Account Manager is the core component of the user account system for Fuchsia.
The Account Manager maintains the set of Fuchsia accounts that are provisioned on the device, launches and configures Authentication Provider components to perform authentication via service providers, and launches and delegates to Account Handler component instances to determine the detailed state and authentication for each account.
Each device that supports Fuchsia accounts will have a single instance of the Account Manager component, started on demand, that implements the discoverable fuchsia.auth.account.AccountManager FIDL interface and acts as the entry point to the account system. Only a small number of core system components should depend directly on Account Manager, the remaining components should only rely on the least powerful interface required to perform their role, typically fuchsia.auth.account.Persona or fuchsia.auth.TokenManager.
AccountManager
implements the fuchsia.auth.account.AccountManager FIDL interface. The crate's main function creates a single instance of this struct and uses it to handle all incoming requests.
AccountManager
maintains a single AccountHandlerContext
instance and a map from the local identifiers of all accounts on the device to an associated AccountHandlerConnection
. These AccountHandlerConnection
instances are created lazily upon the first request pertaining to a particular account.
AccountHandlerConnection
launches, initializes, and maintains a connection to an instance of the Account Handler component.
AccountHandlerContext
implements the fuchsia.auth.account.internal.AccountHandlerContext FIDL interface, using a map from all configured auth_provider_type strings to an associated AuthProviderConnection
.
The Account Manager is not yet fully complete. In particular the change listener interfaces and local authentication state are not finished.
Currently the set of Auth Providers known to Account Manager is hard coded. In the near future this will move to a config file based configuration that will let different build configurations install different Auth Providers. In the longer term we will support dynamic addition of Auth Providers at runtime.