Is there a way to sync android contacts with server without using authToken, just username and password? How can it be done?
I want to authenticate with username and password everytime i sync the contacts, without using the authToken at all.
Let's say on the SampleSyncAdapter
, what should I change to achieve this.
You can use the account name as the user name, and save the password either as the token as or additional info. In the SampleSyncAdapter, just replace what your sending to the server.
Note that using the password instead of an auth token is easy, but is terribly insecure (discussion) for several reasons:
It means a malicious app which authenticates using your AuthenticationAdapter is handed a copy of your actual password, which it can use to login as you and do anything it pleases, or it can send your username and password to anyone it likes. Note that due to the way that authentication and token use are decoupled, it's possible for people to write third party apps that can request credentials from your Authenticator. If you give a password instead of a token, then you just handed out your user's password to an app developer that you might not every have even heard of or know exists.
It means that you're sending passwords in plaintext over the network if you're using http transport. This would make the passwords subject to snooping. (And again, any third party developer that uses you as an authenticator might not know how bad it is to use http with passwords.)