Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
290
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
120
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.5k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.5k
Other Decks in Technology
See All in Technology
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
レンジャーシステムズ | 会社紹介(採用ピッチ)
rssytems
0
150
どちらを使う?GitHub or Azure DevOps Ver. 24H2
kkamegawa
0
700
AWS re:Invent 2024で発表された コードを書く開発者向け機能について
maruto
0
190
ハイテク休憩
sat
PRO
2
140
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
180
組織に自動テストを書く文化を根付かせる戦略(2024冬版) / Building Automated Test Culture 2024 Winter Edition
twada
PRO
13
3.6k
Storage Browser for Amazon S3
miu_crescent
1
140
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
31k
Microsoft Azure全冠になってみた ~アレを使い倒した者が試験を制す!?~/Obtained all Microsoft Azure certifications Those who use "that" to the full will win the exam! ?
yuj1osm
2
110
日本版とグローバル版のモバイルアプリ統合の開発の裏側と今後の展望
miichan
1
130
成果を出しながら成長する、アウトプット駆動のキャッチアップ術 / Output-driven catch-up techniques to grow while producing results
aiandrox
0
240
Featured
See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Thoughts on Productivity
jonyablonski
67
4.4k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.3k
Unsuck your backbone
ammeep
669
57k
Imperfection Machines: The Place of Print at Facebook
scottboms
266
13k
Being A Developer After 40
akosma
87
590k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.9k
Building Your Own Lightsaber
phodgson
103
6.1k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Designing Experiences People Love
moore
138
23k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]