We want to add a functionality in our app where we user can login into the application in offline mode. Please suggest how it can be done using CBL?
Regards
Pankaj Sharma
I don’t understand the question; can you explain? What do you mean by “login into the application”? Couchbase Lite isn’t related to launching your application, it’s just a database, and the only kind of login it does is connecting to the server. There’s no authentication needed to access the local database (unless it’s encrypted of course.)
I agree on your point. What We want to develop is user authentication in offline mode. Does Couchbase Mobile stack sync users data in CBL. If yes then how it can be used for authenticating a user.
User authentication in offline mode is an application level concern. Couchbase Lite does not make any assumptions about what kind of data it contains, and it does not have any knowledge of users. It only knows abstract data. The authentication you are referring to is only used during replication, and at no other time. The authentication happens on the server side, not the client side. So you need to develop this functionality yourself according to your needs.
It sounds like you want your app, on launch, to request the user’s server login credentials and authenticate against them. And this needs to work even if the device is offline?
Couchbase Mobile has no such functionality. The only thing Couchbase Lite uses a server password for is to authenticate to the server when making network connections. If you want to implement this feature you’ll need to do it yourself. One way I can think of is to encrypt the local database using the same password the user enters to log into the server.
(I actually think doing this would be a really bad idea. Users hate typing in passwords on mobile devices, and if required to do so they generally react by setting very short passwords that are either numeric or purely alphabetic, to make them easier to type. This is halfway acceptable for a password that has to be entered onscreen, but it’s terrible security for a password to be used on an Internet-facing server that’s susceptible to high-bandwidth attacks. It would be much better to secure the app with a separate PIN or passcode that’s used only locally. That’s the behavior of all the apps I personally use that require passcodes, like my banking and healthcare apps.)