 mService.getAuthToken(mResponse, account, authTokenType,
1582 false /* notifyOnAuthFailure */, true /* expectActivityLaunch */,
1589 * Gets an auth token of the specified type for a particular account,
1590 * optionally raising a notification if the user must enter credentials.
1591 * This method is intended for background tasks and services where the
1592 * user should not be immediately interrupted with a password prompt.
1594 * <p>If a previously generated auth token is cached for this account and
1595 * type, then it is returned. Otherwise, if a saved password is
1596 * available, it is sent to the server to generate a new auth token.
1597 * Otherwise, an {@link Intent} is returned which, when started, will
1598 * prompt the user for a password. If the notifyAuthFailure parameter is
1599 * set, a status bar notification is also created with the same Intent,
1600 * alerting the user that they need to enter a password at some point.
1602 * <p>In that case, you may need to wait until the user responds, which
1603 * could take hours or days or forever. When the user does respond and
1604 * supply a new password, the account manager will broadcast the
1605 * {@link #LOGIN_ACCOUNTS_CHANGED_ACTION} Intent and
1606 * notify {@link OnAccountsUpdateListener} which applications can
1609 * <p>If notifyAuthFailure is not set, it is the application's
1610 * responsibility to launch the returned Intent at some point.
1611 * Either way, the result from this call will not wait for user action.
1613 * <p>Some authenticators have auth token <em>types</em>, whose value
1614 * is authenticator-dependent. Some services use different token types to
1615 * access different functionality -- for example, Google uses different auth
1616 * tokens to access Gmail and Google Calendar for the same account.
1618 * <p>This method may be called from any thread, but the returned
1619 * {@link AccountManagerFuture} must not be used on the main thread.
1621 * @param account The account to fetch an auth token for
1622 * @param authTokenType The auth token type, an authenticator-dependent
1623 * string token, must not be null
1624 * @param notifyAuthFailure True to add a notification to prompt the
1625 * user for a password if necessary, false to leave that to the caller
1626 * @param callback Callback to invoke when the request completes,
1627 * null for no callback
1628 * @param handler {@link Handler} identifying the callback thread,
1629 * null for the main thread
1630 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
1631 * at least the following fields on success:
1633 * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account you supplied
1634 * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
1635 * <li> {@link #KEY_AUTHTOKEN} - the auth token you wanted
1638 * (Other authenticator-specific values may be returned.) If the user
1639 * must enter credentials, the returned Bundle contains only
1640 * {@link #KEY_INTENT} with the {@link Intent} needed to launch a prompt.
1642 * If an error occurred, {@link AccountManagerFuture#getResult()} throws:
1644 * <li> {@link AuthenticatorException} if the authenticator failed to respond
1645 * <li> {@link OperationCanceledException} if the operation is canceled for
1646 * any reason, incluidng the user canceling a credential request
1647 * <li> {@link IOException} if the authenticator experienced an I/O problem
1648 * creating a new auth token, usually because of network trouble
1650 * If the account is no longer present on the device, the return value is
1651 * authenticator-dependent. The caller should verify the validity of the
1652 * account before requesting an auth token.
1653 * @deprecated use {@link #getAuthToken(Account, String, android.os.Bundle,
1654 * boolean, AccountManagerCallback, android.os.Handler)} instead
1657 public AccountManagerFuture<Bundle> getAuthToken(
1658 final Account account, final String authTokenType,
1659 final boolean notifyAuthFailure,
1660 AccountManagerCallback<Bundle> callback, Handler handler) {
1661 return getAuthToken(account, authTokenType, null, notifyAuthFailure, callback,
1666 * Gets an auth token of the specified type for a particular account,
1667 * optionally raising a notification if the user must enter credentials.
1668 * This method is intended for background tasks and services where the
1669 * user should not be immediately interrupted with a password prompt.
1671 * <p>If a previously generated auth token is cached for this account and
1672 * type, then it is returned. Otherwise, if a saved password is
1673 * available, it is sent to the server to generate a new auth token.
1674 * Otherwise, an {@link Intent} is returned which, when started, will
1675 * prompt the user for a password. If the notifyAuthFailure parameter is
1676 * set, a status bar notification is also created with the same Intent,
1677 * alerting the user that they need to enter a password at some point.
1679 * <p>In that case, you may need to wait until the user responds, which
1680 * could take hours or days or forever. When the user does respond and
1681 * supply a new password, the account manager will broadcast the
1682 * {@link #LOGIN_ACCOUNTS_CHANGED_ACTION} Intent and
1683 * notify {@link OnAccountsUpdateListener} which applications can
1686 * <p>If notifyAuthFailure is not set, it is the application's
1687 * responsibility to launch the returned Intent at some point.
1688 * Either way, the result from this call will not wait for user action.
1690 * <p>Some authenticators have auth token <em>types</em>, whose value
1691 * is authenticator-dependent. Some services use different token types to
1692 * access different functionality -- for example, Google uses different auth
1693 * tokens to access Gmail and Google Calendar for the same account.
1695 * <p>This method may be called from any thread, but the returned
1696 * {@link AccountManagerFuture} must not be used on the main thread.
1698 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1699 * USE_CREDENTIALS permission is needed for those platforms. See docs for
1700 * this function in API level 22.
1702 * @param account The account to fetch an auth token for
1703 * @param authTokenType The auth token type, an authenticator-dependent
1704 * string token, must not be null
1705 * @param options Authenticator-specific options for the request,
1706 * may be null or empty
1707 * @param notifyAuthFailure True to add a notification to prompt the
1708 * user for a password if necessary, false to leave that to the caller
1709 * @param callback Callback to invoke when the request completes,
1710 * null for no callback
1711 * @param handler {@link Handler} identifying the callback thread,
1712 * null for the main thread
1713 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
1714 * at least the following fields on success:
1716 * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account you supplied
1717 * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
1718 * <li> {@link #KEY_AUTHTOKEN} - the auth token you wanted
1721 * (Other authenticator-specific values may be returned.) If the user
1722 * must enter credentials, the returned Bundle contains only
1723 * {@link #KEY_INTENT} with the {@link Intent} needed to launch a prompt.
1725 * If an error occurred, {@link AccountManagerFuture#getResult()} throws:
1727 * <li> {@link AuthenticatorException} if the authenticator failed to respond
1728 * <li> {@link OperationCanceledException} if the operation is canceled for
1729 * any reason, incluidng the user canceling a credential request
1730 * <li> {@link IOException} if the authenticator experienced an I/O problem
1731 * creating a new auth token, usually because of network trouble
1733 * If the account is no longer present on the device, the return value is
1734 * authenticator-dependent. The caller should verify the validity of the
1735 * account before requesting an auth token.
1737 public AccountManagerFuture<Bundle> getAuthToken(
1738 final Account account, final String authTokenType, final Bundle options,
1739 final boolean notifyAuthFailure,
1740 AccountManagerCallback<Bundle> callback, Handler handler) {
1742 if (account == null) throw new IllegalArgumentException("account is null");
1743 if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
1744 final Bundle optionsIn = new Bundle();
1745 if (options != null) {
1746 optionsIn.putAll(options);
1748 optionsIn.putString(KEY_ANDROID_PACKAGE_NAME, mContext.getPackageName());
1749 return new AmsTask(null, handler, callback) {
1751 public void doWork() throws RemoteException {
1752 mService.getAuthToken(mResponse, account, authTokenType,
1753 notifyAuthFailure, false /* expectActivityLaunch */, optionsIn);
1759 * Asks the user to add an account of a specified type. The authenticator
1760 * for this account type processes this request with the appropriate user
1761 * interface. If the user does elect to create a new account, the account
1764 * <p>This method may be called from any thread, but the returned
1765 * {@link AccountManagerFuture} must not be used on the main thread.
1767 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1768 * MANAGE_ACCOUNTS permission is needed for those platforms. See docs for
1769 * this function in API level 22.
1771 * @param accountType The type of account to add; must not be null
1772 * @param authTokenType The type of auth token (see {@link #getAuthToken})
1773 * this account will need to be able to generate, null for none
1774 * @param requiredFeatures The features (see {@link #hasFeatures}) this
1775 * account must have, null for none
1776 * @param addAccountOptions Authenticator-specific options for the request,
1777 * may be null or empty
1778 * @param activity The {@link Activity} context to use for launching a new
1779 * authenticator-defined sub-Activity to prompt the user to create an
1780 * account; used only to call startActivity(); if null, the prompt
1781 * will not be launched directly, but the necessary {@link Intent}
1782 * will be returned to the caller instead
1783 * @param callback Callback to invoke when the request completes,
1784 * null for no callback
1785 * @param handler {@link Handler} identifying the callback thread,
1786 * null for the main thread
1787 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
1788 * these fields if activity was specified and an account was created:
1790 * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account created
1791 * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
1794 * If no activity was specified, the returned Bundle contains only
1795 * {@link #KEY_INTENT} with the {@link Intent} needed to launch the
1796 * actual account creation process. If an error occurred,
1797 * {@link AccountManagerFuture#getResult()} throws:
1799 * <li> {@link AuthenticatorException} if no authenticator was registered for
1800 * this account type or the authenticator failed to respond
1801 * <li> {@link OperationCanceledException} if the operation was canceled for
1802 * any reason, including the user canceling the creation process or adding accounts
1803 * (of this type) has been disabled by policy
1804 * <li> {@link IOException} if the authenticator experienced an I/O problem
1805 * creating a new account, usually because of network trouble
1808 public AccountManagerFuture<Bundle> addAccount(final String accountType,
1809 final String authTokenType, final String[] requiredFeatures,
1810 final Bundle addAccountOptions,
1811 final Activity activity, AccountManagerCallback<Bundle> callback, Handler handler) {
1812 if (accountType == null) throw new IllegalArgumentException("accountType is null");
1813 final Bundle optionsIn = new Bundle();
1814 if (addAccountOptions != null) {
1815 optionsIn.putAll(addAccountOptions);
1817 optionsIn.putString(KEY_ANDROID_PACKAGE_NAME, mContext.getPackageName());
1819 return new AmsTask(activity, handler, callback) {
1821 public void doWork() throws RemoteException {
1822 mService.addAccount(mResponse, accountType, authTokenType,
1823 requiredFeatures, activity != null, optionsIn);
1829 * @see #addAccount(String, String, String[], Bundle, Activity, AccountManagerCallback, Handler)
1832 public AccountManagerFuture<Bundle> addAccountAsUser(final String accountType,
1833 final String authTokenType, final String[] requiredFeatures,
1834 final Bundle addAccountOptions, final Activity activity,
1835 AccountManagerCallback<Bundle> callback, Handler handler, final UserHandle userHandle) {
1836 if (accountType == null) throw new IllegalArgumentException("accountType is null");
1837 if (userHandle == null) throw new IllegalArgumentException("userHandle is null");
1838 final Bundle optionsIn = new Bundle();
1839 if (addAccountOptions != null) {
1840 optionsIn.putAll(addAccountOptions);
1842 optionsIn.putString(KEY_ANDROID_PACKAGE_NAME, mContext.getPackageName());
1844 return new AmsTask(activity, handler, callback) {
1846 public void doWork() throws RemoteException {
1847 mService.addAccountAsUser(mResponse, accountType, authTokenType,
1848 requiredFeatures, activity != null, optionsIn, userHandle.getIdentifier());
1855 * Adds shared accounts from a parent user to a secondary user. Adding the shared account
1856 * doesn't take effect immediately. When the target user starts up, any pending shared accounts
1857 * are attempted to be copied to the target user from the primary via calls to the
1859 * @param parentUser parent user
1860 * @param user target user
1863 public void addSharedAccountsFromParentUser(UserHandle parentUser, UserHandle user) {
1865 mService.addSharedAccountsFromParentUser(parentUser.getIdentifier(),
1866 user.getIdentifier(), mContext.getOpPackageName());
1867 } catch (RemoteException re) {
1868 throw re.rethrowFromSystemServer();
1873 * Copies an account from one user to another user.
1874 * @param account the account to copy
1875 * @param fromUser the user to copy the account from
1876 * @param toUser the target user
1877 * @param callback Callback to invoke when the request completes,
1878 * null for no callback
1879 * @param handler {@link Handler} identifying the callback thread,
1880 * null for the main thread
1881 * @return An {@link AccountManagerFuture} which resolves to a Boolean indicated wether it
1885 public AccountManagerFuture<Boolean> copyAccountToUser(
1886 final Account account, final UserHandle fromUser, final UserHandle toUser,
1887 AccountManagerCallback<Boolean> callback, Handler handler) {
1888 if (account == null) throw new IllegalArgumentException("account is null");
1889 if (toUser == null || fromUser == null) {
1890 throw new IllegalArgumentException("fromUser and toUser cannot be null");
1893 return new Future2Task<Boolean>(handler, callback) {
1895 public void doWork() throws RemoteException {
1896 mService.copyAccountToUser(
1897 mResponse, account, fromUser.getIdentifier(), toUser.getIdentifier());
1900 public Boolean bundleToResult(Bundle bundle) throws AuthenticatorException {
1901 if (!bundle.containsKey(KEY_BOOLEAN_RESULT)) {
1902 throw new AuthenticatorException("no result in response");
1904 return bundle.getBoolean(KEY_BOOLEAN_RESULT);
1911 * Removes the shared account.
1912 * @param account the account to remove
1913 * @param user the user to remove the account from
1916 public boolean removeSharedAccount(final Account account, UserHandle user) {
1918 boolean val = mService.removeSharedAccountAsUser(account, user.getIdentifier());
1920 } catch (RemoteException re) {
1921 throw re.rethrowFromSystemServer();
1930 public Account[] getSharedAccounts(UserHandle user) {
1932 return mService.getSharedAccountsAsUser(user.getIdentifier());
1933 } catch (RemoteException re) {
1934 throw re.rethrowFromSystemServer();
1939 * Confirms that the user knows the password for an account to make extra
1940 * sure they are the owner of the account. The user-entered password can
1941 * be supplied directly, otherwise the authenticator for this account type
1942 * prompts the user with the appropriate interface. This method is
1943 * intended for applications which want extra assurance; for example, the
1944 * phone lock screen uses this to let the user unlock the phone with an
1945 * account password if they forget the lock pattern.
1947 * <p>If the user-entered password matches a saved password for this
1948 * account, the request is considered valid; otherwise the authenticator
1949 * verifies the password (usually by contacting the server).
1951 * <p>This method may be called from any thread, but the returned
1952 * {@link AccountManagerFuture} must not be used on the main thread.
1954 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
1955 * MANAGE_ACCOUNTS permission is needed for those platforms. See docs
1956 * for this function in API level 22.
1958 * @param account The account to confirm password knowledge for
1959 * @param options Authenticator-specific options for the request;
1960 * if the {@link #KEY_PASSWORD} string field is present, the
1961 * authenticator may use it directly rather than prompting the user;
1962 * may be null or empty
1963 * @param activity The {@link Activity} context to use for launching a new
1964 * authenticator-defined sub-Activity to prompt the user to enter a
1965 * password; used only to call startActivity(); if null, the prompt
1966 * will not be launched directly, but the necessary {@link Intent}
1967 * will be returned to the caller instead
1968 * @param callback Callback to invoke when the request completes,
1969 * null for no callback
1970 * @param handler {@link Handler} identifying the callback thread,
1971 * null for the main thread
1972 * @return An {@link AccountManagerFuture} which resolves to a Bundle
1973 * with these fields if activity or password was supplied and
1974 * the account was successfully verified:
1976 * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account verified
1977 * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
1978 * <li> {@link #KEY_BOOLEAN_RESULT} - true to indicate success
1981 * If no activity or password was specified, the returned Bundle contains
1982 * {@link #KEY_INTENT} with the {@link Intent} needed to launch the
1985 * <p>Also the returning Bundle may contain {@link
1986 * #KEY_LAST_AUTHENTICATED_TIME} indicating the last time the
1987 * credential was validated/created.
