Android AccountManager: peekAuthToken

Question

I have implemented an account manager in Android, and I'm using the peekAuthToken a lot inside the application, to get the token.

But I'm a bit confused about in the source code, in the docs it says:

Intended for use by the authenticator, not directly by applications.

Why is that, and what will be the issue using this method to get the authToken?

Answer 1

peekAuthToken internally checks that two uids are equal before providng the auth token:

• the uid of the app that is requesting the auth token
• the uid of the app that provided the Authentication IBinder (i.e., the uid that manages the account)

If the uids are different, you'll get a SecurityException.

In other words, if you're shipping the Authentication Service with the rest of your app, you should be fine. (Though I'd still recommend using getAuthToken instead). However, if you're shipping the Authenticator in one app and want to call peekAuthToken in another, that will not work.

https://github.com/android/platform_frameworks_base/blob/4535e11fb7010f2b104d3f8b3954407b9f330e0f/services/core/java/com/android/server/accounts/AccountManagerService.java#L1544