Reputation: 17119
This piece of code is from AuthenticatorActivity
in Android SampleSyncAdapter Sample project. It says,
We store the authToken that's returned from the server as the 'password' for this account - so we're never storing the user's actual password locally.
But I don't see authToken
being used at all. Why? Is this a mistake or intentional?
/**
* Called when response is received from the server for authentication
* request. See onAuthenticationResult(). Sets the
* AccountAuthenticatorResult which is sent back to the caller. We store the
* authToken that's returned from the server as the 'password' for this
* account - so we're never storing the user's actual password locally.
*
* @param result the confirmCredentials result.
*/
private void finishLogin(String authToken) {
Log.i(TAG, "finishLogin()");
final Account account = new Account(mUsername, Constants.ACCOUNT_TYPE);
if (mRequestNewAccount) {
mAccountManager.addAccountExplicitly(account, mPassword, null);
// Set contacts sync for this account.
ContentResolver.setSyncAutomatically(account, ContactsContract.AUTHORITY, true);
} else {
mAccountManager.setPassword(account, mPassword);
}
final Intent intent = new Intent();
intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mUsername);
intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, Constants.ACCOUNT_TYPE);
setAccountAuthenticatorResult(intent.getExtras());
setResult(RESULT_OK, intent);
finish();
}
Upvotes: 0
Views: 448
Reputation: 36
Agreed, this is confusing, especially since SampleSyncAdapter represents some of the only documentation around these classes. That said, I think the comment is the mistake here, since both the AbstractAccountAuthenticator and the service rely on the password. I have filed a bug for clarification:
http://code.google.com/p/android/issues/detail?id=40878&thanks=40878&ts=1354582803
Upvotes: 2