1989 * If an error occurred,{@link AccountManagerFuture#getResult()} throws:
1991 * <li> {@link AuthenticatorException} if the authenticator failed to respond
1992 * <li> {@link OperationCanceledException} if the operation was canceled for
1993 * any reason, including the user canceling the password prompt
1994 * <li> {@link IOException} if the authenticator experienced an I/O problem
1995 * verifying the password, usually because of network trouble
1998 public AccountManagerFuture<Bundle> confirmCredentials(final Account account,
1999 final Bundle options,
2000 final Activity activity,
2001 final AccountManagerCallback<Bundle> callback,
2002 final Handler handler) {
2003 return confirmCredentialsAsUser(account, options, activity, callback, handler,
2004 Process.myUserHandle());
2009 * Same as {@link #confirmCredentials(Account, Bundle, Activity, AccountManagerCallback, Handler)}
2010 * but for the specified user.
2012 public AccountManagerFuture<Bundle> confirmCredentialsAsUser(final Account account,
2013 final Bundle options,
2014 final Activity activity,
2015 final AccountManagerCallback<Bundle> callback,
2016 final Handler handler, UserHandle userHandle) {
2017 if (account == null) throw new IllegalArgumentException("account is null");
2018 final int userId = userHandle.getIdentifier();
2019 return new AmsTask(activity, handler, callback) {
2021 public void doWork() throws RemoteException {
2022 mService.confirmCredentialsAsUser(mResponse, account, options, activity != null,
2029 * Asks the user to enter a new password for an account, updating the
2030 * saved credentials for the account. Normally this happens automatically
2031 * when the server rejects credentials during an auth token fetch, but this
2032 * can be invoked directly to ensure we have the correct credentials stored.
2034 * <p>This method may be called from any thread, but the returned
2035 * {@link AccountManagerFuture} must not be used on the main thread.
2037 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
2038 * MANAGE_ACCOUNTS permission is needed for those platforms. See docs for
2039 * this function in API level 22.
2041 * @param account The account to update credentials for
2042 * @param authTokenType The credentials entered must allow an auth token
2043 * of this type to be created (but no actual auth token is returned);
2045 * @param options Authenticator-specific options for the request;
2046 * may be null or empty
2047 * @param activity The {@link Activity} context to use for launching a new
2048 * authenticator-defined sub-Activity to prompt the user to enter a
2049 * password; used only to call startActivity(); if null, the prompt
2050 * will not be launched directly, but the necessary {@link Intent}
2051 * will be returned to the caller instead
2052 * @param callback Callback to invoke when the request completes,
2053 * null for no callback
2054 * @param handler {@link Handler} identifying the callback thread,
2055 * null for the main thread
2056 * @return An {@link AccountManagerFuture} which resolves to a Bundle
2057 * with these fields if an activity was supplied and the account
2058 * credentials were successfully updated:
2060 * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account
2061 * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
2064 * If no activity was specified, the returned Bundle contains
2065 * {@link #KEY_INTENT} with the {@link Intent} needed to launch the
2066 * password prompt. If an error occurred,
2067 * {@link AccountManagerFuture#getResult()} throws:
2069 * <li> {@link AuthenticatorException} if the authenticator failed to respond
2070 * <li> {@link OperationCanceledException} if the operation was canceled for
2071 * any reason, including the user canceling the password prompt
2072 * <li> {@link IOException} if the authenticator experienced an I/O problem
2073 * verifying the password, usually because of network trouble
2076 public AccountManagerFuture<Bundle> updateCredentials(final Account account,
2077 final String authTokenType,
2078 final Bundle options, final Activity activity,
2079 final AccountManagerCallback<Bundle> callback,
2080 final Handler handler) {
2081 if (account == null) throw new IllegalArgumentException("account is null");
2082 return new AmsTask(activity, handler, callback) {
2084 public void doWork() throws RemoteException {
2085 mService.updateCredentials(mResponse, account, authTokenType, activity != null,
2092 * Offers the user an opportunity to change an authenticator's settings.
2093 * These properties are for the authenticator in general, not a particular
2094 * account. Not all authenticators support this method.
2096 * <p>This method may be called from any thread, but the returned
2097 * {@link AccountManagerFuture} must not be used on the main thread.
2099 * <p>This method requires the caller to have the same signature as the
2100 * authenticator associated with the specified account type.
2102 * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
2103 * MANAGE_ACCOUNTS permission is needed for those platforms. See docs
2104 * for this function in API level 22.
2106 * @param accountType The account type associated with the authenticator
2108 * @param activity The {@link Activity} context to use for launching a new
2109 * authenticator-defined sub-Activity to adjust authenticator settings;
2110 * used only to call startActivity(); if null, the settings dialog will
2111 * not be launched directly, but the necessary {@link Intent} will be
2112 * returned to the caller instead
2113 * @param callback Callback to invoke when the request completes,
2114 * null for no callback
2115 * @param handler {@link Handler} identifying the callback thread,
2116 * null for the main thread
2117 * @return An {@link AccountManagerFuture} which resolves to a Bundle
2118 * which is empty if properties were edited successfully, or
2119 * if no activity was specified, contains only {@link #KEY_INTENT}
2120 * needed to launch the authenticator's settings dialog.
2121 * If an error occurred, {@link AccountManagerFuture#getResult()}
2124 * <li> {@link AuthenticatorException} if no authenticator was registered for
2125 * this account type or the authenticator failed to respond
2126 * <li> {@link OperationCanceledException} if the operation was canceled for
2127 * any reason, including the user canceling the settings dialog
2128 * <li> {@link IOException} if the authenticator experienced an I/O problem
2129 * updating settings, usually because of network trouble
2132 public AccountManagerFuture<Bundle> editProperties(final String accountType,
2133 final Activity activity, final AccountManagerCallback<Bundle> callback,
2134 final Handler handler) {
2135 if (accountType == null) throw new IllegalArgumentException("accountType is null");
2136 return new AmsTask(activity, handler, callback) {
2138 public void doWork() throws RemoteException {
2139 mService.editProperties(mResponse, accountType, activity != null);
2146 * Checks if the given account exists on any of the users on the device.
2147 * Only the system process can call this method.
2149 * @param account The account to check for existence.
2150 * @return whether any user has this account
2152 public boolean someUserHasAccount(@NonNull final Account account) {
2154 return mService.someUserHasAccount(account);
2155 } catch (RemoteException re) {
2156 throw re.rethrowFromSystemServer();
2160 private void ensureNotOnMainThread() {
2161 final Looper looper = Looper.myLooper();
2162 if (looper != null && looper == mContext.getMainLooper()) {
2163 final IllegalStateException exception = new IllegalStateException(
2164 "calling this from your main thread can lead to deadlock");
2165 Log.e(TAG, "calling this from your main thread can lead to deadlock and/or ANRs",
2167 if (mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.FROYO) {
2173 private void postToHandler(Handler handler, final AccountManagerCallback<Bundle> callback,
2174 final AccountManagerFuture<Bundle> future) {
2175 handler = handler == null ? mMainHandler : handler;
2176 handler.post(new Runnable() {
2179 callback.run(future);
2184 private void postToHandler(Handler handler, final OnAccountsUpdateListener listener,
2185 final Account[] accounts) {
2186 final Account[] accountsCopy = new Account[accounts.length];
2187 // send a copy to make sure that one doesn't
2188 // change what another sees
2189 System.arraycopy(accounts, 0, accountsCopy, 0, accountsCopy.length);
2190 handler = (handler == null) ? mMainHandler : handler;
2191 handler.post(new Runnable() {
2194 synchronized (mAccountsUpdatedListeners) {
2196 if (mAccountsUpdatedListeners.containsKey(listener)) {
2197 Set<String> types = mAccountsUpdatedListenersTypes.get(listener);
2198 if (types != null) {
2199 // filter by account type;
2200 ArrayList<Account> filtered = new ArrayList<>();
2201 for (Account account : accountsCopy) {
2202 if (types.contains(account.type)) {
2203 filtered.add(account);
2206 listener.onAccountsUpdated(
2207 filtered.toArray(new Account[filtered.size()]));
2209 listener.onAccountsUpdated(accountsCopy);
2212 } catch (SQLException e) {
2213 // Better luck next time. If the problem was disk-full,
2214 // the STORAGE_OK intent will re-trigger the update.
