Authkey not handled consistently

[GoogleCodeExporter]

What steps will reproduce the problem?
1.  Start a fresh Posit instance
2.  Authenticate with AccountManager by logging in to Posit
3.

What is the expected output? What do you see instead?

This should create an Account and it should save an authkey
that is used whenever the app is run.  There should be no
need to re-create the auth key. 

However, on some occasions, an exception is thrown because Posit
does not find the authkey and tries again to re-authenticate.
Android complains that this attempt is being done on the main
thread which can lead to deadlock.   

This doesn't cause a crash, it just makes it look like the user
needs to authenticate again.  The app eventually gets the 
the authkey from the Posit server and all is well.  So it appears
to be a matter of timing whether the user sees this annoying message.

Please use labels and text to provide additional information.

Original issue reported on code.google.com by ram8...@gmail.com on 24 May 2012 at 11:36

[GoogleCodeExporter]

Here's a trace of how authentication currently works.

PositMain calls resolveAccount().  This checks AccountManager whether a Positx 
account exists. If not, it starts the AuthenticatorActivity.

AuthenticatorActivity prompts the user for credentials, username and password.  
These are the credentials of a user account on PositWeb.

The user's credentials are checked by calling loginUser on PositWeb.  If they 
authenticated, PositWeb sends back an authkey.

In AuthenticatorActivity.finishLogin() a new account is created, with the 
command:

   mAccountManager.addAccountExplicitly(account, mPassword, null);

And the authkey is sent back to the AccountAuthenticator as part of the 
Response object:

        mAuthtoken = authKey;
        intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mUsername);
        intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE,SyncAdapter.ACCOUNT_TYPE);
        if (mAuthtokenType != null && mAuthtokenType.equals(SyncAdapter.AUTHTOKEN_TYPE)) {
            intent.putExtra(AccountManager.KEY_AUTHTOKEN, mAuthtoken);
        }
        setAccountAuthenticatorResult(intent.getExtras());
        setResult(RESULT_OK, intent);

NOTE: I haven't been able to figure out how to retrieve the authkey from the 
AccountManager other than by calling blocking 
AccountManager.blockingGetAuthToken(), which is the method that results in the 
exception that it cannot be run on the main thread because it might cause 
deadlock.

NOTE:  Perhaps, this is the point at which we should save the authkey as a 
preference.

Because the PositX account is set to "Sync Automatically", it then invokes 
SyncAdapater.onPerformSync(), which calls:

   Log.i(TAG, "Trying to retrieve authToken");
   authToken = mAccountManager.blockingGetAuthToken(account, AUTHTOKEN_TYPE, true /* notifyAuthFailure */);

This is the method which should not be called on the main thread.  As its name 
suggests, it can block thereby causing a deadlock.

This method call results in the creation of a new authkey, different from the 
one that was returned from PositWeb. 

SyncAdapter then creates a SyncServer and passes it the context. During 
instantiation, syncServer retrieves the original authKey, which is stored in 
Communicator as a static variable. 

SyncAdapter then calls its SyncServer.sync() method, passing it the new 
authKey. This is the key that's used to query PositWeb with 
getDeltaFindsIds(authkey, imei,project_id) for Finds that need syncing.

(At this point, no project_id has been set so, this returns an empty list.)

NOTE: This authkey is different from the key that PositX received from PositWeb 
but PositWeb doesn't complain, which suggests that something is not correct 
here.  Is Positweb even checking the authentication key?  If not, what's its 
purpose?

Posit then goes on to set the project activity and perform other tasks, using 
the authkey it received from PositWeb. On the other hand, when Positx syncs 
Finds, it uses the AccountManager authkey, which it gets by calling 
blockingGetAuthToken.

This needs to be fixed up.

Original comment by ram8...@gmail.com on 24 May 2012 at 12:49

• Changed title: s

[GoogleCodeExporter]

Original comment by ram8...@gmail.com on 24 May 2012 at 12:50

• Changed title: Authkey not handled consistently