Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
2
290
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
Tweet
Share
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
110
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.5k
Modern, maintainable and coRRRect project
igorwojda
0
150
Why do we need Clean Architecture
igorwojda
23
8.4k
Other Decks in Technology
See All in Technology
初心者に Vue.js を 教えるには
tsukuha
5
390
来年もre:Invent2024 に行きたいあなたへ - “集中”と“つながり”で楽しむ -
ny7760
0
470
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
9
120k
VPC間の接続方法を整理してみた #自治体クラウド勉強会
non97
1
850
ガバメントクラウド先行事業中間報告を読み解く
sugiim
1
1.4k
WINTICKETアプリで実現した高可用性と高速リリースを支えるエコシステム / winticket-eco-system
cyberagentdevelopers
PRO
1
190
バクラクにおける可観測性向上の取り組み
yuu26
3
420
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
180
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
190
独自ツール開発でスタジオ撮影をDX!「VLS(Virtual LED Studio)」 / dx-studio-vls
cyberagentdevelopers
PRO
1
180
CAMERA-Suite: 広告文生成のための評価スイート / ai-camera-suite
cyberagentdevelopers
PRO
3
270
使えそうで使われないCloudHSM
maikamibayashi
0
170
Featured
See All Featured
Speed Design
sergeychernyshev
24
570
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
7
150
Building Your Own Lightsaber
phodgson
102
6k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
790
Scaling GitHub
holman
458
140k
A designer walks into a library…
pauljervisheath
202
24k
A better future with KSS
kneath
238
17k
Gamification - CAS2011
davidbonilla
80
5k
Making the Leap to Tech Lead
cromwellryan
132
8.9k
Designing for Performance
lara
604
68k
RailsConf 2023
tenderlove
29
880
Rails Girls Zürich Keynote
gr2m
93
13k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]