2215 Log.e(TAG, "Can't update accounts", e);
2222 private abstract class AmsTask extends FutureTask<Bundle> implements AccountManagerFuture<Bundle> {
2223 final IAccountManagerResponse mResponse;
2224 final Handler mHandler;
2225 final AccountManagerCallback<Bundle> mCallback;
2226 final Activity mActivity;
2227 public AmsTask(Activity activity, Handler handler, AccountManagerCallback<Bundle> callback) {
2228 super(new Callable<Bundle>() {
2230 public Bundle call() throws Exception {
2231 throw new IllegalStateException("this should never be called");
2236 mCallback = callback;
2237 mActivity = activity;
2238 mResponse = new Response();
2241 public final AccountManagerFuture<Bundle> start() {
2244 } catch (RemoteException e) {
2251 protected void set(Bundle bundle) {
2252 // TODO: somehow a null is being set as the result of the Future. Log this
2253 // case to help debug where this is occurring. When this bug is fixed this
2254 // condition statement should be removed.
2255 if (bundle == null) {
2256 Log.e(TAG, "the bundle must not be null", new Exception());
2261 public abstract void doWork() throws RemoteException;
2263 private Bundle internalGetResult(Long timeout, TimeUnit unit)
2264 throws OperationCanceledException, IOException, AuthenticatorException {
2266 ensureNotOnMainThread();
2269 if (timeout == null) {
2272 return get(timeout, unit);
2274 } catch (CancellationException e) {
2275 throw new OperationCanceledException();
2276 } catch (TimeoutException e) {
2277 // fall through and cancel
2278 } catch (InterruptedException e) {
2279 // fall through and cancel
2280 } catch (ExecutionException e) {
2281 final Throwable cause = e.getCause();
2282 if (cause instanceof IOException) {
2283 throw (IOException) cause;
2284 } else if (cause instanceof UnsupportedOperationException) {
2285 throw new AuthenticatorException(cause);
2286 } else if (cause instanceof AuthenticatorException) {
2287 throw (AuthenticatorException) cause;
2288 } else if (cause instanceof RuntimeException) {
2289 throw (RuntimeException) cause;
2290 } else if (cause instanceof Error) {
2291 throw (Error) cause;
2293 throw new IllegalStateException(cause);
2296 cancel(true /* interrupt if running */);
2298 throw new OperationCanceledException();
2302 public Bundle getResult()
2303 throws OperationCanceledException, IOException, AuthenticatorException {
2304 return internalGetResult(null, null);
2308 public Bundle getResult(long timeout, TimeUnit unit)
2309 throws OperationCanceledException, IOException, AuthenticatorException {
2310 return internalGetResult(timeout, unit);
2314 protected void done() {
2315 if (mCallback != null) {
2316 postToHandler(mHandler, mCallback, this);
2320 /** Handles the responses from the AccountManager */
2321 private class Response extends IAccountManagerResponse.Stub {
2323 public void onResult(Bundle bundle) {
2324 Intent intent = bundle.getParcelable(KEY_INTENT);
2325 if (intent != null && mActivity != null) {
2326 // since the user provided an Activity we will silently start intents
2328 mActivity.startActivity(intent);
2329 // leave the Future running to wait for the real response to this request
2330 } else if (bundle.getBoolean("retry")) {
2333 } catch (RemoteException e) {
2334 throw e.rethrowFromSystemServer();
2342 public void onError(int code, String message) {
2343 if (code == ERROR_CODE_CANCELED || code == ERROR_CODE_USER_RESTRICTED
2344 || code == ERROR_CODE_MANAGEMENT_DISABLED_FOR_ACCOUNT_TYPE) {
2345 // the authenticator indicated that this request was canceled or we were
2346 // forbidden to fulfill; cancel now
2347 cancel(true /* mayInterruptIfRunning */);
2350 setException(convertErrorToException(code, message));
2356 private abstract class BaseFutureTask<T> extends FutureTask<T> {
2357 final public IAccountManagerResponse mResponse;
2358 final Handler mHandler;
2360 public BaseFutureTask(Handler handler) {
2361 super(new Callable<T>() {
2363 public T call() throws Exception {
2364 throw new IllegalStateException("this should never be called");
2368 mResponse = new Response();
2371 public abstract void doWork() throws RemoteException;
2373 public abstract T bundleToResult(Bundle bundle) throws AuthenticatorException;
2375 protected void postRunnableToHandler(Runnable runnable) {
2376 Handler handler = (mHandler == null) ? mMainHandler : mHandler;
2377 handler.post(runnable);
2380 protected void startTask() {
2383 } catch (RemoteException e) {
2388 protected class Response extends IAccountManagerResponse.Stub {
2390 public void onResult(Bundle bundle) {
2392 T result = bundleToResult(bundle);
2393 if (result == null) {
2398 } catch (ClassCastException e) {
2399 // we will set the exception below
2400 } catch (AuthenticatorException e) {
2401 // we will set the exception below
2403 onError(ERROR_CODE_INVALID_RESPONSE, "no result in response");
2407 public void onError(int code, String message) {
2408 if (code == ERROR_CODE_CANCELED || code == ERROR_CODE_USER_RESTRICTED
2409 || code == ERROR_CODE_MANAGEMENT_DISABLED_FOR_ACCOUNT_TYPE) {
2410 // the authenticator indicated that this request was canceled or we were
2411 // forbidden to fulfill; cancel now
2412 cancel(true /* mayInterruptIfRunning */);
2415 setException(convertErrorToException(code, message));
2420 private abstract class Future2Task<T>
2421 extends BaseFutureTask<T> implements AccountManagerFuture<T> {
2422 final AccountManagerCallback<T> mCallback;
2423 public Future2Task(Handler handler, AccountManagerCallback<T> callback) {
2425 mCallback = callback;
2429 protected void done() {
2430 if (mCallback != null) {
2431 postRunnableToHandler(new Runnable() {
2434 mCallback.run(Future2Task.this);
2440 public Future2Task<T> start() {
2445 private T internalGetResult(Long timeout, TimeUnit unit)
2446 throws OperationCanceledException, IOException, AuthenticatorException {
2448 ensureNotOnMainThread();
2451 if (timeout == null) {
2454 return get(timeout, unit);
2456 } catch (InterruptedException e) {
2457 // fall through and cancel
2458 } catch (TimeoutException e) {
2459 // fall through and cancel
2460 } catch (CancellationException e) {
2461 // fall through and cancel
2462 } catch (ExecutionException e) {
2463 final Throwable cause = e.getCause();
2464 if (cause instanceof IOException) {
2465 throw (IOException) cause;
2466 } else if (cause instanceof UnsupportedOperationException) {
2467 throw new AuthenticatorException(cause);
2468 } else if (cause instanceof AuthenticatorException) {
2469 throw (AuthenticatorException) cause;
2470 } else if (cause instanceof RuntimeException) {
2471 throw (RuntimeException) cause;
2472 } else if (cause instanceof Error) {
2473 throw (Error) cause;
2475 throw new IllegalStateException(cause);
2478 cancel(true /* interrupt if running */);
2480 throw new OperationCanceledException();
2484 public T getResult()
2485 throws OperationCanceledException, IOException, AuthenticatorException {
2486 return internalGetResult(null, null);
2490 public T getResult(long timeout, TimeUnit unit)
2491 throws OperationCanceledException, IOException, AuthenticatorException {
2492 return internalGetResult(timeout, unit);
2497 private Exception convertErrorToException(int code, String message) {
2498 if (code == ERROR_CODE_NETWORK_ERROR) {
2499 return new IOException(message);
2502 if (code == ERROR_CODE_UNSUPPORTED_OPERATION) {
2503 return new UnsupportedOperationException(message);
2506 if (code == ERROR_CODE_INVALID_RESPONSE) {
2507 return new AuthenticatorException(message);
