I’m currently working on a PWA with some unique offline requirements regarding authentication, storage and syncing. I’m not sure of a way this is possible, but the client is adamant that others have done this.
The requirements are as follows.
- Users need to be able to authenticate offline.
- Users should be able to call support for to reset their password via an “unlock code” in the event they forget their password. The support tech tech should be able to query an internal DB for one of several user relevant “unlock codes”
- A user may configure surrogate accounts to act on behalf of that user (e.g. a surrogate group = main account + all surrogate accounts). All surrogate accounts need to be able to access the main account’s data.
- It’s possible that a device can store data related to multiple surrogate groups for offline usage
- Data across all surrogate groups must be synced as a background task at a regular interval (probably 15m)
- All offline data must be encrypted at rest.
Our primary platform is Android, but we will open it up to iOS in the future.
I simply can’t think of how we’ll be able to achieve all of those requirements without some custom written plugin.
The surrogate group and “unlock code” requirements seems to preclude using a User’s password as the basis for an encryption key.
Syncing the data in the background seems to necessitate an Application level encryption key, which I don’t know how we can implement that securely with a JS based codebase.
So far my quest for similar approaches haven’t turned up anything useful.
Has anyone done something similarly? I don’t mind reading articles, but I haven’t found ones that seem to answer all my questions.
Thanks in advance to anyone that can provide some guidance.