> > It turns out that the reason the authToken from the AccountManager > wasn't working was because it was expired. It was dated Dec. 9th, > which is probably the day I first got my authentication code working. > I guess it cached the authToken and has been using the same one ever > since. > How do you know it was dated and that it was from the 9th? Anyway, I don't think that is the case for me. I did all my testing on the same day and always got a token, but that token doesn't seem to be valid.
I acquire a token like this: String token = accountManager.blockingGetAuthToken(acct, "ah", false); and then try something like this: curl --header "Cookie: SID=<HERE GOES THE TOKEN>" --header "Accept-Encoding: gzip" " http://www.google.com/reader/atom/user/-/state/com.google/reading-list"; -D header | tidy -i -xml | mate And this usually returns an xml file, but only if I pass in an auth token from the ClientLogin. But not this time. I get those headers then: HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Location: https://www.google.com/accounts/ServiceLogin?hl=en&nui=1&service=reader&continue= <original_url> Date: Wed, 06 Jan 2010 20:42:00 GMT Expires: Wed, 06 Jan 2010 20:42:00 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Content-Length: 1381 Server: GFE/2.0 And this message in the content stream: <html><head><title>302 Redirection</title> <style type="text/css"> body {font-family: arial,sans-serif} div.nav {margin-top: 1ex} div.nav A {font-size: 10pt; font-family: arial,sans-serif} span.nav {font-size: 10pt; font-family: arial,sans-serif; font-weight: bold} div.nav A,span.big {font-size: 12pt; color: #0000cc} div.nav A {font-size: 10pt; color: black} A.l:link {color: #6f6f6f} </style></head> <body text="#000000" bgcolor="#ffffff"><table border="0" cellpadding="2" cellspacing="0" width="100%"></table> <table><tr><td rowspan="3" width="1%"><b><font face="times" color="#0039b6" size="10">G</font><font face="times" color="#c41200" size="10">o</font><font face="times" color="#f3c518" size="10">o</font><font face="times" color="#0039b6" size="10">g</font><font face="times" color="#30a72f" size="10">l</font><font face="times" color="#c41200" size="10">e</font> </b></td> <td> </td></tr> <tr><td bgcolor="#3366cc"><font face="arial,sans-serif" color="#ffffff"><b>Error</b></font></td></tr> <tr><td> </td></tr></table> <blockquote><h1>Redirection</h1> Further action needs to be taken by your user agent in order to fulfill the request. <p></p></blockquote> <table width="100%" cellpadding="0" cellspacing="0"><tr><td bgcolor="#3366cc"><img alt="" width="1" height="4"></td></tr></table></body></html> Following the "expired" logic this should work, right?: String oldToken = accountManager.peekAuthToken(acct, "ah"); if (oldToken != null) { System.out.println("oldToken="+oldToken); accountManager.invalidateAuthToken("com.google",oldToken); System.out.println("invalidated."); } String sid = accountManager.blockingGetAuthToken(acct, "ah", false); But it doesn't. Same effect. And also these two additional permissions (four in total then) are also needed then: <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" /> <uses-permission android:name="android.permission.MANAGE_ACCOUNTS" /> > So now the questions are: How do I clear out the cached authToken? How > often would I need to do this? Is there a way of getting a new > authToken that isn't going to require that the user agree to a system > prompt every time? > > I'm going to try the invalidateAuthToken and updateUserCredentials > methods. If the user is going to be prompted every time the authToken > needs to be refreshed, using the authToken from AccountManager simply > isn't going to be a worthwhile solution to authenticating a Google > Service. > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com<android-developers%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en >
-- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
