I’m developing a mobile application using Ionic and leveraging Keycloak for user authentication when the app is online. However, I want to implement an offline login feature that allows users to access the app even when they don’t have an internet connection.
Here’s the flow I have in mind:
When the user is online, they log in via Keycloak. During the online login, I securely store the credentials (or a token) locally, ideally using something like Secure Storage. If the user attempts to log in offline, I verify the locally stored credentials to authorize access.
Main Questions:
- What is the best way to securely store authentication data locally in an Ionic app?
- How can I implement the offline verification mechanism while minimizing security risks?
- Is there a way to update the local token when the user changes their password in Keycloak?
- How should credential verification work offline with the stored token?
Any advice, code examples, or helpful resources would be greatly appreciated. Thank you!
I’m asking about best practices and I will expect any useful advice