Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Offline logout

Igor Wojda
March 26, 2018
Technology
2
290

Offline logout

Interesting logout use case.

Igor Wojda

March 26, 2018
Tweet

More Decks by Igor Wojda

See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
110
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.5k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.4k

Other Decks in Technology

See All in Technology
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
120
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
770
AGIについてChatGPTに聞いてみた
blueb
0
130
SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~
takumiogawa
1
210
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
470
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
1
210
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
130

Featured

See All Featured
For a Future-Friendly Web
brad_frost
175
9.4k
How to Ace a Technical Interview
jacobian
276
23k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
A Philosophy of Restraint
colly
203
16k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Optimizing for Happiness
mojombo
376
70k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Practical Orchestrator
shlominoach
186
10k

Transcript

  1. Solving offline logout By Igor Wojda @igorwojda

  2. Not so long long time ago...

  3. Username & password Login request Other request Other request

  4. Why this is not very secure?

  5. Username & password

  6. Solution?

  7. Token 209eb9bb-2f6c-40d6-a9b9-912257492b61

  8. Token

  9. Token Renewal Timeout

  10. Token per client

  11. Token invalidate

  12. Online Logout

  13. Online logout Logout Request Additional operations

  14. Offline Logout

  15. Offline logout Logout Request X No network

  16. Option 1 – delete device token instantly Logout Request X

    No network

  17. Option 2 – delete device token device when online Logout

    Request X No network

  18. Logout user latter using the token Remove token instantly Goals

  19. Solution?

  20. Token Logout token Authentication token

  21. Token Press logout Is online? Delete authentication token Logout (hit

    logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES

  22. • https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •

    https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading

  23. Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]