android contacts sync without auth token

2019-07-30 01:37发布

Is there a way to sync android contacts with server without using authToken, just username and password? How can it be done?

I want to authenticate with username and password everytime i sync the contacts, without using the authToken at all.

Let's say on the SampleSyncAdapter, what should I change to achieve this.

2条回答
Deceive 欺骗
2楼-- · 2019-07-30 02:03

You can use the account name as the user name, and save the password either as the token as or additional info. In the SampleSyncAdapter, just replace what your sending to the server.

查看更多
一纸荒年 Trace。
3楼-- · 2019-07-30 02:25

Note that using the password instead of an auth token is easy, but is terribly insecure (discussion) for several reasons:

  1. It means a malicious app which authenticates using your AuthenticationAdapter is handed a copy of your actual password, which it can use to login as you and do anything it pleases, or it can send your username and password to anyone it likes. Note that due to the way that authentication and token use are decoupled, it's possible for people to write third party apps that can request credentials from your Authenticator. If you give a password instead of a token, then you just handed out your user's password to an app developer that you might not every have even heard of or know exists.

  2. It means that you're sending passwords in plaintext over the network if you're using http transport. This would make the passwords subject to snooping. (And again, any third party developer that uses you as an authenticator might not know how bad it is to use http with passwords.)

查看更多
登录 后发表回答