Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
320
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
200
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.6k
Modern, maintainable and coRRRect project
igorwojda
0
170
Why do we need Clean Architecture
igorwojda
23
8.7k
Other Decks in Technology
See All in Technology
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
「Verify with Wallet API」を アプリに導入するために
hinakko
1
230
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
960
実装で解き明かす並行処理の歴史
zozotech
PRO
1
320
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
1
260
組織観点からIAM Identity CenterとIAMの設計を考える
nrinetcom
PRO
1
170
関係性が駆動するアジャイル──GPTに人格を与えたら、対話を通してふりかえりを習慣化できた話
mhlyc
0
130
20201008_ファインディ_品質意識を育てる役目は人かAIか___2_.pdf
findy_eventslides
0
130
How to achieve interoperable digital identity across Asian countries
fujie
0
120
PLaMoの事後学習を支える技術 / PFN LLMセミナー
pfn
PRO
9
3.8k
FastAPIの魔法をgRPC/Connect RPCへ
monotaro
PRO
1
740
KAGのLT会 #8 - 東京リージョンでGAしたAmazon Q in QuickSightを使って、報告用の資料を作ってみた
0air
0
200
Featured
See All Featured
Thoughts on Productivity
jonyablonski
70
4.9k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
A Tale of Four Properties
chriscoyier
160
23k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Automating Front-end Workflow
addyosmani
1371
200k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
A Modern Web Designer's Workflow
chriscoyier
697
190k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]