I'm working on an Android app using the Windows Live services which uses OAuth2 authentication, therefore I don't have access to the users password. I would like to add the users account to the Android account manager but since I don't have access to the users password, its a spot of problem sticking to the default flow of the account manager i.e. to re-login the user if the auth token is no longer valid. Has anybody built an Android app that uses the account manager for a service that uses OAUth2 for verification? If so how did you handle this?
This is certainly doable. From the Android AccountManager documentation:
Many servers support some notion of an authentication token, which can be used to authenticate a request to the server without sending the user's actual password. (Auth tokens are normally created with a separate request which does include the user's credentials.) AccountManager can generate auth tokens for applications, so the application doesn't need to handle passwords directly. Auth tokens are normally reusable and cached by AccountManager, but must be refreshed periodically. It's the responsibility of applications to invalidate auth tokens when they stop working so the AccountManager knows it needs to regenerate them.
A bit of Googling also turns up a fairly detailed tutorial of how to do this:
In addition, it is also discussed in one of the 2011 Google IO sessions which can be viewed online:
The Google IO session is of course discussing Google APIs, but since your interested in OAuth2 what you learn there should be germane to your situation.