@ohos.account.osAccount (System Account Management) (System API)
The osAccount module provides basic capabilities for managing system (OS) accounts, including adding, deleting, querying, setting, subscribing to, and enabling a system account.
NOTE
- The initial APIs of this module are supported since API version 7. Newly added APIs will be marked with a superscript to indicate their earliest API version.
- This topic describes only the system APIs provided by the module. For details about its public APIs, see ohos.account.osAccount (System Account Management).
Modules to Import
import { osAccount } from '@kit.BasicServicesKit';
AccountManager
Provides APIs for managing system accounts.
activateOsAccount
activateOsAccount(localId: number, callback: AsyncCallback<void>): void
Activates a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
| 12300010 | Service busy. Possible causes: The target account is being operated. |
| 12300016 | The number of logged in accounts reaches the upper limit. |
Example: Activate system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.activateOsAccount(localId, (err: BusinessError)=>{
if (err) {
console.error(`activateOsAccount failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('activateOsAccount successfully');
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`activateOsAccount failed, code is ${err.code}, message is ${err.message}`);
}
activateOsAccount
activateOsAccount(localId: number): Promise<void>
Activates a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
| 12300010 | Service busy. Possible causes: The target account is being operated. |
| 12300016 | The number of logged in accounts reaches the upper limit. |
Example: Activate system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.activateOsAccount(localId).then(() => {
console.info('activateOsAccount successfully');
}).catch((err: BusinessError) => {
console.error(`activateOsAccount failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`activateOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
activateOsAccount23+
activateOsAccount(localId: number, displayId: number): Promise<void>
Activates (Starts on the foreground or switches to) the target system account on the specified logical display. This API uses a promise to return the result.
Currently, cross-logical-display activation is not supported. That is, you cannot activate a system account that is already running on the foreground of another logical display on the specified logical display.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| displayId | number | Yes | Logical display ID. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
For details about the error codes, see Universal Error Codes and Account Management Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
| 12300010 | Service busy. Possible causes: The target account is being operated. |
| 12300016 | The number of logged in accounts reaches the upper limit. |
| 12300018 | Display not found. |
| 12300019 | Cross-display activation not supported. |
Example Activate the system account 100 on the logical screen 0.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let displayId: number = 0;
try {
accountManager.activateOsAccount(localId, displayId).then(() => {
console.info('activateOsAccount with displayId successfully');
}).catch((err: BusinessError) => {
console.error(`activateOsAccount with displayId failed, err: ${err.code} ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`activateOsAccount with displayId exception: ${err.code} ${err.message}`);
}
deactivateOsAccount12+
deactivateOsAccount(localId: number): Promise<void>
Deactivates (logs out of) a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
| 12300010 | Service busy. Possible causes: The target account is being operated. |
Example: Deactivate system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.deactivateOsAccount(localId).then(() => {
console.info('deactivateOsAccount successfully');
}).catch((err: BusinessError) => {
console.error(`deactivateOsAccount failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`deactivateOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
isOsAccountActivated11+
isOsAccountActivated(localId: number): Promise<boolean>
Checks whether a system account is activated. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value true means the account is activated; the value false means the opposite. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
Example: Check whether system account 100 is activated.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.isOsAccountActivated(localId).then((isActivated: boolean) => {
console.info('isOsAccountActivated successfully, isActivated: ' + isActivated);
}).catch((err: BusinessError) => {
console.error(`isOsAccountActivated failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`isOsAccountActivated exception: code is ${err.code}, message is ${err.message}`);
}
isOsAccountConstraintEnabled11+
isOsAccountConstraintEnabled(localId: number, constraint: string): Promise<boolean>
Checks whether a constraint is enabled for a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| constraint | string | Yes | Constraint to check. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value true means the specified constraint is enabled; the value false means the opposite. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
Example: Check whether system account 100 is forbidden to use Wi-Fi.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let constraint: string = 'constraint.wifi';
try {
accountManager.isOsAccountConstraintEnabled(localId, constraint).then((isEnabled: boolean) => {
console.info('isOsAccountConstraintEnabled successfully, isEnabled: ' + isEnabled);
}).catch((err: BusinessError) => {
console.error(`isOsAccountConstraintEnabled failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`isOsAccountConstraintEnabled exception: code is ${err.code}, message is ${err.message}`);
}
isOsAccountUnlocked11+
isOsAccountUnlocked(localId: number): Promise<boolean>
Checks whether a system account has been verified. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. If this parameter is not specified, this API checks whether the current system account has been verified. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value true means the system account has been verified; the value false means the opposite. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.isOsAccountUnlocked(localId).then((isVerified: boolean) => {
console.info('isOsAccountUnlocked successfully, isVerified: ' + isVerified);
}).catch((err: BusinessError) => {
console.error(`isOsAccountUnlocked failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`isOsAccountUnlocked exception: code is ${err.code}, message is ${err.message}`);
}
removeOsAccount
removeOsAccount(localId: number, callback: AsyncCallback<void>): void
Removes a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
| 12300010 | Service busy. Possible causes: The target account is being operated on. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let accountName: string = 'testAccountName';
try {
accountManager.createOsAccount(accountName, osAccount.OsAccountType.NORMAL,
(err: BusinessError, osAccountInfo: osAccount.OsAccountInfo) => {
accountManager.removeOsAccount(osAccountInfo.localId, (err: BusinessError)=>{
if (err) {
console.error(`removeOsAccount failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('removeOsAccount successfully');
}
});
});
} catch (e) {
const err = e as BusinessError;
console.error(`removeOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
removeOsAccount
removeOsAccount(localId: number): Promise<void>
Removes a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
| 12300010 | Service busy. Possible causes: The target account is being operated. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let accountName: string = 'testAccountName';
try {
accountManager.createOsAccount(accountName, osAccount.OsAccountType.NORMAL,
(err: BusinessError, osAccountInfo: osAccount.OsAccountInfo)=>{
accountManager.removeOsAccount(osAccountInfo.localId).then(() => {
console.info('removeOsAccount successfully');
}).catch((err: BusinessError) => {
console.error(`removeOsAccount failed, code is ${err.code}, message is ${err.message}`);
});
});
} catch (e) {
const err = e as BusinessError;
console.error(`removeOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
removeOsAccount24+
removeOsAccount(localId: number, options: RemoveOsAccountOptions): Promise<void>
Removes a specified system account based on the options. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| options | RemoveOsAccountOptions | Yes | Options for removing a system account. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId or options. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
| 12300010 | Service busy. Possible causes: The target account is being operated on. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let accountName: string = 'testAccountName';
let token: Uint8Array = new Uint8Array([0]);
let options: osAccount.RemoveOsAccountOptions = {
token: token,
}
try {
accountManager.createOsAccount(accountName, osAccount.OsAccountType.NORMAL,
(err: BusinessError, osAccountInfo: osAccount.OsAccountInfo)=>{
accountManager.removeOsAccount(osAccountInfo.localId, options).then(() => {
console.info('removeOsAccount successfully');
}).catch((err: BusinessError) => {
console.error(`removeOsAccount failed, code is ${err.code}, message is ${err.message}`);
});
});
} catch (e) {
const err = e as BusinessError;
console.error(`removeOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
setOsAccountConstraints
setOsAccountConstraints(localId: number, constraints: Array<string>, enable: boolean,callback: AsyncCallback<void>): void
Sets or removes constraints for a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| constraints | Array<string> | Yes | Constraints to set or remove. |
| enable | boolean | Yes | Whether to set or remove constraints. The value true means to set constraints, and false means to remove constraints. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId or constraints. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
Example: Disable Wi-Fi for system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let constraint: string = 'constraint.wifi';
try {
accountManager.setOsAccountConstraints(localId, [constraint], true, (err: BusinessError) => {
if (err) {
console.error(`setOsAccountConstraints failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('setOsAccountConstraints successfully');
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`setOsAccountConstraints exception: code is ${err.code}, message is ${err.message}`);
}
setOsAccountConstraints
setOsAccountConstraints(localId: number, constraints: Array<string>, enable: boolean): Promise<void>
Sets or removes constraints for a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| constraints | Array<string> | Yes | Constraints to set or remove. |
| enable | boolean | Yes | Set or remove constraints. The value true means to set constraints, and false means to remove constraints. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId or constraints. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
Example: Remove the constraint on the use of Wi-Fi for system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.setOsAccountConstraints(localId, ['constraint.location.set'], false).then(() => {
console.info('setOsAccountConstraints successfully');
}).catch((err: BusinessError) => {
console.error(`setOsAccountConstraints failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`setOsAccountConstraints exception: code is ${err.code}, message is ${err.message}`);
}
setOsAccountName
setOsAccountName(localId: number, localName: string, callback: AsyncCallback<void>): void
Sets the name of a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| localName | string | Yes | Account name to set. The value cannot exceed 1024 characters. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId or localName. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
Example: Set the name of system account 100 to demoName.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let name: string = 'demoName';
try {
accountManager.setOsAccountName(localId, name, (err: BusinessError) => {
if (err) {
console.error(`setOsAccountName failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('setOsAccountName successfully');
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`setOsAccountName exception: code is ${err.code}, message is ${err.message}`);
}
setOsAccountName
setOsAccountName(localId: number, localName: string): Promise<void>
Sets the name of a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| localName | string | Yes | Account name to set. The value cannot exceed 1024 characters. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId or localName. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
Example: Set the name of system account 100 to demoName.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let name: string = 'testName';
try {
accountManager.setOsAccountName(localId, name).then(() => {
console.info('setOsAccountName successfully');
}).catch((err: BusinessError) => {
console.error(`setOsAccountName failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`setOsAccountName exception: code is ${err.code}, message is ${err.message}`);
}
setOsAccountType24+
setOsAccountType(localId: number, type: OsAccountType, options?: SetOsAccountTypeOptions): Promise<void>
Sets the type of a specified system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| type | OsAccountType | Yes | Type of the system account. |
| options | SetOsAccountTypeOptions | No | Options for setting the system account type. This parameter is left empty by default. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type or options. |
| 12300003 | Account not found. |
| 12300008 | Restricted OS account. |
| 12300010 | Service busy. Possible causes: The target account is being operated. |
| 12300023 | The number of accounts of the specified type has reached the upper limit. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let type: osAccount.OsAccountType = osAccount.OsAccountType.ADMIN;
let options: osAccount.SetOsAccountTypeOptions = {
token: new Uint8Array([0, 1, 2, 3])
};
try {
accountManager.setOsAccountType(localId, type, options).then(() => {
console.info('setOsAccountType successfully');
}).catch((err: BusinessError) => {
console.error(`setOsAccountType failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`setOsAccountType exception: code is ${err.code}, message is ${err.message}`);
}
queryMaxOsAccountNumber
queryMaxOsAccountNumber(callback: AsyncCallback<number>): void
Queries the maximum number of system accounts that can be created. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | AsyncCallback<number> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the maximum number of system accounts that can be created. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.queryMaxOsAccountNumber((err: BusinessError, maxCnt: number) => {
if (err) {
console.error(`queryMaxOsAccountNumber failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('queryMaxOsAccountNumber successfully, maxCnt:' + maxCnt);
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryMaxOsAccountNumber exception: code is ${err.code}, message is ${err.message}`);
}
queryMaxOsAccountNumber
queryMaxOsAccountNumber(): Promise<number>
Queries the maximum number of system accounts that can be created. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise used to return the result. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.queryMaxOsAccountNumber().then((maxCnt: number) => {
console.info('queryMaxOsAccountNumber successfully, maxCnt: ' + maxCnt);
}).catch((err: BusinessError) => {
console.error(`queryMaxOsAccountNumber failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryMaxOsAccountNumber exception: code is ${err.code}, message is ${err.message}`);
}
queryMaxLoggedInOsAccountNumber12+
queryMaxLoggedInOsAccountNumber(): Promise<number>
Queries the maximum number of system accounts allowed to log in to the system. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise used to return the result. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.queryMaxLoggedInOsAccountNumber().then((maxNum: number) => {
console.info('queryMaxLoggedInOsAccountNumber successfully, maxNum: ' + maxNum);
}).catch((err: BusinessError) => {
console.error(`queryMaxLoggedInOsAccountNumber failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryMaxLoggedInOsAccountNumber exception: code is ${err.code}, message is ${err.message}`);
}
getEnabledOsAccountConstraints11+
getEnabledOsAccountConstraints(localId: number): Promise<Array<string>>
Obtains all the enabled constraints of a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<Array<string>> | Promise used to return all the enabled constraints of the system account. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
Example: Obtain all constraints of system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.getEnabledOsAccountConstraints(localId).then((constraints: string[]) => {
console.info('getEnabledOsAccountConstraints, constraints: ' + constraints);
}).catch((err: BusinessError) => {
console.error(`getEnabledOsAccountConstraints err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getEnabledOsAccountConstraints exception: code is ${err.code}, message is ${err.message}`);
}
queryAllCreatedOsAccounts
queryAllCreatedOsAccounts(callback: AsyncCallback<Array<OsAccountInfo>>): void
Queries information about all the system accounts created. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | AsyncCallback<Array<OsAccountInfo>> | Yes | Callback used to return the result. If the operation is successful, err is null and data is a list of all created system accounts. Otherwise, data is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.queryAllCreatedOsAccounts((err: BusinessError, accountArr: osAccount.OsAccountInfo[])=>{
if (err) {
console.error(`queryAllCreatedOsAccounts exception:code is ${err.code}, message is ${err.message}`);
} else {
console.info('queryAllCreatedOsAccounts accountArr:' + JSON.stringify(accountArr));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryAllCreatedOsAccounts exception: code is ${err.code}, message is ${err.message}`);
}
queryAllCreatedOsAccounts
queryAllCreatedOsAccounts(): Promise<Array<OsAccountInfo>>
Queries information about all the system accounts created. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Return value
| Type | Description |
|---|---|
| Promise<Array<OsAccountInfo>> | Promise used to return the information about all the system accounts created. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.queryAllCreatedOsAccounts().then((accountArr: osAccount.OsAccountInfo[]) => {
console.info('queryAllCreatedOsAccounts, accountArr: ' + JSON.stringify(accountArr));
}).catch((err: BusinessError) => {
console.error(`queryAllCreatedOsAccounts err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryAllCreatedOsAccounts exception: code is ${err.code}, message is ${err.message}`);
}
createOsAccount
createOsAccount(localName: string, type: OsAccountType, callback: AsyncCallback<OsAccountInfo>): void
Creates a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localName | string | Yes | Name of the system account to create. |
| type | OsAccountType | Yes | Type of the system account to create. |
