GoogleAuthUtil

public final classGoogleAuthUtilextendsObject

GoogleAuthUtil provides static utility methods to acquire OAuth2 tokens for Google accounts; and also to invalidate OAuth2 tokens.

Constant Summary

int CHANGE_TYPE_ACCOUNT_ADDED Change types that can be represented in an AccountChangeEvent.
int CHANGE_TYPE_ACCOUNT_REMOVED
int CHANGE_TYPE_ACCOUNT_RENAMED_FROM A rename event that will contain extra data indicating the original account name.
int CHANGE_TYPE_ACCOUNT_RENAMED_TO A rename event that will contain extra data indicating the new account name.
int GCORE_REQUEST_GOOGLE_ACCOUNTS_MIN_VERSION
String GOOGLE_ACCOUNT_TYPE Google Account type string.
String KEY_REQUEST_ACTIONS
String KEY_REQUEST_VISIBLE_ACTIVITIES This constant is deprecated. in GMS vFinn
String KEY_SUPPRESS_PROGRESS_SCREEN Adding KEY_SUPPRESS_PROGRESS will suppress the progress screen shown when getting a token when added as a booleantrue option while calling getToken(Context, String, String, Bundle).
String WORK_ACCOUNT_TYPE Android for Work Account type string.

Public Method Summary

static void
clearToken(Context context,Stringtoken)
Clear the specified token in local cache with respect to theContext.
staticList<AccountChangeEvent>
getAccountChangeEvents(Context context, int eventIndex,StringaccountName)
Gets a list of events for the given account.
staticString
getAccountId(Contextctx, String accountName)
Gets a stable account id for the given account name.
staticString
getToken(Context context,Account account,Stringscope, Bundle extras)
Gets an access token directly.
staticString
getToken(Context context,Account account,Stringscope)
See getToken(Context, Account, String, Bundle).
staticString
getToken(Context context,StringaccountName, String scope,Bundleextras)
This method is deprecated. Use getToken(Context, Account, String, Bundle)instead.
staticString
getToken(Context context,StringaccountName, String scope)
This method is deprecated. Use getToken(Context, Account, String)instead.
staticString
getTokenWithNotification(Context context,StringaccountName, String scope,Bundleextras, String authority,BundlesyncBundle)
This method is deprecated. Use getTokenWithNotification(Context, Account, String, Bundle, String, Bundle)instead.
staticString
getTokenWithNotification(Context context,Account account,Stringscope, Bundle extras)
Authenticates the user and returns a Google authentication token, or throws an Exception if there was an error while getting the token.
staticString
getTokenWithNotification(Context context,StringaccountName, String scope,Bundleextras, Intent callback)
This method is deprecated. Use getTokenWithNotification(Context, Account, String, Bundle, Intent) instead.
staticString
getTokenWithNotification(Context context,Account account,Stringscope, Bundle extras,Stringauthority, Bundle syncBundle)
Authenticates the user and returns a Google authentication token, or throws an Exception if there was an error while getting the token.
staticString
getTokenWithNotification(Context context,StringaccountName, String scope,Bundleextras)
This method is deprecated. Use getTokenWithNotification(Context, Account, String, Bundle) instead.
staticString
getTokenWithNotification(Context context,Account account,Stringscope, Bundle extras,Intent callback)
Authenticates the user and returns a Google authentication token, or throws an Exception if there was an error while getting the token.
static void
invalidateToken(Context context,Stringtoken)
This method is deprecated. Deprecated because calling this function requires permissions MANAGE_ACCOUNTS and USE_CREDENTIALS. Please use clearToken(Context, String)instead.
staticBundle
removeAccount(Context context,Account account)
Removes an account from the AccountManager.
staticBoolean
requestGoogleAccountsAccess(Context context)
Whitelists caller in Account Manager to see accounts of GOOGLE_ACCOUNT_TYPE.

Inherited Method Summary

Constants

public static final int CHANGE_TYPE_ACCOUNT_ADDED

Change types that can be represented in anAccountChangeEvent.

Constant Value:1

public static final int CHANGE_TYPE_ACCOUNT_REMOVED

Constant Value:2

public static final int CHANGE_TYPE_ACCOUNT_RENAMED_FROM

A rename event that will contain extra data indicating the original account name.

Constant Value:3

public static final int CHANGE_TYPE_ACCOUNT_RENAMED_TO

A rename event that will contain extra data indicating the new account name.

