Compartilhar via


DevicePolicyManager.SetResetPasswordToken(ComponentName, Byte[]) Method

Definition

Called by a profile or device owner to provision a token which can later be used to reset the device lockscreen password (if called by device owner), or managed profile challenge (if called by profile owner), via #resetPasswordWithToken.

[Android.Runtime.Register("setResetPasswordToken", "(Landroid/content/ComponentName;[B)Z", "GetSetResetPasswordToken_Landroid_content_ComponentName_arrayBHandler", ApiSince=26)]
[Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD")]
public virtual bool SetResetPasswordToken (Android.Content.ComponentName? admin, byte[]? token);
[<Android.Runtime.Register("setResetPasswordToken", "(Landroid/content/ComponentName;[B)Z", "GetSetResetPasswordToken_Landroid_content_ComponentName_arrayBHandler", ApiSince=26)>]
[<Android.Runtime.RequiresPermission("android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD")>]
abstract member SetResetPasswordToken : Android.Content.ComponentName * byte[] -> bool
override this.SetResetPasswordToken : Android.Content.ComponentName * byte[] -> bool

Parameters

admin
ComponentName

Which DeviceAdminReceiver this request is associated with. Null if the caller is not a device admin.

token
Byte[]

a secure token a least 32-byte long, which must be generated by a cryptographically strong random number generator.

Returns

true if the operation is successful, false otherwise.

Attributes

Remarks

Called by a profile or device owner to provision a token which can later be used to reset the device lockscreen password (if called by device owner), or managed profile challenge (if called by profile owner), via #resetPasswordWithToken.

If the user currently has a lockscreen password, the provisioned token will not be immediately usable; it only becomes active after the user performs a confirm credential operation, which can be triggered by KeyguardManager#createConfirmDeviceCredentialIntent. If the user has no lockscreen password, the token is activated immediately. In all cases, the active state of the current token can be checked by #isResetPasswordTokenActive. For security reasons, un-activated tokens are only stored in memory and will be lost once the device reboots. In this case a new token needs to be provisioned again.

Once provisioned and activated, the token will remain effective even if the user changes or clears the lockscreen password.

<em>This token is highly sensitive and should be treated at the same level as user credentials. In particular, NEVER store this token on device in plaintext. Do not store the plaintext token in device-encrypted storage if it will be needed to reset password on file-based encryption devices before user unlocks. Consider carefully how any password token will be stored on your server and who will need access to them. Tokens may be the subject of legal access requests. </em>

On devices not supporting PackageManager#FEATURE_SECURE_LOCK_SCREEN feature, the reset token is not set and this method returns false.

Java documentation for android.app.admin.DevicePolicyManager.setResetPasswordToken(android.content.ComponentName, byte[]).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to