| callback | AsyncCallback<OsAccountInfo> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the created system account. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localName or type. |
| 12300004 | Local name already exists. |
| 12300005 | Multi-user not supported. |
| 12300006 | Unsupported account type. |
| 12300007 | The number of accounts has reached the upper limit. |
| 12300023 | The number of accounts of the specified type has reached the upper limit. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.createOsAccount('testName', osAccount.OsAccountType.NORMAL,
(err: BusinessError, osAccountInfo: osAccount.OsAccountInfo)=>{
if (err) {
console.error(`createOsAccount exception:code is ${err.code}, message is ${err.message}`);
} else {
console.info('createOsAccount osAccountInfo:' + JSON.stringify(osAccountInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`createOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
createOsAccount
createOsAccount(localName: string, type: OsAccountType, options?: CreateOsAccountOptions): Promise<OsAccountInfo>
Creates a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localName | string | Yes | Name of the system account to create. |
| type | OsAccountType | Yes | Type of the system account to create. |
| options | CreateOsAccountOptions | No | Options for creating a system account. By default, this parameter is left blank. This parameter is supported since API version 12. |
Return value
| Type | Description |
|---|---|
| Promise<OsAccountInfo> | Promise used to return the information about the created system account. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localName, type or options. |
| 12300004 | Local name already exists. |
| 12300005 | Multi-user not supported. |
| 12300006 | Unsupported account type. |
| 12300007 | The number of accounts has reached the upper limit. |
| 12300015 | The short name already exists. |
| 12300023 | The number of accounts of the specified type has reached the upper limit. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let options: osAccount.CreateOsAccountOptions = {
shortName: 'myShortName',
disallowedPreinstalledBundles: [],
allowedPreinstalledBundles: [],
}
try {
accountManager.createOsAccount('testAccountName', osAccount.OsAccountType.NORMAL, options).then(
(accountInfo: osAccount.OsAccountInfo) => {
console.info('createOsAccount, accountInfo: ' + JSON.stringify(accountInfo));
}).catch((err: BusinessError) => {
console.error(`createOsAccount err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`createOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
createOsAccountForDomain8+
createOsAccountForDomain(type: OsAccountType, domainInfo: DomainAccountInfo, callback: AsyncCallback<OsAccountInfo>): void
Creates a system account and associates it with the specified domain account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | OsAccountType | Yes | Type of the system account to create. |
| domainInfo | DomainAccountInfo | Yes | Domain account information. |
| callback | AsyncCallback<OsAccountInfo> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the created system account. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type or domainInfo. |
| 12300004 | Account already exists. |
| 12300005 | Multi-user not supported. |
| 12300006 | Unsupported account type. |
| 12300007 | The number of accounts has reached the upper limit. |
| 12300023 | The number of accounts of the specified type has reached the upper limit. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let domainInfo: osAccount.DomainAccountInfo =
{domain: 'testDomain', accountName: 'testAccountName'};
try {
accountManager.createOsAccountForDomain(osAccount.OsAccountType.NORMAL, domainInfo,
(err: BusinessError, osAccountInfo: osAccount.OsAccountInfo)=>{
if (err) {
console.error(`createOsAccountForDomain exception:code is ${err.code}, message is ${err.message}`);
} else {
console.info('createOsAccountForDomain osAccountInfo:' + JSON.stringify(osAccountInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`createOsAccountForDomain exception: code is ${err.code}, message is ${err.message}`);
}
createOsAccountForDomain8+
createOsAccountForDomain(type: OsAccountType, domainInfo: DomainAccountInfo, options?: CreateOsAccountForDomainOptions): Promise<OsAccountInfo>
Creates a system account and associates it with the specified domain account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | OsAccountType | Yes | Type of the system account to create. |
| domainInfo | DomainAccountInfo | Yes | Domain account information. |
| options | CreateOsAccountForDomainOptions | No | Optional parameters for creating the account. By default, this parameter is left blank. This parameter is supported since API version 12. |
Return value
| Type | Description |
|---|---|
| Promise<OsAccountInfo> | Promise used to return the information about the created system account. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 204 | Access denied due to user access control policy. Possible causes: 1. The operation is restricted by the OS-account constraint. 2. The required privilege for the operation has not been granted. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type, domainInfo or options. |
| 12300004 | Account already exists. |
| 12300005 | Multi-user not supported. |
| 12300006 | Unsupported account type. |
| 12300007 | The number of accounts has reached the upper limit. |
| 12300015 | The short name already exists. |
| 12300023 | The number of accounts of the specified type has reached the upper limit. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let domainInfo: osAccount.DomainAccountInfo =
{domain: 'testDomain', accountName: 'testAccountName'};
let options: osAccount.CreateOsAccountForDomainOptions = {
shortName: 'myShortName'
}
try {
accountManager.createOsAccountForDomain(osAccount.OsAccountType.NORMAL, domainInfo, options).then(
(accountInfo: osAccount.OsAccountInfo) => {
console.info('createOsAccountForDomain, account info: ' + JSON.stringify(accountInfo));
}).catch((err: BusinessError) => {
console.error(`createOsAccountForDomain err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`createOsAccountForDomain exception: code is ${err.code}, message is ${err.message}`);
}
queryOsAccount11+
queryOsAccount(): Promise<OsAccountInfo>
Obtains information about the system account to which the current process belongs. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.GET_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Return value
| Type | Description |
|---|---|
| Promise<OsAccountInfo> | Promise used to return the system account information obtained. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.queryOsAccount().then((accountInfo: osAccount.OsAccountInfo) => {
console.info('queryOsAccount, accountInfo: ' + JSON.stringify(accountInfo));
}).catch((err: BusinessError) => {
console.error(`queryOsAccount err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
queryOsAccountById
queryOsAccountById(localId: number, callback: AsyncCallback<OsAccountInfo>): void
Queries information about the system account of the given ID. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| callback | AsyncCallback<OsAccountInfo> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the system account information obtained. Otherwise, data is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
Example: Query information about system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.queryOsAccountById(localId, (err: BusinessError, accountInfo: osAccount.OsAccountInfo)=>{
if (err) {
console.error(`queryOsAccountById exception:code is ${err.code}, message is ${err.message}`);
} else {
console.info('queryOsAccountById accountInfo:' + JSON.stringify(accountInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryOsAccountById exception: code is ${err.code}, message is ${err.message}`);
}
queryOsAccountById
queryOsAccountById(localId: number): Promise<OsAccountInfo>
Queries information about the system account of the given ID. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<OsAccountInfo> | Promise used to return the system account information obtained. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
Example: Query information about system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.queryOsAccountById(localId).then((accountInfo: osAccount.OsAccountInfo) => {
console.info('queryOsAccountById, accountInfo: ' + JSON.stringify(accountInfo));
}).catch((err: BusinessError) => {
console.error(`queryOsAccountById err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`queryOsAccountById exception: code is ${err.code}, message is ${err.message}`);
}
getOsAccountProfilePhoto
getOsAccountProfilePhoto(localId: number, callback: AsyncCallback<string>): void
Obtains the profile photo of a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| callback | AsyncCallback<string> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the profile photo information obtained. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
Example: Obtain the profile photo of system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.getOsAccountProfilePhoto(localId, (err: BusinessError, photo: string)=>{
if (err) {
console.error(`getOsAccountProfilePhoto exception:code is ${err.code}, message is ${err.message}`);
} else {
console.info('get photo:' + photo + ' by localId: ' + localId);
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getOsAccountProfilePhoto exception: code is ${err.code}, message is ${err.message}`);
}
getOsAccountProfilePhoto
getOsAccountProfilePhoto(localId: number): Promise<string>
Obtains the profile photo of a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<string> | Promise used to return the profile photo information obtained. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | Account not found. |
Example: Obtain the profile photo of system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.getOsAccountProfilePhoto(localId).then((photo: string) => {
console.info('getOsAccountProfilePhoto: ' + photo);
}).catch((err: BusinessError) => {
console.error(`getOsAccountProfilePhoto err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getOsAccountProfilePhoto exception: code is ${err.code}, message is ${err.message}`);
}
setOsAccountProfilePhoto
setOsAccountProfilePhoto(localId: number, photo: string, callback: AsyncCallback<void>): void
Sets a profile photo for a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| photo | string | Yes | Profile photo information. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId or photo. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
Example: Set a profile photo for system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let photo: string = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA0AAAAPCAYAAAA/I0V3AAAAAXNSR0IArs4c6QAAAARnQU1BAA'+
'Cxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAACwSURBVDhPvZLBDYMwDEV/ugsXRjAT0EHCOuFIBwkbdIRewi6unbiAyoGgSn1SFH85+Y'+
'q/4ljARW62X+LHS8uIzjm4dXUYF+utzBikB52Jo5e5iEPKqpACk7R9NM2RvWm5tIkD2czLCUFNKLD6IjdMHFHDzws285MgGrT0xCtp3WOKHo'+
'+7q0mP0DZW9pNmoEFUzrQjp5cCnaen2kSJXLFD8ghbXyZCMQf/8e8Ns1XVAG/XAgqKzVnJFAAAAABJRU5ErkJggg=='
try {
accountManager.setOsAccountProfilePhoto(localId, photo, (err: BusinessError)=>{
if (err) {
console.error(`setOsAccountProfilePhoto exception:code is ${err.code}, message is ${err.message}`);
} else {
console.info('setOsAccountProfilePhoto successful.');
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`setOsAccountProfilePhoto exception: code is ${err.code}, message is ${err.message}`);
}
setOsAccountProfilePhoto
setOsAccountProfilePhoto(localId: number, photo: string): Promise<void>
Sets a profile photo for a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| photo | string | Yes | Profile photo information. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId or photo. |
| 12300003 | Account not found. |
| 12300008 | Restricted Account. |
Example: Set a profile photo for system account 100.
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
let photo: string = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA0AAAAPCAYAAAA/I0V3AAAAAXNSR0IArs4c6QAAAARnQU1BAA'+
'Cxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAACwSURBVDhPvZLBDYMwDEV/ugsXRjAT0EHCOuFIBwkbdIRewi6unbiAyoGgSn1SFH85+Y'+
'q/4ljARW62X+LHS8uIzjm4dXUYF+utzBikB52Jo5e5iEPKqpACk7R9NM2RvWm5tIkD2czLCUFNKLD6IjdMHFHDzws285MgGrT0xCtp3WOKHo'+
'+7q0mP0DZW9pNmoEFUzrQjp5cCnaen2kSJXLFD8ghbXyZCMQf/8e8Ns1XVAG/XAgqKzVnJFAAAAABJRU5ErkJggg=='
try {
accountManager.setOsAccountProfilePhoto(localId, photo).then(() => {
console.info('setOsAccountProfilePhoto success');
}).catch((err: BusinessError) => {
console.error(`setOsAccountProfilePhoto err: code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`setOsAccountProfilePhoto exception: code is ${err.code}, message is ${err.message}`);
}
on
on(type: 'activate' | 'activating', name: string, callback: Callback<number>): void
Subscribes to the system account activation states, including the states of the account being activated and the account with activation completed. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | 'activate' | 'activating' | Yes | Type of the event to subscribe to. The value activate indicates that a system account is activated, and activating indicates that a system account is being activated. |
| name | string | Yes | Subscription name, which can be customized. The value cannot be empty or exceed 1024 bytes. |
| callback | Callback<number> | Yes | Callback used to return the ID of the system account being activated or activated. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type or name. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
function onCallback(receiveLocalId: number){
console.info('receive localId:' + receiveLocalId);
}
try {
accountManager.on('activating', 'osAccountOnOffNameA', onCallback);
} catch (e) {
const err = e as BusinessError;
console.error(`receive localId exception: code is ${err.code}, message is ${err.message}`);
}
off
off(type: 'activate' | 'activating', name: string, callback?: Callback<number>): void
Unsubscribes from the system account activation states, including the states of the account being activated and the account with activation completed. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | 'activate' | 'activating' | Yes | Type of the event to unsubscribe from. The value activate indicates that a system account is activated, and activating indicates that a system account is being activated. |
| name | string | Yes | Subscription name, which can be customized. The value cannot be empty or exceed 1024 bytes, and must be the same as the value passed by on(). |
| callback | Callback<number> | No | Callback to unregister. By default, this parameter is left empty, which unregisters all callbacks for the system account activation states. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type or name. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
function offCallback(){
console.info('off enter')
}
try {
accountManager.off('activating', 'osAccountOnOffNameA', offCallback);
} catch (e) {
const err = e as BusinessError;
console.error(`off exception: code is ${err.code}, message is ${err.message}`);
}
on12+
on(type: 'switching', callback: Callback<OsAccountSwitchEventData>): void
Subscribes to the switchover between a foreground system account and a background system account in progress. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
The ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS permission is supported since API version 23.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | 'switching' | Yes | Event type. The value switching indicates that the switchover between a foreground system account and a background account is being performed. |
| callback | Callback<OsAccountSwitchEventData> | Yes | Callback to be invoked when a system account is switching between the foreground and background. The source and target system account IDs are subscribed to. Note: Since API version 23, the optional field displayId is available, indicating the ID of the logical display where the switch event occurs. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
function onSwitchingCallback(eventData: osAccount.OsAccountSwitchEventData){
console.info('receive eventData:' + JSON.stringify(eventData));
}
try {
accountManager.on('switching', onSwitchingCallback);
} catch (e) {
const err = e as BusinessError;
console.error(`receive eventData exception: code is ${err.code}, message is ${err.message}`);
}
off12+
off(type: 'switching', callback?: Callback<OsAccountSwitchEventData>): void
Unsubscribes from the switchover between a foreground system account and a background system account in progress. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
The ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS permission is supported since API version 23.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | 'switching' | Yes | Event type. The value switching indicates that the switchover between a foreground system account and a background account is being performed. |
| callback | Callback<OsAccountSwitchEventData> | No | Callback to unregister. By default, this parameter is left empty, which unregisters all callbacks for the switching event. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.off('switching');
} catch (e) {
const err = e as BusinessError;
console.error(`off exception: code is ${err.code}, message is ${err.message}`);
}
on12+
on(type: 'switched', callback: Callback<OsAccountSwitchEventData>): void
Subscribes to the end of a switchover between a foreground system account and a background system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
The ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS permission is supported since API version 23.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | 'switched' | Yes | Event type. The value switched indicates that the switchover between a foreground system account and a background system account is complete. |
| callback | Callback<OsAccountSwitchEventData> | Yes | Callback to be invoked when a system account is switched between the foreground and background. The source and target system account IDs are subscribed to. Note: Since API version 23, the optional field displayId is available, indicating the ID of the logical display where the switch event occurs. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
function onSwitchedCallback(eventData: osAccount.OsAccountSwitchEventData){
console.info('receive eventData:' + JSON.stringify(eventData));
}
try {
accountManager.on('switched', onSwitchedCallback);
} catch (e) {
const err = e as BusinessError;
console.error(`receive eventData exception: code is ${err.code}, message is ${err.message}`);
}
off12+
off(type: 'switched', callback?: Callback<OsAccountSwitchEventData>): void
Unsubscribes from the end of a switchover between a foreground system account and a background system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
The ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS permission is supported since API version 23.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | 'switched' | Yes | Event type. The value switched indicates that the switchover between a foreground system account and a background system account is complete. |
| callback | Callback<OsAccountSwitchEventData> | No | Callback to unregister. By default, this parameter is left empty, which unregisters all callbacks for the switched event. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid type. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.off('switched');
} catch (e) {
const err = e as BusinessError;
