Stay Logged In
The "Stay Logged In" feature allows users to remain authenticated even after the mobile app has been running in the background for an extended period or has been closed entirely. Users don't need to perform a standard login (typically involving password entry) during this period. While this increases user convenience, it must be carefully evaluated based on the application's security requirements.
KOBIL's solution ensures that app integrity and security are maintained across all implementation variants. Additionally, the app continues to be securely bound to the same mobile device through KOBIL's device binding mechanism.
Optional Biometric Protection
The "Stay Logged In" feature can be used in two ways:
- Without additional protection: The user is automatically logged back in without user interaction, for example, after restarting the app or bringing it back to the foreground after a long period of inactivity.
- With biometric protection: The device prompts the user to authenticate using a biometric method (e.g., facial recognition) before reactivating the session.
Time Limitation
The feature can and should be time-limited to ensure that after a predefined duration, a standard login is required again. This approach encourages regular use of the login password, reducing the likelihood that users will forget it.
There are two technical implementations for this feature:
-
Offline Tokens (most commonly used): The session duration can be configured in KOBIL IDP using the
Offline Session Maxparameter. Additionally, theOffline Session Max Limitedparameter must be enabled. -
Authorization-Grant Tokens: As an alternative, this method uses authorization-grant tokens to manage session duration. In the long term, this approach is expected to replace the use of offline tokens.
OfflineLoginEvent
To utilize the Stay Logged In feature, you need to trigger an OfflineLoginEvent. If a valid offline token is stored for the activated user and the OfflineLogin succeeds, the MC will return a Status OK, meaning the session was validated successfully.
Note: When OfflineLoginResult returns with StatusType != OK, we recommend performing an IDP login using the same authentication mode as before.
Example: Biometry is enabled → OfflineLogin fails with StatusType != OK → open IDP login page and perform login with AuthenticationMode.BIOMETRIC in your SetAuthorisationCodeEvent.
When login fails repeatedly (for example, due to an unrecognized fingerprint), we suggest asking the user how to proceed and whether they want to change the authentication mode.
Implementation Examples
iOS/Swift
For Swift, this can be implemented as follows:
public func performOfflineLogin(
userIdentifier: KsUserIdentifier,
completion: @escaping((KSMOfflineLoginResultEvent) -> Void?)
) {
let offlineLoginEvent = KSMOfflineLoginEvent(
userIdentifier: userIdentifier,
authenticationMode: KSMAuthenticationMode.no
)
self.masterControllerAdapter.sendEvent2MasterController(offlineLoginEvent) { event in
guard let macroEvent = event as? KsMacroEvent else { return }
guard let resultEvent = macroEvent as? KSMOfflineLoginResultEvent else { return }
completion(resultEvent)
}
}
Android/Kotlin
For Kotlin, here is the corresponding implementation:
fun triggerOfflineLoginEvent(userIdentifier: UserIdentifier) {
val offlineLoginEvent = OfflineLoginEvent(userIdentifier)
synchronousEventHandler?.postEvent(offlineLoginEvent)?.then {
logDebug("received OfflineLoginResultEvent: $it", "triggerOfflineLoginEvent")
// handle result
}
}