2510 if (code == ERROR_CODE_BAD_ARGUMENTS) {
2511 return new IllegalArgumentException(message);
2514 return new AuthenticatorException(message);
2517 private void getAccountByTypeAndFeatures(String accountType, String[] features,
2518 AccountManagerCallback<Bundle> callback, Handler handler) {
2519 (new AmsTask(null, handler, callback) {
2521 public void doWork() throws RemoteException {
2522 mService.getAccountByTypeAndFeatures(mResponse, accountType, features,
2523 mContext.getOpPackageName());
2529 private class GetAuthTokenByTypeAndFeaturesTask
2530 extends AmsTask implements AccountManagerCallback<Bundle> {
2531 GetAuthTokenByTypeAndFeaturesTask(final String accountType, final String authTokenType,
2532 final String[] features, Activity activityForPrompting,
2533 final Bundle addAccountOptions, final Bundle loginOptions,
2534 AccountManagerCallback<Bundle> callback, Handler handler) {
2535 super(activityForPrompting, handler, callback);
2536 if (accountType == null) throw new IllegalArgumentException("account type is null");
2537 mAccountType = accountType;
2538 mAuthTokenType = authTokenType;
2539 mFeatures = features;
2540 mAddAccountOptions = addAccountOptions;
2541 mLoginOptions = loginOptions;
2544 volatile AccountManagerFuture<Bundle> mFuture = null;
2545 final String mAccountType;
2546 final String mAuthTokenType;
2547 final String[] mFeatures;
2548 final Bundle mAddAccountOptions;
2549 final Bundle mLoginOptions;
2550 final AccountManagerCallback<Bundle> mMyCallback;
2551 private volatile int mNumAccounts = 0;
2554 public void doWork() throws RemoteException {
2555 getAccountByTypeAndFeatures(mAccountType, mFeatures,
2556 new AccountManagerCallback<Bundle>() {
2558 public void run(AccountManagerFuture<Bundle> future) {
2559 String accountName = null;
2560 String accountType = null;
2562 Bundle result = future.getResult();
2563 accountName = result.getString(AccountManager.KEY_ACCOUNT_NAME);
2564 accountType = result.getString(AccountManager.KEY_ACCOUNT_TYPE);
2565 } catch (OperationCanceledException e) {
2568 } catch (IOException e) {
2571 } catch (AuthenticatorException e) {
2576 if (accountName == null) {
2577 if (mActivity != null) {
2578 // no accounts, add one now. pretend that the user directly
2579 // made this request
2580 mFuture = addAccount(mAccountType, mAuthTokenType, mFeatures,
2581 mAddAccountOptions, mActivity, mMyCallback, mHandler);
2583 // send result since we can't prompt to add an account
2584 Bundle result = new Bundle();
2585 result.putString(KEY_ACCOUNT_NAME, null);
2586 result.putString(KEY_ACCOUNT_TYPE, null);
2587 result.putString(KEY_AUTHTOKEN, null);
2588 result.putBinder(KEY_ACCOUNT_ACCESS_ID, null);
2590 mResponse.onResult(result);
2591 } catch (RemoteException e) {
2592 // this will never happen
2598 Account account = new Account(accountName, accountType);
2599 // have a single account, return an authtoken for it
2600 if (mActivity == null) {
2601 mFuture = getAuthToken(account, mAuthTokenType,
2602 false /* notifyAuthFailure */, mMyCallback, mHandler);
2604 mFuture = getAuthToken(account, mAuthTokenType, mLoginOptions,
2605 mActivity, mMyCallback, mHandler);
2612 public void run(AccountManagerFuture<Bundle> future) {
2614 final Bundle result = future.getResult();
2615 if (mNumAccounts == 0) {
2616 final String accountName = result.getString(KEY_ACCOUNT_NAME);
2617 final String accountType = result.getString(KEY_ACCOUNT_TYPE);
2618 if (TextUtils.isEmpty(accountName) || TextUtils.isEmpty(accountType)) {
2619 setException(new AuthenticatorException("account not in result"));
2622 final String accessId = result.getString(KEY_ACCOUNT_ACCESS_ID);
2623 final Account account = new Account(accountName, accountType, accessId);
2625 getAuthToken(account, mAuthTokenType, null /* options */, mActivity,
2626 mMyCallback, mHandler);
2630 } catch (OperationCanceledException e) {
2631 cancel(true /* mayInterruptIfRUnning */);
2632 } catch (IOException e) {
2634 } catch (AuthenticatorException e) {
2641 * This convenience helper combines the functionality of {@link #getAccountsByTypeAndFeatures},
2642 * {@link #getAuthToken}, and {@link #addAccount}.
2645 * This method gets a list of the accounts matching specific type and feature set which are
2646 * visible to the caller (see {@link #getAccountsByType} for details);
2647 * if there is exactly one already visible account, it is used; if there are some
2648 * accounts for which user grant visibility, the user is prompted to pick one; if there are
2649 * none, the user is prompted to add one. Finally, an auth token is acquired for the chosen
2653 * This method may be called from any thread, but the returned {@link AccountManagerFuture} must
2654 * not be used on the main thread.
2657 * <b>NOTE:</b> If targeting your app to work on API level 22 and before, MANAGE_ACCOUNTS
2658 * permission is needed for those platforms. See docs for this function in API level 22.
2660 * @param accountType The account type required (see {@link #getAccountsByType}), must not be
2662 * @param authTokenType The desired auth token type (see {@link #getAuthToken}), must not be
2664 * @param features Required features for the account (see
2665 * {@link #getAccountsByTypeAndFeatures}), may be null or empty
2666 * @param activity The {@link Activity} context to use for launching new sub-Activities to
2667 * prompt to add an account, select an account, and/or enter a password, as necessary;
2668 * used only to call startActivity(); should not be null
2669 * @param addAccountOptions Authenticator-specific options to use for adding new accounts; may
2671 * @param getAuthTokenOptions Authenticator-specific options to use for getting auth tokens; may
2673 * @param callback Callback to invoke when the request completes, null for no callback
2674 * @param handler {@link Handler} identifying the callback thread, null for the main thread
2675 * @return An {@link AccountManagerFuture} which resolves to a Bundle with at least the
2678 * <li>{@link #KEY_ACCOUNT_NAME} - the name of the account
2679 * <li>{@link #KEY_ACCOUNT_TYPE} - the type of the account
2680 * <li>{@link #KEY_AUTHTOKEN} - the auth token you wanted
2683 * If an error occurred, {@link AccountManagerFuture#getResult()} throws:
2685 * <li>{@link AuthenticatorException} if no authenticator was registered for this
2686 * account type or the authenticator failed to respond
2687 * <li>{@link OperationCanceledException} if the operation was canceled for any reason,
2688 * including the user canceling any operation
2689 * <li>{@link IOException} if the authenticator experienced an I/O problem updating
2690 * settings, usually because of network trouble
2693 public AccountManagerFuture<Bundle> getAuthTokenByFeatures(
2694 final String accountType, final String authTokenType, final String[] features,
2695 final Activity activity, final Bundle addAccountOptions,
2696 final Bundle getAuthTokenOptions, final AccountManagerCallback<Bundle> callback,
2697 final Handler handler) {
2698 if (accountType == null) throw new IllegalArgumentException("account type is null");
2699 if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
2700 final GetAuthTokenByTypeAndFeaturesTask task =
2701 new GetAuthTokenByTypeAndFeaturesTask(accountType, authTokenType, features,
2702 activity, addAccountOptions, getAuthTokenOptions, callback, handler);
2708 * Deprecated in favor of {@link #newChooseAccountIntent(Account, List, String[], String,
2709 * String, String[], Bundle)}.
2711 * Returns an intent to an {@link Activity} that prompts the user to choose from a list of
2713 * The caller will then typically start the activity by calling
2714 * <code>startActivityForResult(intent, ...);</code>.
2716 * On success the activity returns a Bundle with the account name and type specified using
2717 * keys {@link #KEY_ACCOUNT_NAME} and {@link #KEY_ACCOUNT_TYPE}.
2718 * Chosen account is marked as {@link #VISIBILITY_USER_MANAGED_VISIBLE} to the caller
2719 * (see {@link setAccountVisibility}) and will be returned to it in consequent
2720 * {@link #getAccountsByType}) calls.
2722 * The most common case is to call this with one account type, e.g.:
2724 * <pre> newChooseAccountIntent(null, null, new String[]{"com.google"}, false, null,
2725 * null, null, null);</pre>
2726 * @param selectedAccount if specified, indicates that the {@link Account} is the currently
2727 * selected one, according to the caller's definition of selected.
2728 * @param allowableAccounts an optional {@link List} of accounts that are allowed to be
2729 * shown. If not specified then this field will not limit the displayed accounts.
2730 * @param allowableAccountTypes an optional string array of account types. These are used
2731 * both to filter the shown accounts and to filter the list of account types that are shown
2732 * when adding an account. If not specified then this field will not limit the displayed
2733 * account types when adding an account.
2734 * @param alwaysPromptForAccount boolean that is ignored.
2735 * @param descriptionOverrideText if non-null this string is used as the description in the
2736 * accounts chooser screen rather than the default
2737 * @param addAccountAuthTokenType this string is passed as the {@link #addAccount}
2738 * authTokenType parameter
2739 * @param addAccountRequiredFeatures this string array is passed as the {@link #addAccount}
2740 * requiredFeatures parameter
2741 * @param addAccountOptions This {@link Bundle} is passed as the {@link #addAccount} options
2743 * @return an {@link Intent} that can be used to launch the ChooseAccount activity flow.
2746 static public Intent newChooseAccountIntent(
2747 Account selectedAccount,
2748 ArrayList<Account> allowableAccounts,
2749 String[] allowableAccountTypes,
2750 boolean alwaysPromptForAccount,
2751 String descriptionOverrideText,
2752 String addAccountAuthTokenType,
2753 String[] addAccountRequiredFeatures,
2754 Bundle addAccountOptions) {
2755 return newChooseAccountIntent(
2758 allowableAccountTypes,
2759 descriptionOverrideText,
2760 addAccountAuthTokenType,
2761 addAccountRequiredFeatures,
2766 * Returns an intent to an {@link Activity} that prompts the user to choose from a list of
2768 * The caller will then typically start the activity by calling
2769 * <code>startActivityForResult(intent, ...);</code>.
2771 * On success the activity returns a Bundle with the account name and type specified using
2772 * keys {@link #KEY_ACCOUNT_NAME} and {@link #KEY_ACCOUNT_TYPE}.
2773 * Chosen account is marked as {@link #VISIBILITY_USER_MANAGED_VISIBLE} to the caller
2774 * (see {@link setAccountVisibility}) and will be returned to it in consequent
2775 * {@link #getAccountsByType}) calls.
2777 * The most common case is to call this with one account type, e.g.:
2779 * <pre> newChooseAccountIntent(null, null, new String[]{"com.google"}, null, null, null,
2781 * @param selectedAccount if specified, indicates that the {@link Account} is the currently
2782 * selected one, according to the caller's definition of selected.
2783 * @param allowableAccounts an optional {@link List} of accounts that are allowed to be
2784 * shown. If not specified then this field will not limit the displayed accounts.
2785 * @param allowableAccountTypes an optional string array of account types. These are used
2786 * both to filter the shown accounts and to filter the list of account types that are shown
2787 * when adding an account. If not specified then this field will not limit the displayed
2788 * account types when adding an account.
2789 * @param descriptionOverrideText if non-null this string is used as the description in the
2790 * accounts chooser screen rather than the default
2791 * @param addAccountAuthTokenType this string is passed as the {@link #addAccount}
2792 * authTokenType parameter
2793 * @param addAccountRequiredFeatures this string array is passed as the {@link #addAccount}
2794 * requiredFeatures parameter
2795 * @param addAccountOptions This {@link Bundle} is passed as the {@link #addAccount} options
2797 * @return an {@link Intent} that can be used to launch the ChooseAccount activity flow.
2799 static public Intent newChooseAccountIntent(
2800 Account selectedAccount,
2801 List<Account> allowableAccounts,
2802 String[] allowableAccountTypes,
2803 String descriptionOverrideText,
2804 String addAccountAuthTokenType,
2805 String[] addAccountRequiredFeatures,
2806 Bundle addAccountOptions) {
2807 Intent intent = new Intent();
2808 ComponentName componentName = ComponentName.unflattenFromString(
2809 Resources.getSystem().getString(R.string.config_chooseTypeAndAccountActivity));
2810 intent.setClassName(componentName.getPackageName(),
2811 componentName.getClassName());
2812 intent.putExtra(ChooseTypeAndAccountActivity.EXTRA_ALLOWABLE_ACCOUNTS_ARRAYLIST,
2813 allowableAccounts == null ? null : new ArrayList<Account>(allowableAccounts));
2814 intent.putExtra(ChooseTypeAndAccountActivity.EXTRA_ALLOWABLE_ACCOUNT_TYPES_STRING_ARRAY,
2815 allowableAccountTypes);
2816 intent.putExtra(ChooseTypeAndAccountActivity.EXTRA_ADD_ACCOUNT_OPTIONS_BUNDLE,
2818 intent.putExtra(ChooseTypeAndAccountActivity.EXTRA_SELECTED_ACCOUNT, selectedAccount);
2819 intent.putExtra(ChooseTypeAndAccountActivity.EXTRA_DESCRIPTION_TEXT_OVERRIDE,
2820 descriptionOverrideText);
2821 intent.putExtra(ChooseTypeAndAccountActivity.EXTRA_ADD_ACCOUNT_AUTH_TOKEN_TYPE_STRING,
2822 addAccountAuthTokenType);
2824 ChooseTypeAndAccountActivity.EXTRA_ADD_ACCOUNT_REQUIRED_FEATURES_STRING_ARRAY,
2825 addAccountRequiredFeatures);
2829 private final HashMap<OnAccountsUpdateListener, Handler> mAccountsUpdatedListeners =
2832 private final HashMap<OnAccountsUpdateListener, Set<String> > mAccountsUpdatedListenersTypes =
2836 * BroadcastReceiver that listens for the ACTION_VISIBLE_ACCOUNTS_CHANGED intent
2837 * so that it can read the updated list of accounts and send them to the listener
2838 * in mAccountsUpdatedListeners.
2840 private final BroadcastReceiver mAccountsChangedBroadcastReceiver = new BroadcastReceiver() {
2842 public void onReceive(final Context context, final Intent intent) {
2843 final Account[] accounts = getAccounts();
2844 // send the result to the listeners
2845 synchronized (mAccountsUpdatedListeners) {
2846 for (Map.Entry<OnAccountsUpdateListener, Handler> entry :
2847 mAccountsUpdatedListeners.entrySet()) {
2848 postToHandler(entry.getValue(), entry.getKey(), accounts);
2855 * Adds an {@link OnAccountsUpdateListener} to this instance of the {@link AccountManager}. This
2856 * listener will be notified whenever user or AbstractAcccountAuthenticator made changes to
2857 * accounts of any type related to the caller. This method is equivalent to
2858 * addOnAccountsUpdatedListener(listener, handler, updateImmediately, null)
2860 * @see #addOnAccountsUpdatedListener(OnAccountsUpdateListener, Handler, boolean,
2863 public void addOnAccountsUpdatedListener(final OnAccountsUpdateListener listener,
2864 Handler handler, boolean updateImmediately) {
2865 addOnAccountsUpdatedListener(listener, handler,updateImmediately, null);
2869 * Adds an {@link OnAccountsUpdateListener} to this instance of the {@link AccountManager}. This
2870 * listener will be notified whenever user or AbstractAcccountAuthenticator made changes to
2871 * accounts of given types related to the caller -
2872 * either list of accounts returned by {@link #getAccounts()}
2873 * was changed, or new account was added for which user can grant access to the caller.
