问题
What we want to achieve: cross app single sign on
We have 2 apps (app A and app B) that we would like to share the same user account. That is, when a user logs into app A, they will be automatically logged in app B, and the other way around.
What we have done
We created a custom authenticator (extending AbstractAccountAuthenticator etc) to retrieve auth tokens from our service to ensure users are logged into our apps.
We pulled the authenticator into two different apps (app A and app B) that we wanted to share accounts.
We installed app A, and signed in. Then we installed app B, and saw that we were automatically signed in. Yay!
HOWEVER, when we then uninstalled app A (the first app we installed) we saw the following message:
03-20 16:43:27.057 862-862/? W/AccountManagerService: deleting account username@blah.com because type com.example.app.a's registered authenticator no longer exist.
and saw that we'd be signed out of app B, and the account had disappeared from accounts.
The question is: Is the only registered account authenticator the first one that is installed? Is there no way of falling back to the account authenticator in app B if app A is uninstalled?
(fyi: we've seen that setting a sharedUserId solves this problem, but our apps are currently live so changing their userId is not an option)
回答1:
You may want to explore a solution suggested by Google in this article, which consists in distributing your authenticator as a separate APK:
If only one app will ever access the [account] service, then this isn't a big deal—just bundle the service in the app. But if you want your account service to be used by more than one app, things get trickier. You don't want to bundle the service with all of your apps and have multiple copies of it taking up space on your user's device.
One solution is to place the service in one small, special-purpose APK. When an app wishes to use your custom account type, it can check the device to see if your custom account service is available. If not, it can direct the user to Google Play to download the service. This may seem like a great deal of trouble at first, but compared with the alternative of re-entering credentials for every app that uses your custom account, it's refreshingly easy.
The authenticator APK will not be automatically uninstalled when your user uninstalls your apps A and/or B. This means that your users may be already authenticated if they decide to reinstall your app(s). This may or may not be desirable, since it puts the burden on your users to remember to uninstall the authenticator after uninstalling your apps.
回答2:
I think the best solution is to handle the authentication on the server side, i'll explain it:
you generate a unique id for each device with your algorithm and send it to server while login then, in all of your applications you implement your algorithm so, for same devices, you get the same id, so server detects the device's account with that unique id. and in your applications, you can just ask the server about that unique id, if it's logged in, server gives you the same token, and even different token (for more security) for the same user ;-)
来源:https://stackoverflow.com/questions/42923746/android-accountmanager-across-apps-uninstalling-the-first-app-that-registered-t