Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Offline logout
Search
Igor Wojda
March 26, 2018
Technology
350
2
Share
Offline logout
Interesting logout use case.
Igor Wojda
March 26, 2018
More Decks by Igor Wojda
See All by Igor Wojda
Harmonizing Kotlin codebase with Konsist
igorwojda
2
230
Droidcon 2020. Why We Need Clean Architecture
igorwojda
4
1.7k
Modern, maintainable and coRRRect project
igorwojda
0
180
Why do we need Clean Architecture
igorwojda
23
8.8k
Other Decks in Technology
See All in Technology
ハーネスエンジニアリング×AI適応開発
aictokamiya
3
1.3k
SSoT(Single Source of Truth)で「壊して再生」する設計
kawauso
2
410
最大のアウトプット術は問題を作ること
ryoaccount
0
260
Microsoft Fabricで考える非構造データのAI活用
ryomaru0825
0
600
GitHub Actions侵害 — 相次ぐ事例を振り返り、次なる脅威に備える
flatt_security
12
7.3k
JSTQB Expert Levelシラバス 「テストマネジメント」日本語版のご紹介
ymty
0
110
Tour of Agent Protocols: MCP, A2A, AG-UI, A2UI with ADK
meteatamel
0
190
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
yama3133
1
170
スケーリングを封じられたEC2を救いたい
senseofunity129
0
130
Zephyr(RTOS)でARMとRISC-Vのコア間通信をしてみた
iotengineer22
0
120
How to install a gem
indirect
0
2.1k
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
Featured
See All Featured
Mobile First: as difficult as doing things right
swwweet
225
10k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
320
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
420
Build your cross-platform service in a week with App Engine
jlugia
234
18k
RailsConf 2023
tenderlove
30
1.4k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
300
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8k
Testing 201, or: Great Expectations
jmmastey
46
8.1k
Everyday Curiosity
cassininazir
0
180
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Transcript
Solving offline logout By Igor Wojda @igorwojda
Not so long long time ago...
Username & password Login request Other request Other request
Why this is not very secure?
Username & password
Solution?
Token 209eb9bb-2f6c-40d6-a9b9-912257492b61
Token
Token Renewal Timeout
Token per client
Token invalidate
Online Logout
Online logout Logout Request Additional operations
Offline Logout
Offline logout Logout Request X No network
Option 1 – delete device token instantly Logout Request X
No network
Option 2 – delete device token device when online Logout
Request X No network
Logout user latter using the token Remove token instantly Goals
Solution?
Token Logout token Authentication token
Token Press logout Is online? Delete authentication token Logout (hit
logout endpoint sending logout token) Job scheduler runs logout job Invalidate both tokens Unregister device from receiving notifications NO Schedule logout Job YES Is online? YES
• https://android.jlelse.eu/solving -offline-logout-problem- f3b50da49e7eTable salt • https://www.owasp.org/index.p hp/Session_Management_Cheat _Sheet#Session_Expiration •
https://security.stackexchange. com/questions/29988/what-is- certificate-pinning Materials Worth reading
Thanks! ANY QUESTIONS? You can find me at @igorwojda
[email protected]
igorwojda
aictokamiya
kawauso
ryoaccount
ryomaru0825
flatt_security
ymty
meteatamel
yama3133
senseofunity129
iotengineer22
indirect
fullkaiten
swwweet
katarinadahlin
morganepeng
portentint
jlugia
tenderlove
malarkey
inesmontani
eileencodes
jmmastey
cassininazir
lynnandtonic
![Thanks! ANY QUESTIONS? You can find me at @igorwojda [email protected]](https://files.speakerdeck.com/presentations/b8c4a9c8ad104b868ad42c65731a8a6a/slide_22.jpg){kind=link}