Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
290
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
120
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.5k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.5k
Other Decks in Technology
See All in Technology
LINEヤフーのフロントエンド組織・体制の紹介【24年12月】
lycorp_recruit_jp
0
530
コンテナセキュリティのためのLandlock入門
nullpo_head
2
320
UI State設計とテスト方針
rmakiyama
2
650
MLOps の現場から
asei
7
650
レンジャーシステムズ | 会社紹介(採用ピッチ)
rssytems
0
200
ゼロから創る横断SREチーム 挑戦と進化の軌跡
rvirus0817
2
270
Qiita埋め込み用スライド
naoki_0531
0
5.1k
Wantedly での Datadog 活用事例
bgpat
1
530
OpenAIの蒸留機能(Model Distillation)を使用して運用中のLLMのコストを削減する取り組み
pharma_x_tech
4
570
KnowledgeBaseDocuments APIでベクトルインデックス管理を自動化する
iidaxs
1
270
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
290
マルチプロダクト開発の現場でAWS Security Hubを1年以上運用して得た教訓
muziyoshiz
3
2.4k
Featured
See All Featured
How GitHub (no longer) Works
holman
311
140k
Raft: Consensus for Rubyists
vanstee
137
6.7k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
How To Stay Up To Date on Web Technology
chriscoyier
789
250k
Bash Introduction
62gerente
608
210k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
520
Side Projects
sachag
452
42k
Navigating Team Friction
lara
183
15k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Code Reviewing Like a Champion
maltzj
520
39k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]