console.error(`off exception: code is ${err.code}, message is ${err.message}`);
}
onConstraintChanged23+
onConstraintChanged(constraints: string[], callback: Callback<ConstraintChangeInfo>): void
Subscribes to one or more constraint change events of the system account to which the caller belongs. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| constraints | string[] | Yes | List of constraints to be subscribed to. |
| callback | Callback<ConstraintChangeInfo> | Yes | Callback used to listen for the constraint change events. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | One or more constraints are invalid. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let constraint: string = 'constraint.wifi';
const callback:Callback<osAccount.ConstraintChangeInfo> = (data: osAccount.ConstraintChangeInfo): void => {
console.info(`ConstraintChangeInfo received, constraint: ${data.constraint} isEnabled: ${data.isEnabled}`);
};
try {
accountManager.onConstraintChanged([constraint], callback);
} catch (e) {
const err = e as BusinessError;
console.error(`onConstraintChanged exception: code is ${err.code}, message is ${err.message}`);
}
offConstraintChanged23+
offConstraintChanged(callback?: Callback<ConstraintChangeInfo>): void
Unsubscribes from constraint change events associated with the specified callback. If no callback is specified, this API unsubscribes from all subscription records.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | Callback<ConstraintChangeInfo> | No | Callback used to listen for the constraint change events. The default value is undefined, indicating that all subscription records are unsubscribed. If this parameter is not undefined, the subscription records associated with the callback are unsubscribed. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let constraint: string = 'constraint.wifi';
const callback:Callback<osAccount.ConstraintChangeInfo> = (data: osAccount.ConstraintChangeInfo): void => {
console.info(`ConstraintChangeInfo received, constraint: ${data.constraint} isEnabled: ${data.isEnabled}`);
};
try {
accountManager.onConstraintChanged([constraint], callback);
} catch (e) {
const err = e as BusinessError;
console.error(`onConstraintChanged exception: code is ${err.code}, message is ${err.message}`);
}
try {
accountManager.offConstraintChanged(callback);
} catch (e) {
const err = e as BusinessError;
console.error(`offConstraintChanged exception: code is ${err.code}, message is ${err.message}`);
}
getBundleIdForUid9+
getBundleIdForUid(uid: number, callback: AsyncCallback<number>): void
Obtains the bundle ID based on the specified UID. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| uid | number | Yes | Process UID. |
| callback | AsyncCallback<number> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the bundle ID obtained. Otherwise, data is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid uid. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let testUid: number = 1000000;
try {
accountManager.getBundleIdForUid(testUid, (err: BusinessError, bundleId: number) => {
if (err) {
console.error(`getBundleIdForUid errInfo:code is ${err.code}, message is ${err.message}`);
} else {
console.info('getBundleIdForUid bundleId:' + JSON.stringify(bundleId));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getBundleIdForUid exception: code is ${err.code}, message is ${err.message}`);
}
getBundleIdForUid9+
getBundleIdForUid(uid: number): Promise<number>
Obtains the bundle ID based on the specified UID. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| uid | number | Yes | Process UID. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise used to return the bundle ID obtained. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid uid. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let testUid: number = 1000000;
try {
accountManager.getBundleIdForUid(testUid).then((result: number) => {
console.info('getBundleIdForUid bundleId:' + JSON.stringify(result));
}).catch((err: BusinessError) => {
console.error(`getBundleIdForUid errInfo:code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getBundleIdForUid exception: code is ${err.code}, message is ${err.message}`);
}
getBundleIdForUidSync10+
getBundleIdForUidSync(uid: number): number
Obtains the bundle ID based on the specified UID. The API returns the result synchronously.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| uid | number | Yes | Process UID. |
Return value
| Type | Description |
|---|---|
| number | Bundle ID obtained. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300002 | Invalid uid. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let testUid: number = 1000000;
try {
let bundleId : number = accountManager.getBundleIdForUidSync(testUid);
console.info('getBundleIdForUidSync bundleId:' + bundleId);
} catch (e) {
const err = e as BusinessError;
console.error(`getBundleIdForUidSync exception: code is ${err.code}, message is ${err.message}`);
}
isMainOsAccount9+
isMainOsAccount(callback: AsyncCallback<boolean>): void
Checks whether the current process belongs to the main system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | AsyncCallback<boolean> | Yes | Callback used to return the result. If true is returned, the current process belongs to the main system account. If false is returned, the current process does not belong to the main system account. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.isMainOsAccount((err: BusinessError,result: boolean)=>{
if (err) {
console.error(`isMainOsAccount errInfo:code is ${err.code}, message is ${err.message}`);
} else {
console.info('isMainOsAccount result:' + JSON.stringify(result));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`isMainOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
isMainOsAccount9+
isMainOsAccount(): Promise<boolean>
Checks whether the current process belongs to the main system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. If true is returned, the current process belongs to the main system account. If false is returned, the current process does not belong to the main system account. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.isMainOsAccount().then((result: boolean) => {
console.info('isMainOsAccount result:' + JSON.stringify(result));
}).catch((err: BusinessError) => {
console.error(`isMainOsAccount errInfo:code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`isMainOsAccount exception: code is ${err.code}, message is ${err.message}`);
}
getForegroundOsAccountLocalId23+
getForegroundOsAccountLocalId(displayId: number): Promise<number>
Obtains the ID of the foreground system account running on a specified logical display. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| displayId | number | Yes | Logical display ID. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise used to return the system account ID. |
Error codes
For details about the error codes, see Universal Error Codes and Account Management Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300017 | The foreground OS account is not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let displayId: number = 0;
try {
accountManager.getForegroundOsAccountLocalId(displayId).then((localId: number) => {
console.info('foreground account on display ' + displayId + ' is ' + localId);
}).catch((err: BusinessError) => {
console.error(`getForegroundOsAccountLocalId failed: ${err.code} ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getForegroundOsAccountLocalId exception: ${err.code} ${err.message}`);
}
getForegroundOsAccountDisplayId23+
getForegroundOsAccountDisplayId(localId: number): Promise<number>
Obtains the logical display ID of the specified foreground system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise used to return the logical display ID. |
Error codes
For details about the error codes, see Universal Error Codes and Account Management Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300017 | The foreground OS account is not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
let localId: number = 100;
try {
accountManager.getForegroundOsAccountDisplayId(localId).then((displayId: number) => {
console.info('account ' + localId + ' foreground displayId: ' + displayId);
}).catch((err: BusinessError) => {
console.error(`getForegroundOsAccountDisplayId failed: ${err.code} ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getForegroundOsAccountDisplayId exception: ${err.code} ${err.message}`);
}
getOsAccountConstraintSourceTypes9+
getOsAccountConstraintSourceTypes(localId: number, constraint: string, callback: AsyncCallback<Array<ConstraintSourceTypeInfo>>): void
Obtains the constraint source information of a system account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| constraint | string | Yes | Constraint whose source information is to be obtained. |
| callback | AsyncCallback<Array<ConstraintSourceTypeInfo>> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the constraint source information obtained. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid name or constraint. |
| 12300003 | Account not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.getOsAccountConstraintSourceTypes(100, 'constraint.wifi',
(err: BusinessError,sourceTypeInfos: osAccount.ConstraintSourceTypeInfo[])=>{
if (err) {
console.error(`getOsAccountConstraintSourceTypes errInfo:code is ${err.code}, message is ${err.message}`);
} else {
console.info('getOsAccountConstraintSourceTypes sourceTypeInfos:' + JSON.stringify(sourceTypeInfos));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getOsAccountConstraintSourceTypes exception: code is ${err.code}, message is ${err.message}`);
}
getOsAccountConstraintSourceTypes9+
getOsAccountConstraintSourceTypes(localId: number, constraint: string): Promise<Array<ConstraintSourceTypeInfo>>
Obtains the constraint source information of a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| constraint | string | Yes | Constraint whose source information is to be obtained. |
Return value
| Type | Description |
|---|---|
| Promise<Array<ConstraintSourceTypeInfo>> | Promise used to return the source information of the specified constraint. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid name or constraint. |
| 12300003 | Account not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
accountManager.getOsAccountConstraintSourceTypes(100, 'constraint.wifi').then(
(result: osAccount.ConstraintSourceTypeInfo[]) => {
console.info('getOsAccountConstraintSourceTypes sourceTypeInfos:' + JSON.stringify(result));
}).catch((err: BusinessError) => {
console.error(`getOsAccountConstraintSourceTypes errInfo:code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getOsAccountConstraintSourceTypes exception: code is ${err.code}, message is ${err.message}`);
}
getOsAccountType12+
getOsAccountType(localId: number): Promise<OsAccountType>
Obtains the type of a specified system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
Return value
| Type | Description |
|---|---|
| Promise<OsAccountType> | Promise used to return the type of the system account obtained. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
let localId: number = 100;
accountManager.getOsAccountType(localId).then((type: osAccount.OsAccountType) => {
console.info('getOsAccountType Type:' + type);
}).catch((err: BusinessError) => {
console.error(`getOsAccountType errInfo:code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getOsAccountType exception: code is ${err.code}, message is ${err.message}`);
}
bindDomainAccount20+
bindDomainAccount(localId: number, domainAccountInfo: DomainAccountInfo): Promise<void>
Binds a domain account to a system account. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | ID of the target system account. |
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
For details about the error codes, see Universal Error Codes and Account Management Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid domain account information. |
| 12300003 | The OS account not found. |
| 12300008 | Restricted OS account. Possible causes: The OS account cannot be bound. |
| 12300010 | Service busy. Possible causes: The target OS account or domain account is being operated. |
| 12300021 | The OS account is already bound. |
| 12300022 | The domain account is already bound. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let accountManager: osAccount.AccountManager = osAccount.getAccountManager();
try {
let localId: number = 100;
let domainInfo: osAccount.DomainAccountInfo =
{ domain: 'testDomain', accountName: 'testAccountName' };
accountManager.bindDomainAccount(localId, domainInfo).then(() => {
console.info('bindDomainAccount success.');
}).catch((error: BusinessError) => {
console.error(`bindDomainAccount failed, errCode=${error.code}, errMsg=${error.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`bindDomainAccount error, errCode=${error.code}, errMsg=${error.message}`);
}
osAccount.getAuthorizationManager24+
getAuthorizationManager(): AuthorizationManager
Obtains this system account authorization manager.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
Return value
| Type | Description |
|---|---|
| AuthorizationManager | Instance object of the system account authorization manager. |
Error codes
For details about the error codes, see Universal Error Codes.
| ID | Error Message |
|---|---|
| 202 | Not system application. |
Example
let authorizationManager: osAccount.AuthorizationManager = osAccount.getAuthorizationManager();
AuthorizationManager24+
Defines the system account authorization manager class.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
acquireAuthorization24+
acquireAuthorization(privilege: string, options?: AcquireAuthorizationOptions): Promise<AcquireAuthorizationResult>
Acquires an authorization for a process.
System API: This is a system API.
Required permissions: ohos.permission.ACQUIRE_LOCAL_ACCOUNT_AUTHORIZATION
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| privilege | string | Yes | Target permission. For details, see configuration file. |
| options | AcquireAuthorizationOptions | No | Authorization options. This parameter is left empty by default. |
Return value
| Type | Description |
|---|---|
| Promise<AcquireAuthorizationResult> | Promise used to return the authorization result. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid privilege or options. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let authorizationManager: osAccount.AuthorizationManager = osAccount.getAuthorizationManager();
let privilege: string = 'testPrivilege';
let options: osAccount.AcquireAuthorizationOptions = {
challenge: new Uint8Array([1, 2, 3]),
isReuseNeeded: true,
isInteractionAllowed: true,
};
try {
authorizationManager.acquireAuthorization(privilege, options).then((result: osAccount.AcquireAuthorizationResult) => {
console.info(`acquireAuthorization successfully, resultCode: ${result.resultCode}`);
}).catch((err: BusinessError) => {
console.error(`acquireAuthorization failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`acquireAuthorization exception: code is ${err.code}, message is ${err.message}`);
}
hasAuthorization24+
hasAuthorization(privilege: string): Promise<boolean>
Checks whether the current process has specified authorization.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| privilege | string | Yes | Target permission. For details, see configuration file. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value true indicates that the current process has specified authorization, and false indicates the opposite. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid privilege. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let authorizationManager: osAccount.AuthorizationManager = osAccount.getAuthorizationManager();
let privilege: string = 'testPrivilege';
try {
authorizationManager.hasAuthorization(privilege).then((isAuthorized: boolean) => {
console.info(`Privilege: ${privilege} has been authorized: ${isAuthorized}`);
}).catch((e:Error) => {
const err = e as BusinessError;
console.error(`hasAuthorization failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`hasAuthorization exception: code is ${err.code}, message is ${err.message}`);
}
releaseAuthorization24+
releaseAuthorization(privilege: string): Promise<void>
Releases the specified authorization for the current process.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| privilege | string | Yes | Target permission. For details, see configuration file. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid privilege. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let authorizationManager: osAccount.AuthorizationManager = osAccount.getAuthorizationManager();
let privilege: string = 'testPrivilege';
try {
authorizationManager.releaseAuthorization(privilege).then(() => {
console.info('releaseAuthorization success');
}).catch((e:Error) => {
const err = e as BusinessError;
console.error(`releaseAuthorization failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`releaseAuthorization exception: code is ${err.code}, message is ${err.message}`);
}
AcquireAuthorizationOptions24+
Defines the options for acquiring the authorization.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| challenge | Uint8Array | No | Yes | Random challenge value, which prevents replay attacks. The value contains a maximum of 32 bytes. The default value is undefined. |
| isReuseNeeded | boolean | No | Yes | Whether to reuse the previous authorization. The default value is true. If the value is true and the authorization result is valid, the result will be reused. Otherwise, a new authorization will be executed. |
| isInteractionAllowed | boolean | No | Yes | Whether user interaction is allowed. The default value is true. If the value is true, the authorization dialog box can be displayed in the interaction context. If the value is false, the authorization dialog box cannot be displayed. Note: This option is valid only when the caller is in the foreground. If the caller is in the background, user interaction is not allowed. |
| interactionContext | Context | No | Yes | User interaction context configuration. The default value is undefined. - If no context is specified, the authorization dialog box is displayed in modal system mode. - If UIAbilityContext or UIExtensionContext is specified, the authorization dialog box is displayed in modal application mode. - If no valid context is provided, the authorization dialog box cannot be displayed. Note: This parameter is valid only when isInteractionAllowed is set to true. |
AuthorizationResultCode24+
Enumerates authorization result codes.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
| Name | Value | Description |
|---|---|---|
| AUTHORIZATION_SUCCESS | 0 | The authorization is successful. |
| AUTHORIZATION_CANCELED | 12300301 | The authorization is canceled. |
| AUTHORIZATION_INTERACTION_NOT_ALLOWED | 12300302 | The authorization is rejected because user interaction is not allowed. Possible causes: 1. The caller is in the background. 2. The value of isInteractionAllowed is false. 3. The specified interaction context is invalid. |
| AUTHORIZATION_DENIED | 12300303 | The authorization is rejected because the authorization rules are not met, for example, the account type is not an administrator or the device type is not supported. |
| AUTHORIZATION_SERVICE_BUSY | 12300304 | Authorization service is busy. Possible cause: Another authorization is being processed. |
AcquireAuthorizationResult24+
Defines the result of the authorization.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Model constraint: This API can be used only in the stage model.
