-
Notifications
You must be signed in to change notification settings - Fork 459
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[hoodie.account] offline signIn/signOut #397
Comments
It's correct that the current I'd love to find a way to make it possible though. Probably with the help of a custom plugin, at least in the beginning. My usecase would be that the bootstrapping of user data can take quite a while. Making Another use case: Sometimes a user needs to sign out, despite of changes that have not yet been synchronized. If we'd find a way to sign out when offline, it should fix this use case, too. The only way I could think of so far would be to securely encrypt the user's data in the browser's local store. When a user signs in, you'd check if an encrypted store exists and then decrypt it. So far the general concept. How exactly the encryption / decryption would work, and if there is a secure method at all, that I haven't researched yet. Probably we'd use the user's password to encrypt / decrypt, which means we'd need to ask the user for the password on signOut, if the data should be stored offline. A project I planned to look into for this is https://github.com/calvinmetcalf/crypto-pouch. Maybe you can do some research on this topic? Happy to help as good as I can, but I'll have limited time the coming weeks. |
for reference: https://gist.github.com/jo/ebd5df97eb63df5e5abb |
I’m a commiter to |
How feasible is offline login session control?
We have a use case whereby we need multi-user support that works offline. After the initial bootstrapping (download app, signup), the user(s) are 90% offline (they've only a small window of time to go online).
What makes this trickier is the device (an Android tablet) is shared between users whilst offline. These users need at minimum visibility control over their data, i.e. they need to be able to login/logout so that they can only see their data and not that of others.
There are a number of related issues here (security of local data, "offline signups"(?)), but lets assume the simplest case where all users have already signed up and security isn't an issue.
AFAIT, right now,
hoodie.account.signIn
andhoodie.account.signOut
are online-only operations. Can they feasibly work offline?The text was updated successfully, but these errors were encountered: