Geek Answers Handbook

Android user authenticator allows access to the access screen

When registering through a Google authenticator, the GrantPermissionActivity screen is requested once for each account for each application (uid), however, it is not documented where this screen can be selected for user third-party authenticators.

Does anyone know if you still do this?

I tried to insert a user check and simulate GrantPermissionActivity, but the problem is that AuthToken is cached, so I could not figure out how to provide this in third-party applications, since getAuthToken would simply pass user codes using a cached token.

Please note that this is not the same problem as: How do I get the AccountManager to display an "Access Request"? screen after the user has already allowed access?

+4
source share
2 answers

I think I found a very good solution, but that is probably not how the Google resolution screen works.

In Authenticator, you get a calling package that cannot be faked, because the AccountManager checks the UID / PID of the application. You use the calling package as part of the token type, as well as the application installation date (optionally found using the package manager), so each application token will be cached separately.

If the token type does not contain the package name as the calling package, the token will not be returned.

For each type of authorization token, you also check the client's secret regarding the client key. After that, you will only return the "Allow access" intent if this is the first time the client requests a key for each account for each custom type of account.

Please note that if you want to use the whitelisted application, you can also do this based on the type of token.

+2
source

I do not have the full answer for you, but maybe I can help you a little.

When viewing getAuthToken, you can see that permission is automatically granted if the authenticator uses customTokens . The documentation for AuthenticationDescription also mentions that "Authenticator processes its own cache key and permission screen" if custom tokens are used. So if this is so, I do not think this screen may appear.

I tried to insert a custom check and simulate a GrantPermissionActivity, but the problem is that AuthToken is cached ...

If you invalidate the token with invalidateAuthToken , it must be removed from the cache. Just remember to pass the token that you want to invalidate for the method (see AccountManager: invalidateAuthToken does not invalidate the token ).

+1
source

More articles:


All Articles