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| resultCode | AuthorizationResultCode | No | No | Authorization result code. |
| privilege | string | No | No | Permission associated with the authorization. |
| isReused | boolean | No | Yes | Whether the authorization result is reused. The default value is undefined. true: The authorization result is reused. false: The authorization result is not reused. |
| validityPeriod | number | No | Yes | Validity period of the authorization, in seconds. The default value is 300. |
| token | Uint8Array | No | Yes | Authorization token. The default value is undefined. |
UserAuth8+
Provides APIs for user authentication.
System API: This is a system API.
constructor8+
constructor()
A constructor used to create an instance for user authentication.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
Example
let userAuth = new osAccount.UserAuth();
getVersion8+
getVersion(): number
Obtains this version number.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Return value
| Type | Description |
|---|---|
| number | Version number obtained. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
Example
let userAuth = new osAccount.UserAuth();
let version: number = userAuth.getVersion();
console.info('getVersion version = ' + version);
getAvailableStatus8+
getAvailableStatus(authType: AuthType, authTrustLevel: AuthTrustLevel): number
Obtains the available status of the authentication capability corresponding to the specified authentication type and trust level.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authType | AuthType | Yes | Authentication credential type. |
| authTrustLevel | AuthTrustLevel | Yes | Trust level of the authentication. |
Return value
| Type | Description |
|---|---|
| number | Available status of the authentication capability. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid authType or authTrustLevel. |
| 12300117 | PIN is expired. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let authType: osAccount.AuthType = osAccount.AuthType.PIN;
let authTrustLevel: osAccount.AuthTrustLevel = osAccount.AuthTrustLevel.ATL1;
try {
let status: number = userAuth.getAvailableStatus(authType, authTrustLevel);
console.info('getAvailableStatus status = ' + status);
} catch (e) {
const err = e as BusinessError;
console.error(`getAvailableStatus exception = code is ${err.code}, message is ${err.message}`);
}
getProperty8+
getProperty(request: GetPropertyRequest, callback: AsyncCallback<ExecutorProperty>): void
Obtains the executor property based on the request. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| request | GetPropertyRequest | Yes | Request information, including the authentication credential type and property list. |
| callback | AsyncCallback<ExecutorProperty> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the executor property information obtained. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid request. |
| 12300003 | Account not found. |
| 12300020 | Device hardware abnormal. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let keys: Array<osAccount.GetPropertyType> = [
osAccount.GetPropertyType.AUTH_SUB_TYPE,
osAccount.GetPropertyType.REMAIN_TIMES,
osAccount.GetPropertyType.FREEZING_TIME
];
let request: osAccount.GetPropertyRequest = {
authType: osAccount.AuthType.PIN,
keys: keys
};
try {
userAuth.getProperty(request, (err: BusinessError, result: osAccount.ExecutorProperty) => {
if (err) {
console.error(`getProperty exception = code is ${err.code}, message is ${err.message}`);
} else {
console.info('getProperty result = ' + JSON.stringify(result));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getProperty exception = code is ${err.code}, message is ${err.message}`);
}
getProperty8+
getProperty(request: GetPropertyRequest): Promise<ExecutorProperty>
Obtains the executor property based on the request. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| request | GetPropertyRequest | Yes | Request information, including the authentication credential type and property list. |
Return value
| Type | Description |
|---|---|
| Promise<ExecutorProperty> | Promise used to return the executor property. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid request. |
| 12300003 | Account not found. |
| 12300020 | Device hardware abnormal. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let keys: Array<osAccount.GetPropertyType> = [
osAccount.GetPropertyType.AUTH_SUB_TYPE,
osAccount.GetPropertyType.REMAIN_TIMES,
osAccount.GetPropertyType.FREEZING_TIME
];
let request: osAccount.GetPropertyRequest = {
authType: osAccount.AuthType.PIN,
keys: keys
};
try {
userAuth.getProperty(request).then((result: osAccount.ExecutorProperty) => {
console.info('getProperty result = ' + JSON.stringify(result));
}).catch((err: BusinessError) => {
console.error(`getProperty error = code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getProperty exception = code is ${err.code}, message is ${err.message}`);
}
getPropertyByCredentialId14+
getPropertyByCredentialId(credentialId: Uint8Array, keys: Array<GetPropertyType>): Promise<ExecutorProperty>
Obtains the specified property information of the associated executor based on the credential ID. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| credentialId | Uint8Array | Yes | Credential ID. |
| keys | Array<GetPropertyType> | Yes | Property type array to be queried. |
Return value
| Type | Description |
|---|---|
| Promise<ExecutorProperty> | Promise used to return the executor attributes. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid keys. |
| 12300020 | Device hardware abnormal. |
| 12300102 | The credential does not exist. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let credInfo: osAccount.EnrolledCredInfo[] = [];
async function getProperty() {
try {
credInfo = await userIDM.getAuthInfo(osAccount.AuthType.PRIVATE_PIN);
} catch (e) {
const err = e as BusinessError;
console.error(`getAuthInfo exception = code is ${err.code}, message is ${err.message}`);
return;
}
if (credInfo.length == 0) {
console.info('no credential infos');
return;
}
let testCredentialId: Uint8Array = credInfo[0].credentialId;
let keys: Array<osAccount.GetPropertyType> = [
osAccount.GetPropertyType.AUTH_SUB_TYPE,
osAccount.GetPropertyType.REMAIN_TIMES,
osAccount.GetPropertyType.FREEZING_TIME
];
try {
let userAuth = new osAccount.UserAuth();
userAuth.getPropertyByCredentialId(testCredentialId, keys).then((result: osAccount.ExecutorProperty) => {
console.info('getPropertyByCredentialId result = ' + JSON.stringify(result));
}).catch((err: BusinessError) => {
console.error(`getPropertyByCredentialId error = code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getPropertyByCredentialId exception = code is ${err.code}, message is ${err.message}`);
}
}
setProperty8+
setProperty(request: SetPropertyRequest, callback: AsyncCallback<void>): void
Sets the property for the initialization algorithm. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| request | SetPropertyRequest | Yes | Request information, including the authentication credential type and the key value to set. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid request. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let request: osAccount.SetPropertyRequest = {
authType: osAccount.AuthType.PIN,
key: osAccount.SetPropertyType.INIT_ALGORITHM,
setInfo: new Uint8Array([0])
};
try {
userAuth.setProperty(request, (err: BusinessError) => {
if (err) {
console.error(`setProperty failed, error = code is ${err.code}, message is ${err.message}`);
} else {
console.info('setProperty successfully');
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`setProperty exception = code is ${err.code}, message is ${err.message}`);
}
setProperty8+
setProperty(request: SetPropertyRequest): Promise<void>
Sets the property for the initialization algorithm. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| request | SetPropertyRequest | Yes | Request information, including the authentication credential type and the key value to set. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid request. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let request: osAccount.SetPropertyRequest = {
authType: osAccount.AuthType.PIN,
key: osAccount.SetPropertyType.INIT_ALGORITHM,
setInfo: new Uint8Array([0])
};
try {
userAuth.setProperty(request).then(() => {
console.info('setProperty successfully');
}).catch((err: BusinessError) => {
console.error(`setProperty failed, error = code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`setProperty exception = code is ${err.code}, message is ${err.message}`);
}
prepareRemoteAuth12+
prepareRemoteAuth(remoteNetworkId: string): Promise<void>
Prepares for remote authentication. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| remoteNetworkId | string | Yes | Remote network ID. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | System service exception. |
| 12300002 | Invalid remoteNetworkId. |
| 12300090 | Cross-device capability not supported. |
| 12300091 | Cross-device communication failed. |
| 12300111 | Operation timeout. |
Example
import { distributedDeviceManager } from '@kit.DistributedServiceKit';
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let distributedDeviceMgr = distributedDeviceManager.createDeviceManager("com.example.bundleName");
distributedDeviceMgr.getAvailableDeviceList().then((data: Array<distributedDeviceManager.DeviceBasicInfo>) => {
try {
if (data.length > 0 && data[0].networkId != null) {
userAuth.prepareRemoteAuth(data[0].networkId).then(() => {
console.info('prepareRemoteAuth successfully');
}).catch((err: BusinessError) => {
console.error(`prepareRemoteAuth failed, error = code is ${err.code}, message is ${err.message}`);
});
}
} catch (e) {
const err = e as BusinessError;
console.error(`prepareRemoteAuth exception = code is ${err.code}, message is ${err.message}`);
}
}
)
auth8+
auth(challenge: Uint8Array, authType: AuthType, authTrustLevel: AuthTrustLevel, callback: IUserAuthCallback): Uint8Array
Performs authentication of the current user.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| challenge | Uint8Array | Yes | Challenge value, which is a random number used to improve security. |
| authType | AuthType | Yes | Authentication credential type. |
| authTrustLevel | AuthTrustLevel | Yes | Trust level of the authentication result. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Return value
| Type | Description |
|---|---|
| Uint8Array | ID of the context for canceling the authentication. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid challenge, authType or authTrustLevel. |
| 12300013 | Network exception. |
| 12300020 | Device hardware abnormal. |
| 12300090 | Cross-device capability not supported. |
| 12300091 | Cross-device communication failed. |
| 12300101 | The credential is incorrect. |
| 12300102 | The credential does not exist. |
| 12300105 | The trust level is not supported. |
| 12300106 | The authentication type is not supported. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300110 | The authentication is locked. |
| 12300111 | The authentication time out. |
| 12300112 | The authentication service is busy. |
| 12300113 | The authentication service does not exist. |
| 12300114 | The authentication service works abnormally. |
| 12300117 | PIN is expired. |
| 12300119 | Multi-factor authentication failed. |
| 12300120 | The credentials are no longer valid. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let challenge: Uint8Array = new Uint8Array([0]);
let authType: osAccount.AuthType = osAccount.AuthType.PIN;
let authTrustLevel: osAccount.AuthTrustLevel = osAccount.AuthTrustLevel.ATL1;
try {
userAuth.auth(challenge, authType, authTrustLevel, {
onResult: (result: number, extraInfo: osAccount.AuthResult) => {
console.info('auth result = ' + result);
console.info('auth extraInfo = ' + JSON.stringify(extraInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`auth exception = code is ${err.code}, message is ${err.message}`);
}
auth12+
auth(challenge: Uint8Array, authType: AuthType, authTrustLevel: AuthTrustLevel, options: AuthOptions, callback: IUserAuthCallback): Uint8Array
Starts user authentication based on the specified challenge value, authentication type (PIN, facial, or fingerprint authentication), authentication trust level, and optional parameters (such as the account ID and authentication intent).
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| challenge | Uint8Array | Yes | Challenge value, which is a random number used to prevent replay attacks and improve security. |
| authType | AuthType | Yes | Authentication credential type. |
| authTrustLevel | AuthTrustLevel | Yes | Trust level of the authentication result. |
| options | AuthOptions | Yes | Optional parameters for the authentication. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Return value
| Type | Description |
|---|---|
| Uint8Array | ID of the context for canceling the authentication. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid challenge, authType, authTrustLevel or options. |
| 12300003 | Account not found. |
| 12300013 | Network exception. |
| 12300020 | Device hardware abnormal. |
| 12300090 | Cross-device capability not supported. |
| 12300091 | Cross-device communication failed. |
| 12300101 | The credential is incorrect. |
| 12300102 | The credential does not exist. |
| 12300105 | The trust level is not supported. |
| 12300106 | The authentication type is not supported. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300110 | The authentication is locked. |
| 12300111 | The authentication time out. |
| 12300112 | The authentication service is busy. |
| 12300113 | The authentication service does not exist. |
| 12300114 | The authentication service works abnormally. |
| 12300117 | PIN is expired. |
| 12300119 | Multi-factor authentication failed. |
| 12300120 | The credentials are no longer valid. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let challenge: Uint8Array = new Uint8Array([0]);
let authType: osAccount.AuthType = osAccount.AuthType.PIN;
let authTrustLevel: osAccount.AuthTrustLevel = osAccount.AuthTrustLevel.ATL1;
let options: osAccount.AuthOptions = {
accountId: 100
};
try {
userAuth.auth(challenge, authType, authTrustLevel, options, {
onResult: (result: number, extraInfo: osAccount.AuthResult) => {
console.info('auth result = ' + result);
console.info('auth extraInfo = ' + JSON.stringify(extraInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`auth exception = code is ${err.code}, message is ${err.message}`);
}
authUser8+
authUser(userId: number, challenge: Uint8Array, authType: AuthType, authTrustLevel: AuthTrustLevel, callback: IUserAuthCallback): Uint8Array
Performs authentication of the specified user. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| userId | number | Yes | User ID. |
| challenge | Uint8Array | Yes | Challenge value, which is a random number used to improve security. |
| authType | AuthType | Yes | Authentication credential type. |
| authTrustLevel | AuthTrustLevel | Yes | Trust level of the authentication result. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Return value
| Type | Description |
|---|---|
| Uint8Array | ID of the context for canceling the authentication. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid challenge, authType or authTrustLevel. |
| 12300003 | Account not found. |
| 12300013 | Network exception. |
| 12300020 | Device hardware abnormal. |
| 12300090 | Cross-device capability not supported. |
| 12300091 | Cross-device communication failed. |
| 12300101 | The credential is incorrect. |
| 12300102 | The credential does not exist. |
| 12300105 | The trust level is not supported. |
| 12300106 | The authentication type is not supported. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300110 | The authentication is locked. |
| 12300111 | The authentication time out. |
| 12300112 | The authentication service is busy. |
| 12300113 | The authentication service does not exist. |
| 12300114 | The authentication service works abnormally. |
| 12300117 | PIN is expired. |
| 12300119 | Multi-factor authentication failed. |
| 12300120 | The credentials are no longer valid. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let userID: number = 100;
let challenge: Uint8Array = new Uint8Array([0]);
let authType: osAccount.AuthType = osAccount.AuthType.PIN;
let authTrustLevel: osAccount.AuthTrustLevel = osAccount.AuthTrustLevel.ATL1;
try {
userAuth.authUser(userID, challenge, authType, authTrustLevel, {
onResult: (result,extraInfo) => {
console.info('authUser result = ' + result);
console.info('authUser extraInfo = ' + JSON.stringify(extraInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`authUser exception = code is ${err.code}, message is ${err.message}`);
}
cancelAuth8+
cancelAuth(contextID: Uint8Array): void
Cancels an authentication.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| contextID | Uint8Array | Yes | ID of the authentication context. The context ID is dynamically generated. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid contextId. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userAuth = new osAccount.UserAuth();
let pinAuth: osAccount.PINAuth = new osAccount.PINAuth();
let challenge = new Uint8Array([0]);
let contextId: Uint8Array = userAuth.auth(challenge, osAccount.AuthType.PIN, osAccount.AuthTrustLevel.ATL1, {
onResult: (result: number, extraInfo: osAccount.AuthResult) => {
console.info('auth result = ' + result);
console.info('auth extraInfo = ' + JSON.stringify(extraInfo));
}
});
try {
userAuth.cancelAuth(contextId);
} catch (e) {
const err = e as BusinessError;
console.error(`cancelAuth exception = code is ${err.code}, message is ${err.message}`);
}
PINAuth8+
Provides APIs for PIN authentication.
