Shiv, I agree that I wouldn't want log-in to be dependent on network connectivity. I too also don't believe that the pin needs to be shareable across devices as it's most typical that the 4 digit pin only works for the device that you're setting it up on.
The reason why we were proposing storing the 4-digit pin on the server was because it was insecure if stored locally if a device was rooted and the pin could be accessed. Ishan - there is no way the 4-digit pin could be stored locally in a secure manner? Sander and others, based on what you've built into your self-service apps, can you add your thoughts to this thread? Thaks, Ed On Sun, Apr 16, 2017 at 10:02 PM, SHIV ARORA <[email protected]> wrote: > If we store the pin on server then the app will be dependent on network > connectivity.I think this passcode feature should work, irrelevant of the > access of internet or not.On further stages, we would give the app offline > access feature.So i think network dependency for this feature is not a good > option. > > On 14 Apr 2017 9:21 p.m., "Ed Cable" <[email protected]> wrote: > >> Hi Nazeer, >> >> Per our discussions, I wanted to send some further details on the dev >> list about the requirements and conversations the mobile developers working >> on the Android self-service app have been having. >> >> First off, in order to make it easier for a user to log in and not have >> to fully authenticate themselves each time they leave the self-service app, >> we wanted to enable a 4 digit pin code that could be used to log in to the >> app (once fully authenticated for a first time). This is pretty standard >> practice in banking apps. >> >> We didn't want to store that locally since it wouldn't be secure on >> phones that are rooted. >> >> With that constraint, we need to be able to store this pin on the >> back-end - then it can also be shared across phones as well. >> >> I'll let Rajan, Ishan, and Puneet and others chime in with more details >> about access token that gets generated, its validity etc. >> >> A couple of GSOC aspirants have already begun work on the creation and >> entry of the pin via the app on the phone but we need your assistance in >> storing it at the back-end. >> >> I've created a ticket at: https://issues.apache.org/ >> jira/browse/FINERACT-424 >> >> Discussion surrounding those tickets can be found at >> https://github.com/openMF/self-service-app/issues/115 and >> https://github.com/openMF/self-service-app/issues/132 >> >> Ed >> >> -- >> *Ed Cable* >> President/CEO, Mifos Initiative >> [email protected] | Skype: edcable | Mobile: +1.484.477.8649 >> <(484)%20477-8649> >> >> *Collectively Creating a World of 3 Billion Maries | *http://mifos.org >> <http://facebook.com/mifos> <http://www.twitter.com/mifos> >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> Mifos-developer mailing list >> [email protected] >> Unsubscribe or change settings at: >> https://lists.sourceforge.net/lists/listinfo/mifos-developer >> > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > Mifos-developer mailing list > [email protected] > Unsubscribe or change settings at: > https://lists.sourceforge.net/lists/listinfo/mifos-developer > -- *Ed Cable* President/CEO, Mifos Initiative [email protected] | Skype: edcable | Mobile: +1.484.477.8649 *Collectively Creating a World of 3 Billion Maries | *http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos>
