Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
310
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
170
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.6k
Modern, maintainable and coRRRect project
igorwojda
0
160
Why do we need Clean Architecture
igorwojda
23
8.6k
Other Decks in Technology
See All in Technology
GigaViewerにおけるMackerel APM導入の裏側
7474
0
460
Javaアプリケーションの配布とパッケージング / Distribution and packaging of Java applications
hogelog
1
250
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
8
65k
S3 Tables を図解でやさしくおさらい~基本から QuickSight 連携まで/s3-tables-illustrated-basics-quicksight
emiki
2
340
KMP導⼊において、マネジャーとして考えた事
sansantech
PRO
1
210
Houtou.pm #1
papix
0
670
他チームへ越境したら、生データ提供ソリューションのクエリ費用95%削減へ繋がった話 / Cross-Team Impact: 95% Off Raw Data Query Costs
yamamotoyuta
0
240
エンジニアが組織に馴染むために勉強会を主催してチームの壁を越える
ohmori_yusuke
2
120
コードの考古学 〜労務システムから発掘した成長の糧〜
kenta_smarthr
1
1.2k
GoogleのAI Agent
shukob
0
140
RDRA3.0を知ろう
kanzaki
2
430
toittaにOpenTelemetryを導入した話 / Mackerel APM リリースパーティ
cohalz
1
490
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
42
7.5k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
GitHub's CSS Performance
jonrohan
1031
460k
Building a Modern Day E-commerce SEO Strategy
aleyda
40
7.3k
Embracing the Ebb and Flow
colly
85
4.7k
How GitHub (no longer) Works
holman
314
140k
Automating Front-end Workflow
addyosmani
1370
200k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
106
19k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
180
53k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]
igorwojda
7474
hogelog
oracle4engineer
emiki
sansantech
papix
yamamotoyuta
ohmori_yusuke
kenta_smarthr
shukob
kanzaki
cohalz
jmmastey
kastner
malarkey
caitiem20
jonrohan
aleyda
colly
holman
addyosmani
panda_program
soudai
garrettdimon
![Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]](https://files.speakerdeck.com/presentations/b8c4a9c8ad104b868ad42c65731a8a6a/slide_22.jpg){kind=link}