powerauth-mobile-sdk
powerauth-mobile-sdk copied to clipboard
Implement better support for offline signatures
Currently, it is very easy for the app programmer to allow user lock-in in case of offline signatures. If more than 20 signatures are calculated on the device without being used, the counter will lose synchronization forever. While this can be handled on the client application level, for example, by counting the number of computed offline signatures, let's consider if this shouldn't be embedded in the SDK directly to enforce this on the client app side.
For example, we can provide:
- an
offlineSignatureStatus()
method that would return if offline signatures are available and if they are, how many more there are remaining. - the
resetOfflineCounter()
to reset the number of remaining offline signatures. - the
offlineSignature(...)
method could return error code in case it is called and there are no remaining signatures left.
As a benefit, we could automatically reset the number of remaining offline signatures whenever we call activationStatus
and the server counter is equal to the client-side counter, lifting another burden from the client app developer (resetting the counter at the right time).