My current setup is:
Multipage Applications JSP, JS and CSS PWA is URLs precached
I have kind of a unique usecase here:
Phones that are used to connect to the app might be shared Connections are very unstable (sometimes no connection for half a day) Data should be accessible through the interface only by an authenticated user The data should be accessible after the first login for each user Users are not really tech sure PWAs use JavaScript and therefore do have a restricted possibilities for encryption.
What could be a good idea to store user credentials on the device even if they are encrypted, especially when using JavaScript?
What kind of flow is recommend? I thought about creating a unique token that the user successfully logged in. It is stored encrypted together with the username. This token in combination with the username can then be used to relogin as long the application is offline. As soon as the app is online again the user is asked to login with its real credentials? If this succeeds the token is deleted and a new one is created (and shown to the user) when the user logs out.
What kind of flow is recommend?