Constant Value:4

public static final int GCORE_REQUEST_GOOGLE_ACCOUNTS_MIN_VERSION

Constant Value:11400000

public static finalString GOOGLE_ACCOUNT_TYPE

Google Account type string. Used for various calls toAccountManager.

Constant Value:"com.google"

public static finalString KEY_REQUEST_ACTIONS

See Also
Constant Value: "request_visible_actions"

public static finalString KEY_REQUEST_VISIBLE_ACTIVITIES

This constant is deprecated.
in GMS vFinn

See KEY_REQUEST_ACTIONS.

Constant Value: "request_visible_actions"

public static finalString KEY_SUPPRESS_PROGRESS_SCREEN

Adding KEY_SUPPRESS_PROGRESS will suppress the progress screen shown when getting a token when added as a booleantrueoption while calling getToken(Context, String, String, Bundle).This is useful for apps that provide their own splash screens on initialization.

Constant Value: "suppressProgressScreen"

public static finalString WORK_ACCOUNT_TYPE

Android for Work Account type string. Used for various calls toAccountManager.

Constant Value: "com.google.work"

Public Methods

public static voidclearToken(Contextcontext, String token)

Clear the specified token in local cache with respect to theContext. Note that the context must be the same as that used to initialize the token in a previous call to getToken(Context, String, String)or getToken(Context, String, String, Bundle).

Parameters
context Context of the token.
token The token to clear.
Throws
GooglePlayServicesAvailabilityException
GoogleAuthException
IOException

public staticList<AccountChangeEvent> getAccountChangeEvents(Contextcontext, int eventIndex,String accountName)

Gets a list of events for the given account. The result is in reverse chronological order.

Supported types of event are CHANGE_TYPE_ACCOUNT_ADDED, CHANGE_TYPE_ACCOUNT_REMOVED, CHANGE_TYPE_ACCOUNT_RENAMED_FROMand CHANGE_TYPE_ACCOUNT_RENAMED_TO.

Parameters
context
eventIndex An event index to restrict results by. If0then all events will be fetched. Otherwise, events greater than this index will be fetched. Callers can store the last event index seen and use this field to limit results to only events more recent than the ones seen prior.
accountName The account name to restrict the event list to.
Throws
GoogleAuthException
IOException

public staticStringgetAccountId(Contextctx,String accountName)

Gets a stable account id for the given account name. In the event of a missing id, user intervention may be required. In such cases, aUserRecoverableAuthException will be thrown. To initiate the user recovery workflow, clients must start the Intent returned by UserRecoverableAuthException.getIntent()for result. Upon successfully returning a client should invoke this method again to get an id.

Throws
GooglePlayServicesAvailabilityException containing the appropriate connection status error code.
UserRecoverableAuthException wrapping an Intent for initiating user intervention. The wrapped intent must be called with Activity.startActivityForResult(Intent, int).
GoogleAuthException signaling a potentially unrecoverable authentication error.
IOException signaling a potentially transient error.
IllegalStateException if the method is invoked in the main event thread.

public staticStringgetToken(Contextcontext, Account account,String scope,Bundle extras)

Gets an access token directly. There are better approaches than GoogleAuthUtil for authentication and authorization in your application:

You should only use this method if you need an access token directly, e.g. protocols like SASL XOAUTH2.

This method requires substantial network IO thus should be run off the UI thread.

The token returned by this call is not guaranteed to stay valid before it is used. If using the token results in an unauthorized error, the token should be cleared from the cache with clearToken(Context, String)and this call should be retried.

Be sure to handle theUserRecoverableAuthException exception, as it is normal behavior that user interaction is required.

Parameters
context TheContextof the caller.
account The user account that the token will be associated with.
scope AStringrepresenting the authentication scope, prefixed with "oauth2:". To specify multiple scopes, separate them with a space (for example, "oauth2:scope1 scope2 scope3" ).
extras ABundlethat contains additional information. For example, clients that have their own splash screens can suppress the progress dialog provided by Google Play services by setting KEY_SUPPRESS_PROGRESS_SCREENtotruein the Bundle.
Returns
  • AStringthat contains a valid token.
Throws
UserRecoverableAuthException Signaling that a user action is required (to provide consent, enter a password, etc.). To initiate the user action, clients must start theIntent returned by UserRecoverableAuthException.getIntent().Upon successfully returning a client should invoke this method again to get a token.
IOException Signaling a transient error (typically network related). It is left to clients to implement a backoff/abandonment strategy appropriate to their latency requirements.
GooglePlayServicesAvailabilityException Signaling that GooglePlayServices is not available.
GoogleAuthException Signaling an unrecoverable authentication error. These errors will typically result from client errors (e.g. providing an invalid scope).
IllegalStateException If the method is invoked in the main event thread.

public staticStringgetToken(Contextcontext, Account account,String scope)

See getToken(Context, Account, String, Bundle).

