Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Offline logout

Igor Wojda
March 26, 2018
Technology
2
300

Offline logout

Interesting logout use case.

Igor Wojda

March 26, 2018
Tweet

More Decks by Igor Wojda

See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
130
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.6k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.5k

Other Decks in Technology

See All in Technology
RSNA2024振り返り
nanachi
0
590
君も受託系GISエンジニアにならないか
sudataka
2
440
トラシューアニマルになろう ~開発者だからこそできる、安定したサービス作りの秘訣~
jacopen
2
2k
ユーザーストーリーマッピングから始めるアジャイルチームと並走するQA / Starting QA with User Story Mapping
katawara
0
210
リーダブルテストコード 〜メンテナンスしやすい テストコードを作成する方法を考える〜 #DevSumi #DevSumiB / Readable test code
nihonbuson
11
7.3k
スタートアップ1人目QAエンジニアが QAチームを立ち上げ、“個”からチーム、 そして“組織”に成長するまで / How to set up QA team at reiwatravel
mii3king
2
1.5k
エンジニアの育成を支える爆速フィードバック文化
sansantech
PRO
3
1.1k
2025-02-21 ゆるSRE勉強会 Enhancing SRE Using AI
yoshiiryo1
1
370
クラウドサービス事業者におけるOSS
tagomoris
2
860
開発組織のための セキュアコーディング研修の始め方
flatt_security
3
2.4k
転生CISOサバイバル・ガイド / CISO Career Transition Survival Guide
kanny
3
1k
N=1から解き明かす AWS ソリューションアーキテクトの魅力
kiiwami
0
130

Featured

See All Featured
Unsuck your backbone
ammeep
669
57k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Faster Mobile Websites
deanohume
306
31k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.3k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
The Pragmatic Product Professional
lauravandoore
32
6.4k
How STYLIGHT went responsive
nonsquared
98
5.4k

Transcript

  1. Solving offline logout By Igor Wojda @igorwojda

  2. Not so long long time ago...

  3. Username & password Login request Other request Other request

  4. Why this is not very secure?

  5. Username & password

  6. Solution?

  7. Token 209eb9bb-2f6c-40d6-a9b9-912257492b61

  8. Token

  9. Token Renewal Timeout

  10. Token per client

  11. Token invalidate

  12. Online Logout

  13. Online logout Logout Request Additional operations

  14. Offline Logout

  15. Offline logout Logout Request X No network

  16. Option 1 – delete device token instantly Logout Request X

    No network

  17. Option 2 – delete device token device when online Logout

    Request X No network

  18. Logout user latter using the token Remove token instantly Goals

  19. Solution?

  20. Token Logout token Authentication token

  21. Token Press logout Is online? Delete authentication token Logout (hit

    logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES

  22. • https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •

    https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading

  23. Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]