System API: This is a system API.
constructor8+
constructor()
Creates a PIN authentication instance.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
Example
let pinAuth: osAccount.PINAuth = new osAccount.PINAuth();
registerInputer8+
registerInputer(inputer: IInputer): void
Registers a PIN inputer.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_PIN_AUTH
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| inputer | IInputer | Yes | PIN inputer, which is used to obtain the PIN. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid inputer. |
| 12300103 | The credential inputer already exists. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let pinAuth: osAccount.PINAuth = new osAccount.PINAuth();
let password = new Uint8Array([0, 0, 0, 0, 0]);
try {
pinAuth.registerInputer({
onGetData: (authSubType: osAccount.AuthSubType, callback: osAccount.IInputData) => {
callback.onSetData(authSubType, password);
}
});
console.info('registerInputer success.');
} catch (e) {
const err = e as BusinessError;
console.error(`registerInputer exception = code is ${err.code}, message is ${err.message}`);
}
unregisterInputer8+
unregisterInputer(): void
Unregisters this PIN inputer.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_PIN_AUTH
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
Example
let pinAuth: osAccount.PINAuth = new osAccount.PINAuth();
pinAuth.unregisterInputer();
InputerManager 9+
Provides APIs for managing credential inputers.
registerInputer9+
static registerInputer(authType: AuthType, inputer: IInputer): void
Registers a credential inputer.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authType | AuthType | Yes | Authentication credential type. |
| inputer | IInputer | Yes | Credential inputer to register. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid authType or inputer. |
| 12300103 | The credential inputer already exists. |
| 12300106 | The authentication type is not supported. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let authType: osAccount.AuthType = osAccount.AuthType.DOMAIN;
let password: Uint8Array = new Uint8Array([0, 0, 0, 0, 0]);
try {
osAccount.InputerManager.registerInputer(authType, {
onGetData: (authSubType: osAccount.AuthSubType, callback: osAccount.IInputData) => {
callback.onSetData(authSubType, password);
}
});
console.info('registerInputer success.');
} catch (e) {
const err = e as BusinessError;
console.error(`registerInputer exception = code is ${err.code}, message is ${err.message}`);
}
unregisterInputer9+
static unregisterInputer(authType: AuthType): void
Unregisters a credential inputer.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authType | AuthType | Yes | Authentication credential type. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300002 | Invalid authType. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let authType: osAccount.AuthType = osAccount.AuthType.DOMAIN;
try {
osAccount.InputerManager.unregisterInputer(authType);
console.info('unregisterInputer success.');
} catch (e) {
const err = e as BusinessError;
console.error(`unregisterInputer code is ${err.code}, message is ${err.message}`);
}
DomainPlugin9+
Provides APIs for domain account authentication.
System API: This is a system API.
auth9+
auth(domainAccountInfo: DomainAccountInfo, credential: Uint8Array, callback: IUserAuthCallback): void
Authenticates a domain account.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| credential | Uint8Array | Yes | Credentials of the domain account. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {
// mock authentication
// notify authentication result
let result: osAccount.AuthResult = {
token: new Uint8Array([0]),
remainTimes: 5,
freezingTime: 0
};
callback.onResult(0, result);
},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin);
let userAuth = new osAccount.UserAuth();
let challenge: Uint8Array = new Uint8Array([0]);
let authType: osAccount.AuthType = osAccount.AuthType.DOMAIN;
let authTrustLevel: osAccount.AuthTrustLevel = osAccount.AuthTrustLevel.ATL1;
try {
userAuth.auth(challenge, authType, authTrustLevel, {
onResult: (resultCode: number, authResult: osAccount.AuthResult) => {
console.info('auth resultCode = ' + resultCode);
console.info('auth authResult = ' + JSON.stringify(authResult));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`auth exception = code is ${err.code}, message is ${err.message}`);
}
authWithPopup10+
authWithPopup(domainAccountInfo: DomainAccountInfo, callback: IUserAuthCallback): void
Authenticates a domain account in a pop-up window.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Example
import { AsyncCallback } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {
// mock authentication
// notify authentication result
let result: osAccount.AuthResult = {
token: new Uint8Array([0]),
remainTimes: 5,
freezingTime: 0
};
callback.onResult(0, result);
},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
authWithToken10+
authWithToken(domainAccountInfo: DomainAccountInfo, token: Uint8Array, callback: IUserAuthCallback): void
Authenticates a domain account by the authorization token.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| token | Uint8Array | Yes | Authorization token generated when the PIN or biometric authentication is successful. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Example
import { AsyncCallback } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {
// mock authentication
// notify authentication result
let result: osAccount.AuthResult = {
token: new Uint8Array([0]),
remainTimes: 5,
freezingTime: 0
};
callback.onResult(0, result);
},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
getAccountInfo10+
getAccountInfo(options: GetDomainAccountInfoPluginOptions, callback: AsyncCallback<DomainAccountInfo>): void
Obtains information about a domain account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| options | GetDomainAccountInfoPluginOptions | Yes | Domain account information. |
| callback | AsyncCallback<DomainAccountInfo> | Yes | Callback used to return the result. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {
// mock getting account information
// notify result
let code: BusinessError = {
code: 0,
name: "",
message: ""
};
let accountInfo: osAccount.DomainAccountInfo = {
domain: options.domain ? options.domain : "",
accountName: options.accountName,
accountId: 'xxxx'
};
callback(code, accountInfo);
},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
getAuthStatusInfo10+
getAuthStatusInfo(domainAccountInfo: DomainAccountInfo, callback: AsyncCallback<AuthStatusInfo>): void
Obtains the authentication status of a domain account.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| callback | AsyncCallback<AuthStatusInfo> | Yes | Callback used to return the result. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {
let code: BusinessError = {
code: 0,
name: "",
message: ""
};
let statusInfo: osAccount.AuthStatusInfo = {
remainTimes: 5,
freezingTime: 0
};
callback(code, statusInfo);
},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
bindAccount10+
bindAccount(domainAccountInfo: DomainAccountInfo, localId: number, callback: AsyncCallback<void>): void
Binds a domain account.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| localId | number | Yes | ID of the target system account. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {
// mock unbinding operation
// notify binding result
let code: BusinessError = {
code: 0,
name: "",
message: ""
};
callback(code);
},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
unbindAccount10+
unbindAccount(domainAccountInfo: DomainAccountInfo, callback: AsyncCallback<void>): void
Unbinds a domain account.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {
// mock unbinding operation
// notify unbinding result
let code: BusinessError = {
code: 0,
name: "",
message: ""
};
callback(code);
},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
isAccountTokenValid10+
isAccountTokenValid(domainAccountInfo: DomainAccountInfo, token: Uint8Array, callback: AsyncCallback<boolean>): void
Checks whether the specified domain account token is valid.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| token | Uint8Array | Yes | Domain account token to check. |
| callback | AsyncCallback<boolean> | Yes | Callback used to return the result. The value true means that the specified domain account token is valid; the value false means the opposite. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {
// mock checking operation
// notify checking result
let code: BusinessError = {
code: 0,
name: "",
message: ""
};
callback(code, true);
},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
getAccessToken10+
getAccessToken(options: GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>): void
Obtains the domain access token based on the specified conditions. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| options | GetDomainAccessTokenOptions | Yes | Options specified for obtaining the domain access token. |
| callback | AsyncCallback<Uint8Array> | Yes | Callback used to return the result. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {
// mock getting operation
// notify result
let code: BusinessError = {
code: 0,
name: "",
message: ""
};
let token: Uint8Array = new Uint8Array([0]);
callback(code, token);
}
}
osAccount.DomainAccountManager.registerPlugin(plugin)
DomainAccountManager 9+
Provides APIs for domain account management.
registerPlugin9+
static registerPlugin(plugin: DomainPlugin): void
Registers a domain plug-in.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| plugin | DomainPlugin | Yes | Domain plug-in to register. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300201 | The domain plugin has been registered. |
Example
import { AsyncCallback, BusinessError } from '@kit.BasicServicesKit';
let plugin: osAccount.DomainPlugin = {
auth: (domainAccountInfo: osAccount.DomainAccountInfo, credential: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
authWithPopup: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: osAccount.IUserAuthCallback) => {},
authWithToken: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: osAccount.IUserAuthCallback) => {},
getAccountInfo: (options: osAccount.GetDomainAccountInfoPluginOptions,
callback: AsyncCallback<osAccount.DomainAccountInfo>) => {},
getAuthStatusInfo: (domainAccountInfo: osAccount.DomainAccountInfo,
callback: AsyncCallback<osAccount.AuthStatusInfo>) => {},
bindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, localId: number,
callback: AsyncCallback<void>) => {},
unbindAccount: (domainAccountInfo: osAccount.DomainAccountInfo, callback: AsyncCallback<void>) => {},
isAccountTokenValid: (domainAccountInfo: osAccount.DomainAccountInfo, token: Uint8Array,
callback: AsyncCallback<boolean>) => {},
getAccessToken: (options: osAccount.GetDomainAccessTokenOptions, callback: AsyncCallback<Uint8Array>) => {}
}
try {
osAccount.DomainAccountManager.registerPlugin(plugin);
console.info('registerPlugin success.');
} catch (e) {
const err = e as BusinessError;
console.error(`registerPlugin code is ${err.code}, message is ${err.message}`);
}
unregisterPlugin9+
static unregisterPlugin(): void
Unregisters this domain plug-in.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 801 | Capability not supported. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
try {
osAccount.DomainAccountManager.unregisterPlugin();
console.info('unregisterPlugin success.');
} catch (e) {
const err = e as BusinessError;
console.error(`unregisterPlugin code is ${err.code}, message is ${err.message}`);
}
auth10+
auth(domainAccountInfo: DomainAccountInfo, credential: Uint8Array, callback: IUserAuthCallback): void
Authenticates a domain account.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| credential | Uint8Array | Yes | Credentials of the domain account. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid domainAccountInfo or credential. |
| 12300003 | Domain account does not exist. |
| 12300013 | Network exception. |
| 12300101 | Authentication failed. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300110 | The authentication is locked. |
| 12300111 | The authentication time out. |
| 12300112 | The authentication service is busy. |
| 12300113 | The account authentication service does not exist. |
| 12300114 | The account authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.DomainAccountInfo = {
domain: 'CHINA',
accountName: 'zhangsan'
}
let credential = new Uint8Array([0])
try {
osAccount.DomainAccountManager.auth(domainAccountInfo, credential, {
onResult: (resultCode: number, authResult: osAccount.AuthResult) => {
console.info('auth resultCode = ' + resultCode);
console.info('auth authResult = ' + JSON.stringify(authResult));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`auth exception = code is ${err.code}, message is ${err.message}`);
}
auth24+
auth(domainAccountInfo: DomainAccountInfo, credential: Uint8Array, options: DomainAccountAuthOptions, callback: IUserAuthCallback): void
Authenticates a specified domain account. You can specify authentication options, such as server parameters. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| credential | Uint8Array | Yes | Credentials of the domain account. |
| options | DomainAccountAuthOptions | Yes | Options for domain account authentication. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid domainAccountInfo or credential. |
| 12300003 | Domain account does not exist. |
| 12300013 | Network exception. |
| 12300101 | Authentication failed. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300110 | The authentication is locked. |
| 12300111 | The authentication time out. |
| 12300112 | The authentication service is busy. |
| 12300113 | The account authentication service does not exist. |
| 12300114 | The account authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.DomainAccountInfo = {
domain: 'CHINA',
accountName: 'zhangsan'
}
let credential = new Uint8Array([0]);
try {
let serverParams: Record<string, Object> = {
"uri": "test.example.com",
"port": 100
}
let authOptions: osAccount.DomainAccountAuthOptions = {
serverParams: serverParams
}
osAccount.DomainAccountManager.auth(domainAccountInfo, credential, authOptions, {
onResult: (resultCode: number, authResult: osAccount.AuthResult) => {
console.info('auth resultCode = ' + resultCode);
console.info('auth authResult = ' + JSON.stringify(authResult));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`auth exception = code is ${err.code}, message is ${err.message}`);
}
authWithPopup10+
authWithPopup(callback: IUserAuthCallback): void
Authenticates a domain account in a pop-up window.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
No permission is required since API version 11. Use the SDK of the latest version.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300003 | No domain account is bound. |
| 12300013 | Network exception. |
| 12300101 | Authentication failed. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300110 | The authentication is locked. |
| 12300111 | The authentication time out. |
| 12300112 | The authentication service is busy. |
| 12300113 | The account authentication service does not exist. |
| 12300114 | The account authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
try {
osAccount.DomainAccountManager.authWithPopup({
onResult: (resultCode: number, authResult: osAccount.AuthResult) => {
console.info('auth resultCode = ' + resultCode);
console.info('auth authResult = ' + JSON.stringify(authResult));
}
})
} catch (e) {
const err = e as BusinessError;
console.error(`auth exception = code is ${err.code}, message is ${err.message}`);
}
authWithPopup10+
authWithPopup(localId: number, callback: IUserAuthCallback): void
Authenticates a domain account in a pop-up window.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.ACCESS_USER_AUTH_INTERNAL
No permission is required since API version 11. Use the SDK of the latest version.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| localId | number | Yes | Local ID of the system account bound to the domain account. |
| callback | IUserAuthCallback | Yes | Callback used to return the authentication result. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid localId. |
| 12300003 | No domain account is bound. |
| 12300013 | Network exception. |
| 12300101 | Authentication failed. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300110 | The authentication is locked. |
| 12300111 | The authentication time out. |
| 12300112 | The authentication service is busy. |
| 12300113 | The account authentication service does not exist. |
