Menu
I have an app i'm developing that requires users to be able to use it when offline (remote locations). The goal is to have a login that requires a user to authenticate. If online, authentication will use oauth tokens. But, if offline, no token validation can occur. So, i want to permit the user to authenticate using locally stored info.
Proposal:
request correct credentials -> user enters username & password
if online, proceed with oauth tokens,
a. if successful, store AES encrypted username/password + salts
b. if unsuccessful, re-request correct credentials
if offline, using same encryption as above, encrypt the username/password combination
test offline encrypted credentials against list of recent successful online logins saved in step 2a.
a. if creds match one of the saved versions, access to app and local data in offline mode
b. if creds fail to match, re-request correct creds
Question: Will storing locally encrypted combo un+pw+salt compromise security of the online login process? Further thoughts/advice?
Thanks for participating.
229
asked Jan 01 '26 11:01
Your requirement is possible with Shared Preferences only
public class MySession {
private SharedPreferences sharedPref;
private static Editor editor;
public static final String My_API_KEY = "1234";
public static final String My_CLIENT_VERSION = "1.0";
private static final String My_API_TOKEN = "api_token";
private static final String My_USER_SCREEN_NAME ="profilepic";
private static final String SHARED = "my_Preferences";
public MySession(Context context) {
sharedPref = context.getSharedPreferences(SHARED, Context.MODE_PRIVATE);
editor = sharedPref.edit();
}
public void storeToken(String apiToken) {
editor.putString(My_API_TOKEN, apiToken);
editor.commit();
}
public String getToken() {
return sharedPref.getString(My_API_TOKEN,null);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With