Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
320
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
200
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.6k
Modern, maintainable and coRRRect project
igorwojda
0
170
Why do we need Clean Architecture
igorwojda
23
8.8k
Other Decks in Technology
See All in Technology
Okta Identity Governanceで実現する最小権限の原則 / Implementing the Principle of Least Privilege with Okta Identity Governance
tatsumin39
0
160
映像エッジAIにおけるNode-RED活用事例
emirmatsui
0
130
データ戦略部門 紹介資料
sansan33
PRO
1
3.8k
AWS UG Grantでグローバル20名に選出されてre:Inventに行く話と、マルチクラウドセキュリティの教科書を執筆した話 / The Story of Being Selected for the AWS UG Grant to Attending re:Invent, and Writing a Multi-Cloud Security Textbook
yuj1osm
1
120
Introdução a Service Mesh usando o Istio
aeciopires
1
280
コンパウンド組織のCRE #cre_meetup
layerx
PRO
0
210
SCONE - 動画配信の帯域を最適化する新プロトコル
kazuho
1
310
CREが作る自己解決サイクルSlackワークフローに組み込んだAIによる社内ヘルプデスク改革 #cre_meetup
bengo4com
0
280
Node.js 2025: What's new and what's next
ruyadorno
0
1k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.2k
RDS の負荷が高い場合に AWS で取りうる具体策 N 連発/a-series-of-specific-countermeasures-available-on-aws-when-rds-is-under-high-load
emiki
7
4.5k
初めてのDatabricks Apps開発
taka_aki
1
240
Featured
See All Featured
Producing Creativity
orderedlist
PRO
347
40k
Being A Developer After 40
akosma
91
590k
Embracing the Ebb and Flow
colly
88
4.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.1k
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Writing Fast Ruby
sferik
629
62k
Making Projects Easy
brettharned
120
6.4k
GraphQLとの向き合い方2022年版
quramy
49
14k
Gamification - CAS2011
davidbonilla
81
5.5k
A designer walks into a library…
pauljervisheath
209
24k
Automating Front-end Workflow
addyosmani
1371
200k
Building Better People: How to give real-time feedback that sticks.
wjessup
369
20k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]