| 12300114 | The account authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
try {
osAccount.DomainAccountManager.authWithPopup(100, {
onResult: (resultCode: number, authResult: osAccount.AuthResult) => {
console.info('authWithPopup resultCode = ' + resultCode);
console.info('authWithPopup authResult = ' + JSON.stringify(authResult));
}
})
} catch (e) {
const err = e as BusinessError;
console.error(`authWithPopup exception = code is ${err.code}, message is ${err.message}`);
}
hasAccount10+
hasAccount(domainAccountInfo: DomainAccountInfo, callback: AsyncCallback<boolean>): void
Checks whether a domain account exists. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| callback | AsyncCallback<boolean> | Yes | Callback used to return the result. The value true means that the specified domain account exists; the value false means the opposite. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid domainAccountInfo. |
| 12300013 | Network exception. |
| 12300014 | Not authenticated. |
| 12300111 | The operation time out. |
| 12300114 | The authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.DomainAccountInfo = {
domain: 'CHINA',
accountName: 'zhangsan'
}
try {
osAccount.DomainAccountManager.hasAccount(domainAccountInfo, (err: BusinessError, result: boolean) => {
if (err) {
console.error(`call hasAccount failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('hasAccount result: ' + result);
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`hasAccount exception = code is ${err.code}, message is ${err.message}`);
}
hasAccount10+
hasAccount(domainAccountInfo: DomainAccountInfo): Promise<boolean>
Checks whether a domain account exists. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value true means that the specified domain account exists; the value false means the opposite. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid domainAccountInfo. |
| 12300013 | Network exception. |
| 12300014 | Not authenticated. |
| 12300111 | The operation time out. |
| 12300114 | The authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.DomainAccountInfo = {
domain: 'CHINA',
accountName: 'zhangsan'
}
try {
osAccount.DomainAccountManager.hasAccount(domainAccountInfo).then((result: boolean) => {
console.info('hasAccount result: ' + result);
}).catch((err: BusinessError) => {
console.error(`call hasAccount failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`hasAccount exception = code is ${err.code}, message is ${err.message}`);
}
updateAccountToken10+
updateAccountToken(domainAccountInfo: DomainAccountInfo, token: Uint8Array, callback: AsyncCallback<void>): void
Updates the token of a domain account. An empty token means an invalid token. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| token | Uint8Array | Yes | New domain account token. |
| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid token. |
| 12300003 | Account not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.DomainAccountInfo = {
domain: 'CHINA',
accountName: 'zhangsan',
accountId: '123456'
}
let token = new Uint8Array([0])
try {
osAccount.DomainAccountManager.updateAccountToken(domainAccountInfo, token, (err: BusinessError) => {
if (err != null) {
console.error(`updateAccountToken failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('updateAccountToken successfully');
}
})
} catch (e) {
const err = e as BusinessError;
console.error(`updateAccountToken exception = code is ${err.code}, message is ${err.message}`);
}
updateAccountToken10+
updateAccountToken(domainAccountInfo: DomainAccountInfo, token: Uint8Array): Promise<void>
Updates the token of a domain account. An empty token means an invalid token. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
| token | Uint8Array | Yes | New domain account token. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid token. |
| 12300003 | Account not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.DomainAccountInfo = {
domain: 'CHINA',
accountName: 'zhangsan',
accountId: '123456'
}
let token = new Uint8Array([0])
try {
osAccount.DomainAccountManager.updateAccountToken(domainAccountInfo, token).then(() => {
console.info('updateAccountToken successfully');
}).catch((err: BusinessError) => {
console.error(`updateAccountToken failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`updateAccountToken exception = code is ${err.code}, message is ${err.message}`);
}
getAccountInfo10+
getAccountInfo(options: GetDomainAccountInfoOptions, callback: AsyncCallback<DomainAccountInfo>): void
Obtains information about a specified domain account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.GET_DOMAIN_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| options | GetDomainAccountInfoOptions | Yes | Domain account information. |
| callback | AsyncCallback<DomainAccountInfo> | Yes | Callback used to return the result. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
| 12300013 | Network exception. |
| 12300014 | Not authenticated. |
| 12300111 | The operation time out. |
| 12300114 | The authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.GetDomainAccountInfoOptions = {
domain: 'CHINA',
accountName: 'zhangsan'
}
try {
osAccount.DomainAccountManager.getAccountInfo(domainAccountInfo,
(err: BusinessError, result: osAccount.DomainAccountInfo) => {
if (err) {
console.error(`call getAccountInfo failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('getAccountInfo result: ' + result);
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAccountInfo exception = code is ${err.code}, message is ${err.message}`);
}
getAccountInfo10+
getAccountInfo(options: GetDomainAccountInfoOptions): Promise<DomainAccountInfo>
Obtains information about a specified domain account. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.GET_DOMAIN_ACCOUNTS
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| options | GetDomainAccountInfoOptions | Yes | Domain account information. |
Return value
| Type | Description |
|---|---|
| Promise<DomainAccountInfo> | Promise used to return the domain account information obtained. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
| 12300013 | Network exception. |
| 12300014 | Not authenticated. |
| 12300111 | The operation time out. |
| 12300114 | The authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainAccountInfo: osAccount.GetDomainAccountInfoOptions = {
domain: 'CHINA',
accountName: 'zhangsan'
}
try {
osAccount.DomainAccountManager.getAccountInfo(domainAccountInfo)
.then((result: osAccount.DomainAccountInfo) => {
console.info('getAccountInfo result: ' + result);
}).catch((err: BusinessError) => {
console.error(`call getAccountInfo failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAccountInfo exception = code is ${err.code}, message is ${err.message}`);
}
getAccessToken11+
getAccessToken(businessParams: Record<string, Object>, callback: AsyncCallback<Uint8Array>): void
Obtains the service access token of a domain account. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| businessParams | Record<string, Object> | Yes | Service parameters. The specific formats vary depending on the domain plug-in. |
| callback | AsyncCallback<Uint8Array> | Yes | Callback used to return the result. If the operation is successful, err is null. Otherwise, an error object is returned. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid business parameters. |
| 12300003 | Domain account not found. |
| 12300013 | Network exception. |
| 12300014 | The domain account is not authenticated. |
| 12300111 | The operation time out. |
| 12300114 | The authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let businessParams: Record<string, Object> = {
'clientId': 'xxx',
'secretId': 'yyy'
}; // depends on the implementation of the domain plugin
try {
osAccount.DomainAccountManager.getAccessToken(businessParams,
(err: BusinessError, result: Uint8Array) => {
if (err) {
console.error(`getAccessToken failed, code is ${err.code}, message is ${err.message}`);
} else {
console.info('getAccessToken result: ' + result);
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAccessToken exception = code is ${err.code}, message is ${err.message}`);
}
getAccessToken11+
getAccessToken(businessParams: Record<string, Object>): Promise<Uint8Array>
Obtains the service access token of a domain account. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| businessParams | Record<string, Object> | Yes | Service parameters. The specific formats vary depending on the domain plug-in. |
Return value
| Type | Description |
|---|---|
| Promise<Uint8Array> | Promise used to return the service access token obtained. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid business parameters. |
| 12300003 | Domain account not found. |
| 12300013 | Network exception. |
| 12300014 | The domain account is not authenticated. |
| 12300111 | The operation time out. |
| 12300114 | The authentication service works abnormally. |
| 12300211 | Server unreachable. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let businessParams: Record<string, Object> = {
'clientId': 'xxx',
'secretId': 'yyy'
}; // depends on the implementation of the domain plugin
try {
osAccount.DomainAccountManager.getAccessToken(businessParams)
.then((result: Uint8Array) => {
console.info('getAccessToken result: ' + result);
}).catch((err: BusinessError) => {
console.error(`getAccessToken failed, code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAccessToken exception = code is ${err.code}, message is ${err.message}`);
}
isAuthenticationExpired12+
isAuthenticationExpired(domainAccountInfo: DomainAccountInfo): Promise<boolean>
Checks whether the authentication of a domain account has expired. This API uses a promise to return the result.
System API: This is a system API.
Required permissions: ohos.permission.MANAGE_LOCAL_ACCOUNTS or ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | Yes | Domain account information. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value true means that the specified domain account has expired; the value false means the opposite. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 801 | Capability not supported. |
| 12300001 | The system service works abnormally. |
| 12300003 | Domain account not found. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let domainInfo: osAccount.DomainAccountInfo =
{domain: 'testDomain', accountName: 'testAccountName'};
try {
osAccount.DomainAccountManager.isAuthenticationExpired(domainInfo).then((result: boolean) => {
console.info('isAuthenticationExpired, result: ' + result);
}).catch((err: BusinessError) => {
console.error('isAuthenticationExpired err: ' + err);
});
} catch (e) {
const err = e as BusinessError;
console.error('isAuthenticationExpired exception: ' + e);
}
UserIdentityManager8+
Provides APIs for user IDM.
System API: This is a system API.
constructor8+
constructor()
A constructor() used to create an instance for user IDM.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
Example
let userIDM = new osAccount.UserIdentityManager();
openSession8+
openSession(callback: AsyncCallback<Uint8Array>): void
Opens a session to obtain the challenge value. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | AsyncCallback<Uint8Array> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the challenge value obtained. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
try {
userIDM.openSession((err: BusinessError, challenge: Uint8Array) => {
if (err) {
console.error(`openSession exception = code is ${err.code}, message is ${err.message}`);
} else {
console.info('openSession challenge = ' + JSON.stringify(challenge));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`openSession exception = code is ${err.code}, message is ${err.message}`);
}
openSession8+
openSession(accountId?: number): Promise<Uint8Array>
Opens a session. This API returns a challenge value, which can be used to determine whether the subsequent identity authentication is in this session. This can prevent replay attacks. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| accountId12+ | number | No | System account ID, which is left blank by default. |
Return value
| Type | Description |
|---|---|
| Promise<Uint8Array> | Promise used to return the challenge value obtained. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
| 12300008 | Restricted account. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let accountId = 100;
try {
userIDM.openSession(accountId).then((challenge: Uint8Array) => {
console.info('openSession challenge = ' + JSON.stringify(challenge));
}).catch((err: BusinessError) => {
console.error(`openSession error = code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`openSession exception = code is ${err.code}, message is ${err.message}`);
}
addCredential8+
addCredential(credentialInfo: CredentialInfo, callback: IIdmCallback): void
Adds credential information, including the credential type, subtype, and token (if a non-PIN credential is added).
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| credentialInfo | CredentialInfo | Yes | Credential information to add. |
| callback | IIdmCallback | Yes | Callback used to return the result. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid credentialInfo, i.e. authType or authSubType. |
| 12300003 | Account not found. |
| 12300008 | Restricted account. |
| 12300020 | Device hardware abnormal. |
| 12300090 | Cross-device capability not supported. |
| 12300091 | Cross-device communication failed. |
| 12300101 | The token is invalid. |
| 12300106 | The authentication type is not supported. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300111 | The operation time out. |
| 12300115 | The number of credentials reaches the upper limit. |
| 12300116 | Credential complexity verification failed. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let password: Uint8Array = new Uint8Array([0, 0, 0, 0, 0, 0]);
let pinAuth: osAccount.PINAuth = new osAccount.PINAuth();
pinAuth.registerInputer({
onGetData: (authSubType: osAccount.AuthSubType, callback: osAccount.IInputData) => {
callback.onSetData(authSubType, password);
}
});
let credentialInfo: osAccount.CredentialInfo = {
credType: osAccount.AuthType.PIN,
credSubType: osAccount.AuthSubType.PIN_SIX,
token: new Uint8Array([]),
additionalInfo: 'xxx'
};
let userIDM = new osAccount.UserIdentityManager();
userIDM.openSession((err: BusinessError, challenge: Uint8Array) => {
try {
userIDM.addCredential(credentialInfo, {
onResult: (result: number, extraInfo: osAccount.RequestResult) => {
console.info('addCredential result = ' + result);
console.info('addCredential extraInfo = ' + extraInfo);
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`addCredential exception = code is ${err.code}, message is ${err.message}`);
}
});
updateCredential8+
updateCredential(credentialInfo: CredentialInfo, callback: IIdmCallback): void
Updates credential information. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| credentialInfo | CredentialInfo | Yes | Credential information to add. |
| callback | IIdmCallback | Yes | Callback used to return the result. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid credentialInfo, i.e. authType or authSubType. |
| 12300003 | Account not found. |
| 12300101 | The token is invalid. |
| 12300102 | The credential does not exist. |
| 12300106 | The authentication type is not supported. |
| 12300109 | The authentication, enrollment, or update operation is canceled. |
| 12300111 | The operation time out. |
| 12300116 | Credential complexity verification failed. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let userAuth: osAccount.UserAuth = new osAccount.UserAuth();
let pinAuth: osAccount.PINAuth = new osAccount.PINAuth();
let password: Uint8Array = new Uint8Array([0, 0, 0, 0, 0, 0]);
let credentialInfo: osAccount.CredentialInfo = {
credType: osAccount.AuthType.PIN,
credSubType: osAccount.AuthSubType.PIN_SIX,
token: new Uint8Array([]),
};
pinAuth.registerInputer({
onGetData: (authSubType: osAccount.AuthSubType, callback: osAccount.IInputData) => {
callback.onSetData(authSubType, password);
}
});
userIDM.openSession((err: BusinessError, challenge: Uint8Array) => {
userAuth.auth(challenge, credentialInfo.credType, osAccount.AuthTrustLevel.ATL1, {
onResult: (result: number, extraInfo: osAccount.AuthResult) => {
if (result != osAccount.ResultCode.SUCCESS) {
return;
}
if (extraInfo.token != null) {
credentialInfo.token = extraInfo.token;
}
try {
userIDM.updateCredential(credentialInfo, {
onResult: (result: number, extraInfo: osAccount.RequestResult) => {
console.info('updateCredential result = ' + result);
console.info('updateCredential extraInfo = ' + extraInfo);