Throws
IOException
UserRecoverableAuthException
GoogleAuthException

public staticStringgetToken(Contextcontext, StringaccountName, Stringscope, Bundle extras)

This method is deprecated.
Use getToken(Context, Account, String, Bundle)instead.

Throws
IOException
UserRecoverableAuthException
GoogleAuthException

public staticStringgetToken(Contextcontext, StringaccountName, String scope)

This method is deprecated.
Use getToken(Context, Account, String)instead.

Throws
IOException
UserRecoverableAuthException
GoogleAuthException

public staticStringgetTokenWithNotification(Contextcontext, StringaccountName, Stringscope, Bundleextras, Stringauthority, Bundle syncBundle)

This method is deprecated.
Use getTokenWithNotification(Context, Account, String, Bundle, String, Bundle) instead.

Throws
IOException
UserRecoverableNotifiedException
GoogleAuthException

public staticStringgetTokenWithNotification(Contextcontext, Account account,String scope,Bundle extras)

Authenticates the user and returns a Google authentication token, or throws an Exceptionif there was an error while getting the token.

This method is specifically provided for background tasks. In the event of an error that needs user intervention, this method takes care of pushing relevant notification.

The exception thrown depends upon the underlying error and support for recovery. UserRecoverableNotifiedException will be thrown if the error can be resolved by user intervention and a notification has already been posted to address it.IOExceptions will be thrown if the underlying error might be solved by some intelligent retry strategy. Alternatively,GoogleAuthExceptions represent a broad class ofExceptions that cannot be recovered programmatically.

The token returned by this call is not guaranteed to stay valid before it is used. If using the token results in an unauthorized error, the token should be cleared from the cache with clearToken(Context, String)and this call should be retried.

There are better approaches than GoogleAuthUtil for authentication and authorization in your application:

You should only use this method if you need an access token directly, e.g. protocols like SASL XOAUTH2.
Parameters
context Context associated with the desired token.
account Authenticating user account.
scope String representing the authentication scope. To specify multiple scopes, separate them with a space (for example, "oauth2:scope1 scope2 scope3" ).
extras Bundle containing additional information that may be relevant to the authentication scope.
Returns
  • String containing a valid token.
Throws
UserRecoverableNotifiedException if a user addressable error occurred and a notification was pushed.
GoogleAuthException signaling a potentially unrecoverable authentication error.
IOException signaling a potentially transient error.
IllegalStateException if the method is invoked in the main event thread.

public staticStringgetTokenWithNotification(Contextcontext, StringaccountName, Stringscope, Bundleextras, Intent callback)

This method is deprecated.
Use getTokenWithNotification(Context, Account, String, Bundle, Intent) instead.

Throws
IOException
UserRecoverableNotifiedException
GoogleAuthException

public staticStringgetTokenWithNotification(Contextcontext, Account account,String scope,Bundle extras,String authority,Bundle syncBundle)

Authenticates the user and returns a Google authentication token, or throws an Exceptionif there was an error while getting the token.

This method is specifically provided for sync adaptors. In the event of an error that needs user intervention, this method takes care of pushing relevant notification. After the user addresses the notification, a sync request will be kicked off using the given params. If the user cancels then the sync is not fired.

The exception thrown depends upon the underlying error and support for recovery. UserRecoverableNotifiedException will be thrown if the error can be resolved by user intervention and a notification has already been posted to address it.IOExceptions will be thrown if the underlying error might be solved by some intelligent retry strategy. Alternatively,GoogleAuthExceptions represent a broad class ofExceptions that cannot be recovered programmatically.

The token returned by this call is not guaranteed to stay valid before it is used. If using the token results in an unauthorized error, the token should be cleared from the cache with clearToken(Context, String)and this call should be retried.