2875 * As long as this listener is present, the AccountManager instance will not be
2876 * garbage-collected, and neither will the {@link Context} used to retrieve it, which may be a
2877 * large Activity instance. To avoid memory leaks, you must remove this listener before then.
2878 * Normally listeners are added in an Activity or Service's {@link Activity#onCreate} and
2879 * removed in {@link Activity#onDestroy}.
2881 * It is safe to call this method from the main thread.
2883 * @param listener The listener to send notifications to
2884 * @param handler {@link Handler} identifying the thread to use for notifications, null for the
2886 * @param updateImmediately If true, the listener will be invoked (on the handler thread) right
2887 * away with the current account list
2888 * @param accountTypes If set, only changes to accounts of given types will be reported.
2889 * @throws IllegalArgumentException if listener is null
2890 * @throws IllegalStateException if listener was already added
2892 public void addOnAccountsUpdatedListener(final OnAccountsUpdateListener listener,
2893 Handler handler, boolean updateImmediately, String[] accountTypes) {
2894 if (listener == null) {
2895 throw new IllegalArgumentException("the listener is null");
2897 synchronized (mAccountsUpdatedListeners) {
2898 if (mAccountsUpdatedListeners.containsKey(listener)) {
2899 throw new IllegalStateException("this listener is already added");
2901 final boolean wasEmpty = mAccountsUpdatedListeners.isEmpty();
2903 mAccountsUpdatedListeners.put(listener, handler);
2904 if (accountTypes != null) {
2905 mAccountsUpdatedListenersTypes.put(listener,
2906 new HashSet<String>(Arrays.asList(accountTypes)));
2908 mAccountsUpdatedListenersTypes.put(listener, null);
2912 // Register a broadcast receiver to monitor account changes
2913 IntentFilter intentFilter = new IntentFilter();
2914 intentFilter.addAction(ACTION_VISIBLE_ACCOUNTS_CHANGED);
2915 // To recover from disk-full.
2916 intentFilter.addAction(Intent.ACTION_DEVICE_STORAGE_OK);
2917 mContext.registerReceiver(mAccountsChangedBroadcastReceiver, intentFilter);
2921 // Notify AccountManagedService about new receiver.
2922 // The receiver must be unregistered later exactly one time
2923 mService.registerAccountListener(accountTypes, mContext.getOpPackageName());
2924 } catch (RemoteException e) {
2925 throw e.rethrowFromSystemServer();
2928 if (updateImmediately) {
2929 postToHandler(handler, listener, getAccounts());
2934 * Removes an {@link OnAccountsUpdateListener} previously registered with
2935 * {@link #addOnAccountsUpdatedListener}. The listener will no longer
2936 * receive notifications of account changes.
2938 * <p>It is safe to call this method from the main thread.
2940 * <p>No permission is required to call this method.
2942 * @param listener The previously added listener to remove
2943 * @throws IllegalArgumentException if listener is null
2944 * @throws IllegalStateException if listener was not already added
2946 public void removeOnAccountsUpdatedListener(OnAccountsUpdateListener listener) {
2947 if (listener == null) throw new IllegalArgumentException("listener is null");
2948 synchronized (mAccountsUpdatedListeners) {
2949 if (!mAccountsUpdatedListeners.containsKey(listener)) {
2950 Log.e(TAG, "Listener was not previously added");
2953 Set<String> accountTypes = mAccountsUpdatedListenersTypes.get(listener);
2954 String[] accountsArray;
2955 if (accountTypes != null) {
2956 accountsArray = accountTypes.toArray(new String[accountTypes.size()]);
2958 accountsArray = null;
2960 mAccountsUpdatedListeners.remove(listener);
2961 mAccountsUpdatedListenersTypes.remove(listener);
2962 if (mAccountsUpdatedListeners.isEmpty()) {
2963 mContext.unregisterReceiver(mAccountsChangedBroadcastReceiver);
2966 mService.unregisterAccountListener(accountsArray, mContext.getOpPackageName());
2967 } catch (RemoteException e) {
2968 throw e.rethrowFromSystemServer();
2974 * Asks the user to authenticate with an account of a specified type. The
2975 * authenticator for this account type processes this request with the
2976 * appropriate user interface. If the user does elect to authenticate with a
2977 * new account, a bundle of session data for installing the account later is
2978 * returned with optional account password and account status token.
2980 * This method may be called from any thread, but the returned
2981 * {@link AccountManagerFuture} must not be used on the main thread.
2984 * <b>NOTE:</b> The account will not be installed to the device by calling
2985 * this api alone. #finishSession should be called after this to install the
2986 * account on device.
2988 * @param accountType The type of account to add; must not be null
2989 * @param authTokenType The type of auth token (see {@link #getAuthToken})
2990 * this account will need to be able to generate, null for none
2991 * @param requiredFeatures The features (see {@link #hasFeatures}) this
2992 * account must have, null for none
2993 * @param options Authenticator-specific options for the request, may be
2995 * @param activity The {@link Activity} context to use for launching a new
2996 * authenticator-defined sub-Activity to prompt the user to
2997 * create an account; used only to call startActivity(); if null,
2998 * the prompt will not be launched directly, but the necessary
2999 * {@link Intent} will be returned to the caller instead
3000 * @param callback Callback to invoke when the request completes, null for
3002 * @param handler {@link Handler} identifying the callback thread, null for
3004 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
3005 * these fields if activity was specified and user was authenticated
3008 * <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for
3009 * adding the the to the device later.
3010 * <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check
3011 * status of the account
3013 * If no activity was specified, the returned Bundle contains only
3014 * {@link #KEY_INTENT} with the {@link Intent} needed to launch the
3015 * actual account creation process. If authenticator doesn't support
3016 * this method, the returned Bundle contains only
3017 * {@link #KEY_ACCOUNT_SESSION_BUNDLE} with encrypted
3018 * {@code options} needed to add account later. If an error
3019 * occurred, {@link AccountManagerFuture#getResult()} throws:
3021 * <li>{@link AuthenticatorException} if no authenticator was
3022 * registered for this account type or the authenticator failed to
3024 * <li>{@link OperationCanceledException} if the operation was
3025 * canceled for any reason, including the user canceling the
3026 * creation process or adding accounts (of this type) has been
3027 * disabled by policy
3028 * <li>{@link IOException} if the authenticator experienced an I/O
3029 * problem creating a new account, usually because of network
3032 * @see #finishSession
3034 public AccountManagerFuture<Bundle> startAddAccountSession(
3035 final String accountType,
3036 final String authTokenType,
3037 final String[] requiredFeatures,
3038 final Bundle options,
3039 final Activity activity,
3040 AccountManagerCallback<Bundle> callback,
3042 if (accountType == null) throw new IllegalArgumentException("accountType is null");
3043 final Bundle optionsIn = new Bundle();
3044 if (options != null) {
3045 optionsIn.putAll(options);
3047 optionsIn.putString(KEY_ANDROID_PACKAGE_NAME, mContext.getPackageName());
3049 return new AmsTask(activity, handler, callback) {
3051 public void doWork() throws RemoteException {
3052 mService.startAddAccountSession(
3064 * Asks the user to enter a new password for an account but not updating the
3065 * saved credentials for the account until {@link #finishSession} is called.
3067 * This method may be called from any thread, but the returned
3068 * {@link AccountManagerFuture} must not be used on the main thread.