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`updateCredential exception = code is ${err.code}, message is ${err.message}`);
}
}
});
});
closeSession8+
closeSession(accountId?: number): void
Closes this session to terminate IDM.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| accountId12+ | number | No | System account ID, which is left blank by default. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300003 | Account not found. |
| 12300008 | Restricted account. |
Example
let userIDM = new osAccount.UserIdentityManager();
let accountId = 100;
userIDM.closeSession(accountId);
cancel8+
cancel(challenge: Uint8Array): void
Cancels an entry based on the challenge value.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| challenge | Uint8Array | Yes | Challenge value. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid challenge. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let challenge: Uint8Array = new Uint8Array([0]);
try {
userIDM.cancel(challenge);
} catch (e) {
const err = e as BusinessError;
console.error(`cancel code is ${err.code}, message is ${err.message}`);
}
delUser8+
delUser(token: Uint8Array, callback: IIdmCallback): void
Deletes a user with an authentication token. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| token | Uint8Array | Yes | Authentication token. |
| callback | IIdmCallback | Yes | Callback used to return the result. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300101 | The token is invalid. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let token: Uint8Array = new Uint8Array([0]);
try {
userIDM.delUser(token, {
onResult: (result: number, extraInfo: osAccount.RequestResult) => {
console.info('delUser result = ' + result);
console.info('delUser extraInfo = ' + JSON.stringify(extraInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`delUser exception = code is ${err.code}, message is ${err.message}`);
}
delCred8+
delCred(credentialId: Uint8Array, token: Uint8Array, callback: IIdmCallback): void
Deletes user credential information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.MANAGE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| credentialId | Uint8Array | Yes | Credential ID. |
| token | Uint8Array | Yes | Authentication token. |
| callback | IIdmCallback | Yes | Callback used to return the result. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid credentialId. |
| 12300101 | The token is invalid. |
| 12300102 | The credential does not exist. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let credentialId: Uint8Array = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0]);
let token: Uint8Array = new Uint8Array([0]);
try {
userIDM.delCred(credentialId, token, {
onResult: (result: number, extraInfo: osAccount.RequestResult) => {
console.info('delCred result = ' + result);
console.info('delCred extraInfo = ' + JSON.stringify(extraInfo));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`delCred exception = code is ${err.code}, message is ${err.message}`);
}
getAuthInfo8+
getAuthInfo(callback: AsyncCallback<Array<EnrolledCredInfo>>): void
Obtains authentication information. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.USE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | AsyncCallback<Array<EnrolledCredInfo>> | Yes | Callback used to return the result. If the operation is successful, err is null and data is information about all registered credentials of the user. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300020 | Device hardware abnormal. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
try {
userIDM.getAuthInfo((err: BusinessError, result: osAccount.EnrolledCredInfo[]) => {
if (err) {
console.error(`getAuthInfo exception = code is ${err.code}, message is ${err.message}`);
} else {
console.info('getAuthInfo result = ' + JSON.stringify(result));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAuthInfo exception = code is ${err.code}, message is ${err.message}`);
}
getAuthInfo8+
getAuthInfo(authType: AuthType, callback: AsyncCallback<Array<EnrolledCredInfo>>): void
Obtains authentication information of the specified type. This API uses an asynchronous callback to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.USE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authType | AuthType | Yes | Authentication credential type. |
| callback | AsyncCallback<Array<EnrolledCredInfo>> | Yes | Callback used to return the result. If the operation is successful, err is null and data is the information about all enrolled credentials of the specified type. Otherwise, err is an error object. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid authType. |
| 12300020 | Device hardware abnormal. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
try {
userIDM.getAuthInfo(osAccount.AuthType.PIN,
(err: BusinessError, result: osAccount.EnrolledCredInfo[]) => {
if (err) {
console.error(`getAuthInfo exception = code is ${err.code}, message is ${err.message}`);
} else {
console.info('getAuthInfo result = ' + JSON.stringify(result));
}
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAuthInfo exception = code is ${err.code}, message is ${err.message}`);
}
getAuthInfo8+
getAuthInfo(authType: AuthType): Promise<Array<EnrolledCredInfo>>
Obtains authentication information. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.USE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authType | AuthType | Yes | Authentication type, which indicates that information about all authentication types is obtained. |
Return value
| Type | Description |
|---|---|
| Promise<Array<EnrolledCredInfo>> | Promise used to return the information about all the enrolled credentials of the specified type. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid authType. |
| 12300020 | Device hardware abnormal. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
try {
userIDM.getAuthInfo(osAccount.AuthType.PIN).then((result: osAccount.EnrolledCredInfo[]) => {
console.info('getAuthInfo result = ' + JSON.stringify(result))
}).catch((err: BusinessError) => {
console.error(`getAuthInfo error = code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAuthInfo exception = code is ${err.code}, message is ${err.message}`);
}
getAuthInfo12+
getAuthInfo(options?: GetAuthInfoOptions): Promise<Array<EnrolledCredInfo>>
Obtains authentication information. This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.USE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| options | GetAuthInfoOptions | No | Optional parameters for obtaining authentication information. This parameter is left empty by default, indicating that all enrolled credential information of the current user is obtained. |
Return value
| Type | Description |
|---|---|
| Promise<Array<EnrolledCredInfo>> | Promise used to return the information about all the enrolled credentials of the specified type. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid options. |
| 12300003 | Account not found. |
| 12300020 | Device hardware abnormal. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let options: osAccount.GetAuthInfoOptions = {
authType: osAccount.AuthType.PIN,
accountId: 100,
};
try {
userIDM.getAuthInfo(options).then((result: osAccount.EnrolledCredInfo[]) => {
console.info('getAuthInfo result = ' + JSON.stringify(result))
}).catch((err: BusinessError) => {
console.error(`getAuthInfo error = code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getAuthInfo exception = code is ${err.code}, message is ${err.message}`);
}
getEnrolledId12+
getEnrolledId(authType: AuthType, accountId?: number): Promise<Uint8Array>
Obtains the ID of the enrolled credential based on the credential type and account ID (optional). This API uses a promise to return the result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.USE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authType | AuthType | Yes | Credential type. |
| accountId | number | No | System account ID, which is left blank by default. |
Return value
| Type | Description |
|---|---|
| Promise<Uint8Array> | Promise used to return the credential ID obtained. |
Error codes
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | Invalid authType. |
| 12300003 | Account not found. |
| 12300020 | Device hardware abnormal. |
| 12300102 | The credential does not exist. |
| 12300106 | The authentication type is not supported. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let userIDM = new osAccount.UserIdentityManager();
let authType: osAccount.AuthType = osAccount.AuthType.PIN;
let accountId = 100;
try {
userIDM.getEnrolledId(authType, accountId).then((enrolledId: Uint8Array) => {
console.info('getEnrolledId enrolledId = ' + JSON.stringify(enrolledId));
}).catch((err: BusinessError) => {
console.error(`getEnrolledId error = code is ${err.code}, message is ${err.message}`);
});
} catch (e) {
const err = e as BusinessError;
console.error(`getEnrolledId exception = code is ${err.code}, message is ${err.message}`);
}
onCredentialChanged23+
onCredentialChanged(credentialTypes: AuthType[], callback: Callback<CredentialChangeInfo>): void
Subscribes to one or more credential change events. This API uses a callback to return the credential change information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.USE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| credentialTypes | AuthType[] | Yes | Credential types subscribed. |
| callback | Callback<CredentialChangeInfo> | Yes | Callback used to listen for the credential change events. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
| 12300002 | One or more credential types are invalid. |
| 12300106 | One or more credential types are not supported. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let identityMgr: osAccount.UserIdentityManager = new osAccount.UserIdentityManager();
const callback: Callback<osAccount.CredentialChangeInfo> = (changeInfo: osAccount.CredentialChangeInfo): void => {
console.info('credentialType: ' + changeInfo.credentialType
+ ', changeType: ' + changeInfo.changeType
+ ', accountId: ' + changeInfo.accountId
+ ', addedCredentialId: ' + changeInfo.addedCredentialId
+ ', deletedCredentialId: ' + changeInfo.deletedCredentialId
+ ', isSilent: ' + changeInfo.isSilent
)
}
try {
identityMgr.onCredentialChanged([osAccount.AuthType.PIN, osAccount.AuthType.FACE], callback);
console.info('Subscribe to the credential changes successfully');
} catch (e) {
const err = e as BusinessError;
console.error(`Failed to subscribe to the credential changes, code is ${err.code}, message is ${err.message}`)
}
offCredentialChanged23+
offCredentialChanged(callback?: Callback<CredentialChangeInfo>): void
Unsubscribes from credential change events. If no callback is not specified, this API unsubscribes from all subscription records.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Required permissions: ohos.permission.USE_USER_IDM
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| callback | Callback<CredentialChangeInfo> | No | Callback used to listen for the credential change events. The default value is undefined, indicating that all subscription records are unregistered. If the value is not undefined, only the subscription records related to the specified callback are unregistered. |
Error codes
For details about the error codes, see Account Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 201 | Permission denied. |
| 202 | Not system application. |
| 12300001 | The system service works abnormally. |
Example
import { BusinessError } from '@kit.BasicServicesKit';
let identityMgr: osAccount.UserIdentityManager = new osAccount.UserIdentityManager();
const callback: Callback<osAccount.CredentialChangeInfo> = (changeInfo: osAccount.CredentialChangeInfo): void => {
console.info('credentialType: ' + changeInfo.credentialType
+ ', changeType: ' + changeInfo.changeType
+ ', accountId: ' + changeInfo.accountId
+ ', addedCredentialId: ' + changeInfo.addedCredentialId
+ ', deletedCredentialId: ' + changeInfo.deletedCredentialId
+ ', isSilent: ' + changeInfo.isSilent
)
}
try {
identityMgr.onCredentialChanged([osAccount.AuthType.PIN, osAccount.AuthType.FACE], callback);
console.info('Subscribe to the credential changes successfully');
} catch (e) {
const err = e as BusinessError;
console.error(`Failed to subscribe to the credential changes, code is ${err.code}, message is ${err.message}`)
}
try {
identityMgr.offCredentialChanged(callback);
console.info('Unsubscribe from the credential changes successfully');
} catch (e) {
const err = e as BusinessError;
console.error(`Failed to unsubscribe from the credential changes, code is ${err.code}, message is ${err.message}`)
}
IInputData8+
Provides callbacks for PIN operations.
System API: This is a system API.
onSetData8+
onSetData(authSubType: AuthSubType, data: Uint8Array): void
System API: This is a system API.
Called to notify the caller the data is set.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authSubType | AuthSubType | Yes | Credential subtype. |
| data | Uint8Array | Yes | Data (credential) to set. The data is used for authentication and operations for adding and modifying credentials. |
Error codes
| ID | Error Message |
|---|---|
| 202 | Not system application. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 12300002 | Invalid pinSubType. |
Example
let password: Uint8Array = new Uint8Array([0, 0, 0, 0, 0, 0]);
let passwordNumber: Uint8Array = new Uint8Array([1, 2, 3, 4]);
let inputer: osAccount.IInputer = {
onGetData: (authSubType: osAccount.AuthSubType, callback: osAccount.IInputData) => {
if (authSubType == osAccount.AuthSubType.PIN_NUMBER) {
callback.onSetData(authSubType, passwordNumber);
} else {
callback.onSetData(authSubType, password);
}
}
};
IInputer8+
Provides callbacks for credential inputers.
System API: This is a system API.
onGetData8+
onGetData: (authSubType: AuthSubType, callback: IInputData, options: GetInputDataOptions) => void
Called to notify the caller that data is obtained.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authSubType | AuthSubType | Yes | Authentication credential subtype. |
| callback | IInputData | Yes | Callback used to return the PIN data. |
| options | GetInputDataOptions | Yes | Optional parameters for the callback function. |
Example
let password: Uint8Array = new Uint8Array([0, 0, 0, 0, 0, 0]);
let passwordNumber: Uint8Array = new Uint8Array([1, 2, 3, 4]);
let inputer: osAccount.IInputer = {
onGetData: (authSubType: osAccount.AuthSubType,
callback: osAccount.IInputData, options: osAccount.GetInputDataOptions) => {
if (authSubType == osAccount.AuthSubType.PIN_NUMBER) {
callback.onSetData(authSubType, passwordNumber);
} else {
callback.onSetData(authSubType, password);
}
}
};
let pinAuth: osAccount.PINAuth = new osAccount.PINAuth();
let result = pinAuth.registerInputer(inputer);
console.info('registerInputer result: ' + result);
IUserAuthCallback8+
Provides callbacks for user authentication.
System API: This is a system API.
onResult8+
onResult: (result: number, extraInfo: AuthResult) => void
Called to return the result code and authentication result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| result | number | Yes | Authentication result code. |
| extraInfo | AuthResult | Yes | Specific authentication result information. If the authentication is successful, the authentication token is returned in extrainfo. If the authentication fails, the remaining authentication time is returned. If the authentication executor is locked, the freezing time is returned. |
Example
let authCallback: osAccount.IUserAuthCallback = {
onResult: (result: number, extraInfo: osAccount.AuthResult) => {
console.info('auth result = ' + result);
console.info('auth extraInfo = ' + JSON.stringify(extraInfo));
}
};
onAcquireInfo?8+
onAcquireInfo?: (module: number, acquire: number, extraInfo: Uint8Array) => void
Called to acquire identity authentication information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| module | number | Yes | Type of authentication executor. |
| acquire | number | Yes | Tip code of the authentication executor. |
| extraInfo | Uint8Array | Yes | Reserved. |
Example
let authCallback: osAccount.IUserAuthCallback = {
onResult: (result: number, extraInfo: osAccount.AuthResult) => {
console.info('auth result = ' + result)
console.info('auth extraInfo = ' + JSON.stringify(extraInfo));
},
onAcquireInfo: (module: number, acquire: number, extraInfo: Uint8Array) => {
console.info('auth module = ' + module);
console.info('auth acquire = ' + acquire);
console.info('auth extraInfo = ' + JSON.stringify(extraInfo));
}
};
IIdmCallback8+
Provides callbacks for IDM.
System API: This is a system API.
