I have my own type account in my application and I putted Log out button in my app. I would like to find out what is better way for Logging out I wonder is it better to removeAccont like this:
mAccountManager.removeAccount(account, new AccountManagerCallback<Boolean>() {
@Override
public void run(AccountManagerFuture<Boolean> future) {
try {
if (future.getResult()) {
}
} catch (Exception e) {
e.printStackTrace();
}
}
}, null);
or change password? or remove Auth Tokens?
This depends on many things. Primarily: What do you want to accomplish?
First of all, if you actually log the user out, the auth tokens would be invalidated and hence you can just remove them. This is basically what logging out means.
Whether you remove the password, or still keep it saved, is entirely up to you. Although, you probably should not save the password itself on an android device. You should rather save a refresh token with which you can get a new access token as the accounts password. This stored data is always a security risk, and exposing user passwords is not a good idea.
If you remove the account, the users device will be kept "clean", on the other hand: How many accounts do you suppose a normal user is going to have?
If you keep the account, but just remove the password and tokens, you can still query the account manager to support AutoCompleteTextView to facilitate the next user login.
What I do is:
setPassword(account, null) (Password is the refresh token, which got invalidated anyways)And as mentioned earlier, I use an AutoCompleteTextView to suggest the old account at the next login.