Login/Register
How to revoke the permission that my app get from user's google gmail AccountManager.getAuthToken(
Asked Answered
Solved androidoauthaccountmanager
M

3

8

Created a test app using Eclipse to get the authToken from one of my google e-mail accounts on my device.

Executing this prompted me with the allow access dialog where i press allow access: 

accountManager.getAuthToken(account,"oauth2:https://www.googleapis.com/auth/userinfo.profile", false, new GetAuthTokenCallback(), null);

I wanted to create a chooser dialog that works from API8 and up where the user can choose what google account he allow me to access. To do this i have to revoke the permission to see the screen again.

should i see my test app on this page or not?
Authorized Access to your Google Account

I have search for a way to revoke the permission and non is working..
Only thing working is to create a new app project.

UPDATE 2013
Using the Google Play service GCM and this is working ok

Mantoman answered 4/11, 2012 at 21:11 Comment(0)
I
8

Regarding the "Authorized Access to your Google Account" page, you will not see your app there as this permission is a device local permission stored in a database on the phone.

It does not seem like it is possible to revoke this permission in an easy way. I've been able to find a couple of ways to be able to trigger the dialog again, but none are ideal. In some of these solutions it's not the exact same dialog that is shown, but it might be close enough for testing purposes depending on what you want to do:

Internally the getAuthToken method keeps track of if access has been granted or not using the UID of the application. So if you are able to somehow force Android to give your app a new UID or to force it to clear the database of given grants the dialog should be shown again. Here are some solutions that others say work for them but that doesn't work for me (maybe it depends on which phone you use?):

As a side note as revoke permissions to access google auth tokens mention there are internal Android methods for revoking access, but these are not accessible via the public API.

Isentropic answered 28/11, 2012 at 9:15 Comment(0)
T
2

There are two cases that you must consider:

  1. Server Side Authorization
  2. Android Account Manager (Device side) Authorization

Case 1: Server Side revocation for Google Accounts can be done at: https://accounts.google.com/IssuedAuthSubTokens

You just have to login with the corresponding google account and choose to revoke the App/Website

Case 2: If on your android device you are presented with a screen saying something like: "Application wants to access your Google Account....Allow/Deny? " then this is an Account Manager type authorization where you need to modify the sqlite3 database on your phone in order to revoke the application (not as trivial as the Case 1 and this requires root accessed to your phone):

i. First copy off the database and journal file (accounts.db and accounts.db-journal) to another location (eg: on your SDcard or to a computer). The database files can be found in this directory on your android device:

/data/system/users/0/accounts.db
/data/system/users/0/accounts.db-journal

ii. You now need a sqlite3 editor. I used Sqlite Debugger from the Google Play Store. Alternatively you can use an sqlite3 binaries from http://www.sqlite.org/download.html and do this on a Computer.

iii. You know need to use the editor to remove certain entries in the "extras" table of the accounts.db database. You might want to take a quick tutorial on sqlite commands but here are some examples and "Sqlite Debugger" makes this a easy learn:

First open the accounts.db file in the editor

To list all rows in table "extras" you could use the following command:

SELECT * from extras

A better idea would be to only list rows in table "extras" which correspond to the application which you would like to revoke. For example if "com.someapp" is the name of your App you could use the following command:

SELECT * from extras WHERE key like '%com.someapp%'

You should get some output similar to this:

id|accountsid|key|value
10|1|perm.xxxxxxxxxxxxxxxxxxxxxxxxxxx.oauth2:https://google.com/|1
11|1|EXP:xxxxxxxxxxxxxxxxxxxxxxxxxxxx.oauth2:https://google.com/|xxxxxxx

Make a note of the id numbers you want to delete from the above output (i.e. the rows corresponding to the App you want to revoke) and then use the following commands to delete those rows:

DELETE from extras where _id = 10
DELETE from extras where _id = 11

Copy back the database and journal file to its original location. Make sure you set the permissions and ownership back to the original. read/write for owner and group only and owner and group owners are both "system". This operation will require root access!

Restart your device and you should have revoked the permission for the App. You could test this by asking the app to request Authorization again. If you are presented with the screen asking you to Authorize the app ("Application wants to access your Google Account....Allow/Deny?) then you have successfully revoked the app.

References:

  1. https://groups.google.com/forum/#!topic/android-developers/3lQb83jeyE8
  2. https://github.com/jberkel/sms-backup-plus/issues/369
Thorwald answered 28/1, 2014 at 6:20 Comment(0)
M
1

Uninstalling and restarting the device was the answer.
I had to give it some time before restarting.

Update..Have to say this only works sometimes.

Mantoman answered 28/11, 2012 at 6:18 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.