Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
280
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
94
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.5k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.4k
Other Decks in Technology
See All in Technology
より快適なエラーログ監視を目指して
leveragestech
4
1.5k
アプリをリリースできる状態に保ったまま 段階的にリファクタリングするための 戦略と戦術 / Strategies and tactics for incremental refactoring
yanzm
6
1.4k
GC24 Recap: Interface Internals
task4233
0
150
社内の学びの場・コミュニティ形成とエンジニア同士のリレーションシップ構築/devreljapan2024
nishiuma
3
290
なにもしてないのにNew Relicのデータ転送量が増えていたときに確認したこと
tk3fftk
2
230
JEP 480: Structured Concurrency
aya_ebata
0
130
実務における脅威モデリングを考えよう
nikinusu
0
670
どこよりも遅めなWinActor Ver.7.5.0 新機能紹介
tamai_63
0
210
DevRelの始め方
moongift
PRO
2
390
グイグイ系QAマネージャーの仕事
sadonosake
0
350
DuckDB雑紹介(1.1対応版)@DuckDB座談会
ktz
6
1.4k
やってやろうじゃないかメカアジャイル! / Let's do it, mechanical agile!
psj59129
1
680
Featured
See All Featured
Creatively Recalculating Your Daily Design Routine
revolveconf
215
12k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
43
2k
How to Ace a Technical Interview
jacobian
274
23k
Thoughts on Productivity
jonyablonski
66
4.2k
How GitHub Uses GitHub to Build GitHub
holman
472
290k
Principles of Awesome APIs and How to Build Them.
keavy
125
16k
Automating Front-end Workflow
addyosmani
1365
200k
Navigating Team Friction
lara
183
13k
The Illustrated Children's Guide to Kubernetes
chrisshort
47
48k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.3k
What's new in Ruby 2.0
geeforr
340
31k
Facilitating Awesome Meetings
lara
49
6k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]