onResult8+
onResult: (result: number, extraInfo: RequestResult) => void
Called to return the result code and request result information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| result | number | Yes | Authentication result code. |
| extraInfo | RequestResult | Yes | Specific information to be transferred. |
Example
let idmCallback: osAccount.IIdmCallback = {
onResult: (result: number, extraInfo: osAccount.RequestResult) => {
console.info('callback result = ' + result)
console.info('callback extraInfo = ' + JSON.stringify(extraInfo));
}
};
onAcquireInfo?8+
onAcquireInfo?: (module: number, acquire: number, extraInfo: Uint8Array) => void
Called to acquire IDM information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| module | number | Yes | Type of authentication executor. |
| acquire | number | Yes | Tip code of the authentication executor. |
| extraInfo | Uint8Array | Yes | Reserved. |
Example
let idmCallback: osAccount.IIdmCallback = {
onResult: (result: number, extraInfo: Object) => {
console.info('callback result = ' + result)
console.info('callback onResult = ' + JSON.stringify(extraInfo));
},
onAcquireInfo: (module: number, acquire: number, extraInfo: Uint8Array) => {
console.info('callback module = ' + module);
console.info('callback acquire = ' + acquire);
console.info('callback onacquireinfo = ' + JSON.stringify(extraInfo));
}
};
GetPropertyRequest8+
Defines the request for obtaining property information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| authType | AuthType | No | No | Authentication credential type. |
| keys | Array<GetPropertyType> | No | No | An array of the types of the properties to obtain. |
| accountId12+ | number | No | Yes | System account ID, which is undefined by default. |
SetPropertyRequest8+
Defines the request for setting property information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| authType | AuthType | No | No | Authentication credential type. |
| key | SetPropertyType | No | No | Type of the property to set. |
| setInfo | Uint8Array | No | No | Information to set. |
ExecutorProperty8+
Defines the executor property.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| result | number | No | No | Result. |
| authSubType | AuthSubType | No | No | Authentication credential subtype. |
| remainTimes | number | No | Yes | Number of remaining authentication times, which is -1 by default. |
| freezingTime | number | No | Yes | Freezing time, in milliseconds. The default value is -1. |
| enrollmentProgress10+ | string | No | Yes | Enrollment progress, which is left blank by default. |
| sensorInfo10+ | string | No | Yes | Sensor information, which is left blank by default. |
| nextPhaseFreezingTime12+ | number | No | Yes | Next freezing time, in milliseconds. The default value is undefined. |
| credentialLength20+ | number | No | Yes | Credential length, which is undefined by default. When credentials with indefinite-length attributes such as biometric information are queried, undefined is returned. |
AuthResult8+
Defines the authentication result information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| token | Uint8Array | No | Yes | Authentication token, which is left blank by default. |
| remainTimes | number | No | Yes | Number of remaining authentication times, which is left blank by default. |
| freezingTime | number | No | Yes | Freezing time, in milliseconds. The default value is left empty. |
| nextPhaseFreezingTime12+ | number | No | Yes | Next freezing time, in milliseconds. The default value is undefined. |
| credentialId12+ | Uint8Array | No | Yes | Credential ID, which is left blank by default. |
| accountId12+ | number | No | Yes | System account ID, which is undefined by default. |
| pinValidityPeriod12+ | number | No | Yes | Authentication validity period, in milliseconds. The default value is undefined. |
CredentialInfo8+
Defines the credential information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| credType | AuthType | No | No | Authentication credential type. |
| credSubType | AuthSubType | No | No | Authentication credential subtype. |
| token | Uint8Array | No | No | Authentication token. |
| accountId12+ | number | No | Yes | System account ID, which is undefined by default. |
| additionalInfo23+ | string | No | Yes | Additional information about the credential, which is an empty string by default. |
RequestResult8+
Defines the request result information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| credentialId | Uint8Array | No | Yes | Credential ID, which is left blank by default. |
EnrolledCredInfo8+
Defines enrolled credential information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| credentialId | Uint8Array | No | No | Credential ID. |
| authType | AuthType | No | No | Authentication credential type. |
| authSubType | AuthSubType | No | No | Authentication credential subtype. |
| templateId | Uint8Array | No | No | Authentication credential template ID. |
| isAbandoned20+ | boolean | No | Yes | Whether the credential is abandoned. The abandoned credential may be stored as a backup credential for a period of time. The value true indicates that the credential is abandoned, and the value false indicates the opposite. The default value is undefined. |
| validityPeriod20+ | number | No | Yes | Credential validity period, in milliseconds. The default value is undefined. |
GetPropertyType8+
Enumerates the types of properties to obtain.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| AUTH_SUB_TYPE | 1 | Authentication credential subtype. |
| REMAIN_TIMES | 2 | Number of remaining times. |
| FREEZING_TIME | 3 | Freezing time. |
| ENROLLMENT_PROGRESS10+ | 4 | Enrollment progress. |
| SENSOR_INFO10+ | 5 | Sensor information. |
| NEXT_PHASE_FREEZING_TIME12+ | 6 | Next freezing time. |
| CREDENTIAL_LENGTH20+ | 7 | Credential length. |
SetPropertyType8+
Enumerates the types of properties to set.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| INIT_ALGORITHM | 1 | Initialization algorithm. |
AuthType8+
Enumerates the authentication credential types.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| PIN | 1 | PIN authentication. |
| FACE | 2 | Facial authentication. |
| FINGERPRINT10+ | 4 | Fingerprint authentication. |
| RECOVERY_KEY12+ | 8 | Key recovery type. |
| PRIVATE_PIN14+ | 16 | Private PIN type. |
| COMPANION_DEVICE23+ | 64 | Companion device authentication. |
| DOMAIN9+ | 1024 | Domain authentication. |
AuthSubType8+
Enumerates the authentication credential subtypes.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| PIN_SIX | 10000 | Six-digit PIN. |
| PIN_NUMBER | 10001 | Custom PIN. |
| PIN_MIXED | 10002 | Custom mixed credentials. |
| PIN_FOUR12+ | 10003 | 4-digit credential. |
| PIN_PATTERN12+ | 10004 | Pattern credential. |
| PIN_QUESTION14+ | 10005 | Security question credential. |
| FACE_2D | 20000 | 2D face credential. |
| FACE_3D | 20001 | 3D face credential. |
| FINGERPRINT_CAPACITIVE10+ | 30000 | Capacitive fingerprint. |
| FINGERPRINT_OPTICAL10+ | 30001 | Optical fingerprint. |
| FINGERPRINT_ULTRASONIC10+ | 30002 | Ultrasonic fingerprint. |
| DOMAIN_MIXED9+ | 10240001 | Mixed domain authentication credentials. |
AuthTrustLevel8+
Enumerates the trust levels of the authentication result.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| ATL1 | 10000 | Trust level 1. |
| ATL2 | 20000 | Trust level 2. |
| ATL3 | 30000 | Trust level 3. |
| ATL4 | 40000 | Trust level 4. |
Module8+
Enumerates the modules from which information is obtained.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| FACE_AUTH | 1 | Facial authentication module. |
ResultCode8+
Enumerates the authentication result codes.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| SUCCESS | 0 | The authentication is successful or the authentication feature is supported. |
| FAIL | 1 | The authentication executor failed to identify the user. |
| GENERAL_ERROR | 2 | Other errors. |
| CANCELED | 3 | The authentication is canceled. |
| TIMEOUT | 4 | The authentication timed out. |
| TYPE_NOT_SUPPORT | 5 | The authentication credential type is not supported. |
| TRUST_LEVEL_NOT_SUPPORT | 6 | The authentication trust level is not supported. |
| BUSY | 7 | The authentication executor is busy. Try again after a few seconds. |
| INVALID_PARAMETERS | 8 | Incorrect parameters are detected. |
| LOCKED | 9 | The authentication executor is locked. |
| NOT_ENROLLED | 10 | The authentication executor is not enrolled. |
FaceTipsCode8+
Enumerates the tip codes for facial authentication.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| FACE_AUTH_TIP_TOO_BRIGHT | 1 | The obtained face image is too bright. |
| FACE_AUTH_TIP_TOO_DARK | 2 | The obtained face image is too dark. |
| FACE_AUTH_TIP_TOO_CLOSE | 3 | The face is too close to the device. |
| FACE_AUTH_TIP_TOO_FAR | 4 | The face is too far away from the device. |
| FACE_AUTH_TIP_TOO_HIGH | 5 | Only the upper part of the face is captured because the device is angled too high. |
| FACE_AUTH_TIP_TOO_LOW | 6 | Only the lower part of the face is captured because the device is angled too low. |
| FACE_AUTH_TIP_TOO_RIGHT | 7 | Only the right part of the face is captured because the device is angled too much to the right. |
| FACE_AUTH_TIP_TOO_LEFT | 8 | Only the left part of the face is captured because the device is angled too much to the left. |
| FACE_AUTH_TIP_TOO_MUCH_MOTION | 9 | The face moves too fast during facial information collection. |
| FACE_AUTH_TIP_POOR_GAZE | 10 | The face is not facing the device. |
| FACE_AUTH_TIP_NOT_DETECTED | 11 | No face is detected. |
FingerprintTips8+
Enumerates the tip codes for fingerprint authentication.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| FINGERPRINT_TIP_GOOD | 0 | The captured image is clear. |
| FINGERPRINT_TIP_IMAGER_DIRTY | 1 | The fingerprint image has big noise due to dirt on the sensor. |
| FINGERPRINT_TIP_INSUFFICIENT | 2 | Failed to process the fingerprint image due to big noise. |
| FINGERPRINT_TIP_PARTIAL | 3 | Only part of the fingerprint image is detected. |
| FINGERPRINT_TIP_TOO_FAST | 4 | The fingerprint image is incomplete due to quick motion. |
| FINGERPRINT_TIP_TOO_SLOW | 5 | Failed to read the fingerprint image due to lack of motion. |
| FINGERPRINT_TIP_FINGER_DOWN10+ | 6 | Press your finger. |
| FINGERPRINT_TIP_FINGER_UP10+ | 7 | Lift your finger. |
OsAccountInfo
Represents the system account information.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| shortName12+ | string | No | Yes | Short name of the system account. System API: This is a system API and is left blank by default. |
| isLoggedIn12+ | boolean | No | Yes | Whether the system account is logged in. The value true means that the system account has logged in; the value false means the opposite. System API: This is a system API. The default value is false. |
OsAccountType
Enumerates the system account types.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| PRIVATE12+ | 1024 | Privacy account. Only one privacy account is allowed. System API: This is a system API. |
DomainAccountInfo8+
Represents domain account information.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| accountId10+ | string | No | Yes | Domain account ID. System API: This is a system API and is undefined by default. |
| isAuthenticated11+ | boolean | No | Yes | Whether the domain account has been authenticated. The value true means that the specified domain account has been authenticated; the value false means the opposite. System API: This is a system API. The default value is false. |
ConstraintSourceTypeInfo9+
Defines the constraint source type.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| localId | number | No | No | ID of the target system account. |
| type | ConstraintSourceType | No | No | Type of the constraint source. |
ConstraintSourceType9+
Enumerates the constraint sources.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| CONSTRAINT_NOT_EXIST | 0 | The constraint does not exist. |
| CONSTRAINT_TYPE_BASE | 1 | Constraint from system settings. |
| CONSTRAINT_TYPE_DEVICE_OWNER | 2 | Constraint from the device owners' settings. |
| CONSTRAINT_TYPE_PROFILE_OWNER | 3 | Constraint from the profile owners' settings. |
AuthStatusInfo10+
Presents the authentication status information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| remainTimes | number | No | No | Number of remaining times. |
| freezingTime | number | No | No | Freezing time, in milliseconds. |
GetDomainAccessTokenOptions10+
Defines the options for obtaining a domain access token.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| domainAccountInfo | DomainAccountInfo | No | No | Domain account information. |
| domainAccountToken | Uint8Array | No | No | Token of the domain account. |
| businessParams | Record<string, Object> | No | No | Service parameters customized by the service party based on the request protocol. |
| callerUid | number | No | No | Unique identifier of the caller. |
DomainAccountAuthOptions24+
Defines the options for domain account authentication.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| serverParams | Record<string, Object> | No | Yes | Configuration parameters of the domain account authentication server. which is undefined by default. |
GetDomainAccountInfoOptions10+
Defines the options for obtaining domain account information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| accountName | string | No | No | Domain account name. |
| domain | string | No | Yes | Domain name, which is undefined by default. |
| serverConfigId12+ | string | No | Yes | ID of the server to which the domain account belongs, which is undefined by default. |
GetDomainAccountInfoPluginOptions10+
Defines the options for the domain plug-in to obtain the domain account information. The GetDomainAccountInfoPluginOptions class inherits from GetDomainAccountInfoOptions.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| callerUid | number | No | No | Unique identifier of the caller. |
OsAccountSwitchEventData12+
Defines the event that indicates the start or end of a foreground-background system account switchover.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| fromAccountId | number | No | No | ID of the source system account. |
| toAccountId | number | No | No | ID of the target system account. |
| displayId23+ | number | No | Yes | ID of the logical display where the switchover occurs. The default value is 0. |
ConstraintChangeInfo23+
Defines the constraint change information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| constraint | string | No | No | Constraint that has been changed. |
| isEnabled | boolean | No | No | Enabling state of the changed constraint. The default value is false. The value true indicates that the target constraint is enabled, and false indicates the opposite. |
CreateOsAccountOptions12+
Represents the optional parameter used to create a system account.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| shortName | string | No | No | Short name of the account (used as the name of the personal folder). The short name cannot: 1. Contain any of the following characters: < >| : " * ? / \ 2. Contain any of the following: . or .. 3. Exceed 255 characters. |
| disallowedPreinstalledBundles19+ | Array<string> | No | Yes | Forbidden list of the preinstalled applications, which cannot be installed on the device. The value is left empty by default. |
| allowedPreinstalledBundles19+ | Array<string> | No | Yes | Trustlist of the preinstalled applications, which can be installed on the device. The default value is std::nullopt. |
| token24+ | Uint8Array | No | Yes | Token obtained from the authentication management API. The value is left empty by default. |
CreateOsAccountForDomainOptions12+
Represents a set of optional parameters for creating a system account bound to the specified domain account. It inherits from CreateOsAccountOptions.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
RemoveOsAccountOptions24+
Represents the optional parameter used to remove a system account.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| token | Uint8Array | No | Yes | Token obtained from the authentication management API. The value is left empty by default. |
GetAuthInfoOptions12+
Represents a set of optional parameters for GetAuthInfo.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| authType | AuthType | No | Yes | Authentication type, which is undefined by default. |
| accountId | number | No | Yes | System account ID, which is undefined by default. |
AuthIntent12+
Enumerates the authentication intents.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| UNLOCK | 1 | Unlock. |
| SILENT_AUTH14+ | 2 | Silent authentication. |
| QUESTION_AUTH14+ | 3 | Security question authentication. |
| ABANDONED_PIN_AUTH20+ | 4 | Abandoned PIN authentication. After a user changes the lock screen password, the old PIN is abandoned. If a user forgets the current password, the user can reset the lock screen password after passing the authentication with the abandoned PIN. |
RemoteAuthOptions12+
Represents a set of optional parameters for remote authentication.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| verifierNetworkId | string | No | Yes | Network ID of the credential verifier, which is left blank by default. |
| collectorNetworkId | string | No | Yes | Network ID of the credential collector, which is left blank by default. |
| collectorTokenId | number | No | Yes | Token ID of the credential collector, which is undefined by default. |
AuthOptions12+
Represents a set of optional parameters for auth.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| accountId | number | No | Yes | System account ID, which is undefined by default. |
| authIntent | AuthIntent | No | Yes | Authentication intent, which is undefined by default. |
| remoteAuthOptions | RemoteAuthOptions | No | Yes | Remote authentication options, which is undefined by default. |
GetInputDataOptions12+
Represents a set of optional parameters for onGetData.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| challenge | Uint8Array | No | Yes | Challenge value, which is undefined by default. |
CredentialChangeInfo23+
Defines the credential change information.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| changeType | CredentialChangeType | No | No | Credential change type. |
| isSilent | boolean | No | No | Whether the change is silent. A silent change is automatically initiated by the system in the background. |
| credentialType | AuthType | No | No | Credential type. |
| accountId | number | No | No | System account ID. |
| addedCredentialId | Uint8Array | No | Yes | Credential ID. An ID is returned when a credential is added or updated. which is undefined by default. |
| deletedCredentialId | Uint8Array | No | Yes | Credential ID. An ID is returned when a credential is deleted or updated. which is undefined by default. |
CredentialChangeType23+
Enumerates the credential change types.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Value | Description |
|---|---|---|
| ADD_CREDENTIAL | 1 | A credential is added. |
| UPDATE_CREDENTIAL | 2 | A credential is updated. |
| DELETE_CREDENTIAL | 3 | A credential is deleted. |
SetOsAccountTypeOptions24+
Defines the options for setting the system account type.
System API: This is a system API.
System capability: SystemCapability.Account.OsAccount
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| token | Uint8Array | No | Yes | Token obtained from the authentication management API. This parameter is left empty by default. |