Share of authentication with custom accounts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Share of authentication with custom accounts

gcast
Hi All,
I'm developing some apps that will share autentication and auth token received from an auth-server.
I would like to use a custom account as suggested here:
https://developer.android.com/training/id-auth/custom_auth
so that the user is added in the Settings -> Accounts and then all authorized apps can access the auth tokens.

Now I have an application implementing the actual authentication. In essence:
- instance of AbstractAccountAuthenticator
- service to publish associated IBinder
- Activity to execute the login and store the account
- authenticator.xml and pefs.xml files
And another app just as client that access the authentication using android.accounts.AccountManager.

In the app with the authentication I can execute all actions:
- check if there are accounts of my type
- access the auth token
- add a new account executing the authentication and storing it

In the client app I can execute only first two actions:
- check if there are accounts of my type
- access the auth token stored from the authentication app

If the client app try to add a new account calling android.accounts.AccountManager#addAccount() the request is correctly delivered to the instance of AbstractAccountAuthenticator in the authentication app (passing the request through the service) but the Login Activity is not open for the following error:

2021-01-14 09:15:33.902 10413-10452/xxx.client1 W/Binder: Caught a RuntimeException from the binder stub implementation.
java.lang.SecurityException: Permission Denial: starting Intent { cmp=xxx.customaccount/xxx.ui.login.LoginActivity clip={text/plain {...}} (has extras) } from ProcessRecord{db30657 10413:xxx.client1/u0a155} (pid=10413, uid=10155) not exported from uid 10154
at android.os.Parcel.createExceptionOrNull(Parcel.java:2373)
at android.os.Parcel.createException(Parcel.java:2357)
at android.os.Parcel.readException(Parcel.java:2340)
at android.os.Parcel.readException(Parcel.java:2282)
at android.app.IActivityTaskManager$Stub$Proxy.startActivity(IActivityTaskManager.java:3696)
at android.app.Instrumentation.execStartActivity(Instrumentation.java:1723)
at android.app.Activity.startActivityForResult(Activity.java:5320)
at androidx.fragment.app.FragmentActivity.startActivityForResult(FragmentActivity.java:675)
at android.app.Activity.startActivityForResult(Activity.java:5278)
at androidx.fragment.app.FragmentActivity.startActivityForResult(FragmentActivity.java:662)
at android.app.Activity.startActivity(Activity.java:5664)
at android.app.Activity.startActivity(Activity.java:5617)
at android.accounts.AccountManager$AmsTask$Response.onResult(AccountManager.java:2330)
at android.accounts.IAccountManagerResponse$Stub.onTransact(IAccountManagerResponse.java:97)
at android.os.Binder.execTransactInternal(Binder.java:1159)
at android.os.Binder.execTransact(Binder.java:1123)
Caused by: android.os.RemoteException: Remote stack trace:
at com.android.server.wm.ActivityStackSupervisor.checkStartAnyActivityPermission(ActivityStackSupervisor.java:1032)
at com.android.server.wm.ActivityStarter.executeRequest(ActivityStarter.java:999)
at com.android.server.wm.ActivityStarter.execute(ActivityStarter.java:669)
at com.android.server.wm.ActivityTaskManagerService.startActivityAsUser(ActivityTaskManagerService.java:1100)
at com.android.server.wm.ActivityTaskManagerService.startActivityAsUser(ActivityTaskManagerService.java:1072)

Adding android:export=true for the Login activity the authentication starts but the storage doesn't work correcty, I don't think this is the correct direction because the authentication should be started in the authentication app to manage correctly the result of the activity.
Any suggestion about how to solve this problem?

Thanks

gcast

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/c838c993-6814-4e1c-adf5-f72080e9f313n%40googlegroups.com.