There are better approaches than GoogleAuthUtil for authentication and authorization in your application:

You should only use this method if you need an access token directly, e.g. protocols like SASL XOAUTH2.
Parameters
context Context associated with the desired token.
account Authenticating user account.
scope String representing the authentication scope. To specify multiple scopes, separate them with a space (for example, "oauth2:scope1 scope2 scope3" ).
extras Bundle containing additional information that may be relevant to the authentication scope.
authority Authority for firing a sync request. Must not be empty or null.
syncBundle extras for firing a sync request. This bundle must pass ContentResolver.validateSyncExtrasBundle(). If no extras are needed can a null value can be passed.
Returns
  • String containing a valid token.
Throws
UserRecoverableNotifiedException if a user addressable error occurred and a notification was pushed.
GoogleAuthException signaling a potentially unrecoverable authentication error.
IOException signaling a potentially transient error.
IllegalStateException if the method is invoked in the main event thread.

public staticStringgetTokenWithNotification(Contextcontext, StringaccountName, Stringscope, Bundle extras)

This method is deprecated.
Use getTokenWithNotification(Context, Account, String, Bundle)instead.

Throws
IOException
UserRecoverableNotifiedException
GoogleAuthException

public staticStringgetTokenWithNotification(Contextcontext, Account account,String scope,Bundle extras,Intent callback)

Authenticates the user and returns a Google authentication token, or throws an Exceptionif there was an error while getting the token.

This method is specifically provided for background tasks. In the event of an error that needs user intervention, this method takes care of pushing relevant notification. After the user addresses the notification, the callback is broadcasted. If the user cancels then the callback is not fired.

The exception thrown depends upon the underlying error and support for recovery. UserRecoverableNotifiedException will be thrown if the error can be resolved by user intervention and a notification has already been posted to address it.IOExceptions will be thrown if the underlying error might be solved by some intelligent retry strategy. Alternatively,GoogleAuthExceptions represent a broad class ofExceptions that cannot be recovered programmatically.

The token returned by this call is not guaranteed to stay valid before it is used. If using the token results in an unauthorized error, the token should be cleared from the cache with clearToken(Context, String)and this call should be retried.

There are better approaches than GoogleAuthUtil for authentication and authorization in your application:

You should only use this method if you need an access token directly, e.g. protocols like SASL XOAUTH2.
Parameters
context Context associated with the desired token.
account Authenticating user account.
scope String representing the authentication scope. To specify multiple scopes, separate them with a space (for example, "oauth2:scope1 scope2 scope3" ).
extras Bundle containing additional information that may be relevant to the authentication scope.
callback A broadcast intent with a valid receiver that has been exported for other apps to send broadcasts to it. This intent must be serializable using toUri(Intent.URI_INTENT_SCHEME) and Intent.parseUri(intentUri, Intent.URI_INTENT_SCHEME). Cannot be null.
Returns
  • String containing a valid token.
Throws
UserRecoverableNotifiedException if a user addressable error occurred and a notification was pushed.
GoogleAuthException signaling a potentially unrecoverable authentication error.
IOException signaling a potentially transient error.
IllegalStateException if the method is invoked in the main event thread.

public static voidinvalidateToken(Contextcontext, String token)

This method is deprecated.
Deprecated because calling this function requires permissions MANAGE_ACCOUNTS and USE_CREDENTIALS. Please use clearToken(Context, String)instead.

public staticBundleremoveAccount(Contextcontext, Account account)

Removes an account from the AccountManager.

Similar to AccountManager.removeAccount(Account, AccountManagerCallback, Handler)but does not enforce permission checks when called by the device owner or profile owner.

This method isnotsafe to call from UI thread.

SeeDevicePolicyManager for definition of device owner and profile owner.

Parameters
context Context of the caller.
account The account to remove.
Returns
Throws
GoogleAuthException
IOException

public staticBooleanrequestGoogleAccountsAccess(Context context)

Whitelists caller in Account Manager to see accounts of GOOGLE_ACCOUNT_TYPE.In case of success the caller can useAccountManager methods to see all Google accounts on the device. The method is available in Android O and newer versions.

Parameters
context Context of the caller.
Returns
  • whether the access was granted.
Throws
UserRecoverableAuthException wrapping an Intent for initiating user intervention. The wrapped intent must be called with Activity.startActivityForResult(Intent, int).Upon successfully returning a client can invoke this method again to verify that access was granted.
GoogleAuthException signaling a potentially unrecoverable authentication error.
IOException signaling a potentially transient error.