Simplifying the question: Am looking for answers from developers (or google engineers) who have used accountManager.getAuthToken(....) and have come across such a screen for their own apps:
http://www.appbrain.com/info/fastweb2.png or http://chiarg.com/?p=429 Once the user clicks 'allow', how could they undo this action for that particular android app+account? Regards, RS On Jun 17, 2:59 pm, RS <[email protected]> wrote: > Sorry if that reply instigated these comments. Am glad you still had > patience to respond. > > Chrome to phone is probably showing up there having a server side > component. > > As explained in the fist post, am looking for ways to revoke google > account access granted to android apps on the phone. Nope, account > manager doesn't help users. Once an app has gained the cookie/token > through the account manager, it is pretty much out of the way. > > While I found revoking is possible for google app engine based apps, > am still hunting for the right answer w.r.t android apps. > > And including this thread, there is no relevant answer on the > Internet. > > And am hoping that is incorrect and that it would be possible for an > user to clear access granted for individual android apps to a > particular google account. But cold somebody confirm this to be true > or false: > "Since the same auth token as the android system's is shared with > third party apps, there is no way to distinguish requests from > arbitrary apps using this token. Hence revoking on per app basis is > ruled out. The app has access to all google stuff till the android > system's token remains valid on the server. " > > Okay that is acceptable but in any case, how to revoke access granted > to an android app (account by account)? On first attempt by an app, > the android system throws its own activity asking user to allow or > deny an app from accessing tokens of a particular google account. > Don't tokens expire? Second time on, the android system doesn't invoke > user interaction to grant access. The app simply gets a copy of the > (new) token. > > Clearing out access to all android apps allowed access to tokens is an > acceptable workaround. But for which google's android apps should I > clear data/cache on android? > > Please clarify. AccountManager document doesn't answer this. AOSP on > source.android.com doesn't have relevant code to clear tokens etc. > > Thanks for your time, > RS > > On Jun 17, 12:35 pm, Nikolay Elenkov <[email protected]> > wrote: > > > > > > > > > On Fri, Jun 17, 2011 at 8:07 PM, RS <[email protected]> wrote: > > > Well, I came here only after realizing how bad I was at it in this > > > particular case. > > > You should probably says so and say what you tried so far, instead > > of just 'oh you guys obviously have no clue'. Might not be the > > best strategy to gen an answer. > > > > Should the accounts administration help revoke access even for android > > > devices/apps? > > > > The list there doesn't show android apps allowed access to the google > > > account. > > > >https://www.google.com/accounts/IssuedAuthSubTokens > > > > Nor does google apps dashboard help. > > > > Help me revoke access to an android app already granted access to a > > > google account either through the device or google accounts through > > > any browser. > > > Which particular app? At least for me, Chrome to Phone shows in the > > IssuedAuthSubTokens page. If the app is using ClientLogin, it won't > > show up there though. I don't think there is an UI for manging granted > > tokens in Android, but if you are doing this in code, you might want > > to look at AccountManager. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