3070 * <b>NOTE:</b> The saved credentials for the account alone will not be
3071 * updated by calling this API alone. #finishSession should be called after
3072 * this to update local credentials
3074 * @param account The account to update credentials for
3075 * @param authTokenType The credentials entered must allow an auth token of
3076 * this type to be created (but no actual auth token is
3077 * returned); may be null
3078 * @param options Authenticator-specific options for the request; may be
3080 * @param activity The {@link Activity} context to use for launching a new
3081 * authenticator-defined sub-Activity to prompt the user to enter
3082 * a password; used only to call startActivity(); if null, the
3083 * prompt will not be launched directly, but the necessary
3084 * {@link Intent} will be returned to the caller instead
3085 * @param callback Callback to invoke when the request completes, null for
3087 * @param handler {@link Handler} identifying the callback thread, null for
3089 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
3090 * these fields if an activity was supplied and user was
3091 * successfully re-authenticated to the account:
3093 * <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for
3094 * updating the local credentials on device later.
3095 * <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check
3096 * status of the account
3098 * If no activity was specified, the returned Bundle contains
3099 * {@link #KEY_INTENT} with the {@link Intent} needed to launch the
3100 * password prompt. If an error occurred,
3101 * {@link AccountManagerFuture#getResult()} throws:
3103 * <li>{@link AuthenticatorException} if the authenticator failed to
3105 * <li>{@link OperationCanceledException} if the operation was
3106 * canceled for any reason, including the user canceling the
3108 * <li>{@link IOException} if the authenticator experienced an I/O
3109 * problem verifying the password, usually because of network
3112 * @see #finishSession
3114 public AccountManagerFuture<Bundle> startUpdateCredentialsSession(
3115 final Account account,
3116 final String authTokenType,
3117 final Bundle options,
3118 final Activity activity,
3119 final AccountManagerCallback<Bundle> callback,
3120 final Handler handler) {
3121 if (account == null) {
3122 throw new IllegalArgumentException("account is null");
3125 // Always include the calling package name. This just makes life easier
3127 final Bundle optionsIn = new Bundle();
3128 if (options != null) {
3129 optionsIn.putAll(options);
3131 optionsIn.putString(KEY_ANDROID_PACKAGE_NAME, mContext.getPackageName());
3133 return new AmsTask(activity, handler, callback) {
3135 public void doWork() throws RemoteException {
3136 mService.startUpdateCredentialsSession(
3147 * Finishes the session started by {@link #startAddAccountSession} or
3148 * {@link #startUpdateCredentialsSession}. This will either add the account
3149 * to AccountManager or update the local credentials stored.
3151 * This method may be called from any thread, but the returned
3152 * {@link AccountManagerFuture} must not be used on the main thread.
3154 * @param sessionBundle a {@link Bundle} created by {@link #startAddAccountSession} or
3155 * {@link #startUpdateCredentialsSession}
3156 * @param activity The {@link Activity} context to use for launching a new
3157 * authenticator-defined sub-Activity to prompt the user to
3158 * create an account or reauthenticate existing account; used
3159 * only to call startActivity(); if null, the prompt will not
3160 * be launched directly, but the necessary {@link Intent} will
3161 * be returned to the caller instead
3162 * @param callback Callback to invoke when the request completes, null for
3164 * @param handler {@link Handler} identifying the callback thread, null for
3166 * @return An {@link AccountManagerFuture} which resolves to a Bundle with
3167 * these fields if an activity was supplied and an account was added
3168 * to device or local credentials were updated::
3170 * <li>{@link #KEY_ACCOUNT_NAME} - the name of the account created
3171 * <li>{@link #KEY_ACCOUNT_TYPE} - the type of the account
3172 * <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check
3173 * status of the account
3175 * If no activity was specified and additional information is needed
3176 * from user, the returned Bundle may contains only
3177 * {@link #KEY_INTENT} with the {@link Intent} needed to launch the
3178 * actual account creation process. If an error occurred,
3179 * {@link AccountManagerFuture#getResult()} throws:
3181 * <li>{@link AuthenticatorException} if no authenticator was
3182 * registered for this account type or the authenticator failed to
3184 * <li>{@link OperationCanceledException} if the operation was
3185 * canceled for any reason, including the user canceling the
3186 * creation process or adding accounts (of this type) has been
3187 * disabled by policy
3188 * <li>{@link IOException} if the authenticator experienced an I/O
3189 * problem creating a new account, usually because of network
3192 * @see #startAddAccountSession and #startUpdateCredentialsSession
3194 public AccountManagerFuture<Bundle> finishSession(
3195 final Bundle sessionBundle,
3196 final Activity activity,
3197 AccountManagerCallback<Bundle> callback,
3199 return finishSessionAsUser(
3202 Process.myUserHandle(),
3208 * @see #finishSession
3212 @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)
3213 public AccountManagerFuture<Bundle> finishSessionAsUser(
3214 final Bundle sessionBundle,
3215 final Activity activity,
3216 final UserHandle userHandle,
3217 AccountManagerCallback<Bundle> callback,
3219 if (sessionBundle == null) {
3220 throw new IllegalArgumentException("sessionBundle is null");
3223 /* Add information required by add account flow */
3224 final Bundle appInfo = new Bundle();
3225 appInfo.putString(KEY_ANDROID_PACKAGE_NAME, mContext.getPackageName());
3227 return new AmsTask(activity, handler, callback) {
3229 public void doWork() throws RemoteException {
3230 mService.finishSessionAsUser(
3235 userHandle.getIdentifier());
3241 * Checks whether {@link #updateCredentials} or {@link #startUpdateCredentialsSession} should be
3242 * called with respect to the specified account.
3244 * This method may be called from any thread, but the returned {@link AccountManagerFuture} must
3245 * not be used on the main thread.
3247 * @param account The {@link Account} to be checked whether {@link #updateCredentials} or
3248 * {@link #startUpdateCredentialsSession} should be called
3249 * @param statusToken a String of token to check account staus
3250 * @param callback Callback to invoke when the request completes, null for no callback
3251 * @param handler {@link Handler} identifying the callback thread, null for the main thread
3252 * @return An {@link AccountManagerFuture} which resolves to a Boolean, true if the credentials
3253 * of the account should be updated.
3255 public AccountManagerFuture<Boolean> isCredentialsUpdateSuggested(
3256 final Account account,
3257 final String statusToken,
3258 AccountManagerCallback<Boolean> callback,
3260 if (account == null) {
3261 throw new IllegalArgumentException("account is null");
3264 if (TextUtils.isEmpty(statusToken)) {
3265 throw new IllegalArgumentException("status token is empty");
3268 return new Future2Task<Boolean>(handler, callback) {
3270 public void doWork() throws RemoteException {
3271 mService.isCredentialsUpdateSuggested(
3277 public Boolean bundleToResult(Bundle bundle) throws AuthenticatorException {
3278 if (!bundle.containsKey(KEY_BOOLEAN_RESULT)) {
3279 throw new AuthenticatorException("no result in response");
3281 return bundle.getBoolean(KEY_BOOLEAN_RESULT);
3287 * Gets whether a given package under a user has access to an account.
3288 * Can be called only from the system UID.
3290 * @param account The account for which to check.
3291 * @param packageName The package for which to check.
3292 * @param userHandle The user for which to check.
3293 * @return True if the package can access the account.
3297 public boolean hasAccountAccess(@NonNull Account account, @NonNull String packageName,
3298 @NonNull UserHandle userHandle) {
3300 return mService.hasAccountAccess(account, packageName, userHandle);
3301 } catch (RemoteException e) {
3302 throw e.rethrowFromSystemServer();
3307 * Creates an intent to request access to a given account for a UID.
3308 * The returned intent should be stated for a result where {@link
3309 * Activity#RESULT_OK} result means access was granted whereas {@link
3310 * Activity#RESULT_CANCELED} result means access wasn't granted. Can
3311 * be called only from the system UID.
3313 * @param account The account for which to request.
3314 * @param packageName The package name which to request.
3315 * @param userHandle The user for which to request.
3316 * @return The intent to request account access or null if the package
3321 public IntentSender createRequestAccountAccessIntentSenderAsUser(@NonNull Account account,
3322 @NonNull String packageName, @NonNull UserHandle userHandle) {
3324 return mService.createRequestAccountAccessIntentSenderAsUser(account, packageName,
3326 } catch (RemoteException e) {
3327 throw e.rethrowFromSystemServer();