AccountManager.confirmCredentials issue

Question

I'm trying to use AccountManager.confirmCredentials method for user verification in my app. I'm using it like that:

    AccountManager am = AccountManager.get(ctx);
    am.confirmCredentials(account, null, ctx, new AccountManagerCallback<Bundle>() {
        @Override
        public void run(AccountManagerFuture<Bundle> amf) {
            try {
                Bundle b = amf.getResult();
                boolean r = b.getBoolean(AccountManager.KEY_BOOLEAN_RESULT);
                vc.onValidateResult(r);
                return;
            } catch (OperationCanceledException ignore) {
            } catch (AuthenticatorException ignore) {
            } catch (IOException ignore) {
            }
            vc.onValidateResult(false);
        }
    }, null);

But found a gap in its implementation since Android 5. A user can clear the proposed account name in the Google authorization form and use his/her own. The result will be positive, and there is no ability to verify if the requested account name was used for confirmation because the got bundle has only timestamp and resulting boolean value. In other words, the bundle doesn't have KEY_ACCOUNT_NAME field, however, accordingly to the reference it should.

Does anyone know how to work around this breach?

Answer 1

According to documentation:

If no activity or password was specified, the returned Bundle contains KEY_INTENT with the Intent needed to launch the password prompt. Also the returning Bundle may contain KEY_LAST_AUTHENTICATED_TIME indicating the last time the credential was validated/created.

If your result does not contain Account Name, then it must be due to above scenario. You should check if the intent contains KEY_INTENT and if it does then launch that intent to verify.