Skip to content

TID Offline Authentication

1. Introduction

Offline authentication allows users to verify their identity without an active internet connection.
This is essential for fieldwork, travel, or areas with unreliable connectivity, such as truck drivers performing shift changes or onboarding tasks out of network coverage.


2. Conceptual Overview

  • Users register secure passkeys (FIDO2/WebAuthn) while online. (A passkey is a secure digital credential used for authentication.)
  • When offline, the app enables local authentication using stored credentials and configuration.
  • Authentication is performed using a challenge-response flow (a secure way to confirm identity) and verified locally using the user’s public key (a unique code that helps confirm the user’s identity).
  • Data is securely stored and managed for both single and multi-user scenarios.

3. How to Use Offline Authentication

  1. Use the SDK: Follow the instructions in the Trimble Identity SDK documentation to set up offline authentication in your app. (Technical setup is for developers.)
  2. User Redirection: When offline authentication is triggered, the SDK will redirect the user to the TID offline login page.
    TID Offline Login Page Offline Login page TID Offline Login Passkey Passkey prompt
  3. User Authentication: The user authenticates using their passkey. After successful authentication, the app receives a response confirming the user’s identity.

Example of Offline Web Authentication Response:

{
"id": "gfnjggQokvcDLJWNDMKw9g",
"rawId": "gfnjggQokvcDLJWNDMKw9g",
"response": {
"authenticatorData": "NF1uldMWPuDlEM6zLUDtbWu7I9XW7q4_d-g5DvEOMUkdAAAAAA",
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGVsZW5nZSI6IkhqQlhfX2ZiTHV6eTk1QUdSMzF5RUFSQTBFTXRLbFkwTnJWNW95M05RdyIsIm9yaWdpbiI6Imh0dHBzOi8vaWQtcWEuZGV2LmlkLnRyaW1ibGVjbG91ZC5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9",
"signature": "MEYCIQDewOkxOkPzaULspTCCps-fSr1PvZ2RVd99qAIujlE9IQIhAJi3NRhOxfPdIWN1fe3qPJaGxdaYdssK6O9r1Ixa6u7c",
"userHandle": "MDU3ZDk0MDYtODUzYS00Mjk3LWFjM2UtNDdkOTlkMmM2ZDY4"
},
"type": "public-key",
"clientExtensionResults": {},
"authenticatorAttachment": "platform"
}

4. Key Features of TID Offline Authentication

  • Secure login and authentication even when the device is offline.
  • Support for multiple users in a single app (up to 5 accounts).
  • Seamless switching between accounts.
  • All user data and credentials are encrypted and stored securely.
  • Offline authentication is available only for users who have signed in online at least once. TID Offline Switch User Switch between accounts

5. Offline Authentication Flow (Android & MAUI)

  1. User Onboarding: Users register their passkey while online.
  2. Network Check: The app checks for internet connectivity.
  3. Offline Authentication:
    • If offline, the app launches a cached offline authentication page.
    • The app generates a secure challenge and sends it to the offline page.
    • The user authenticates using their passkey.
    • The app verifies the authentication response using the stored public key and challenge.
    • On success, the app confirms the user’s identity and grants access to offline features.
    • Only authenticators that confirm user presence (for example, biometrics or device PIN) are supported in offline mode.
    • For shared devices used by multiple users, the most recommended method is to use a roaming authenticator such as a security key (e.g., YubiKey) for authentication, rather than a platform authenticator. This ensures credentials are not tied to a single device and can be securely managed across users.
    1. Online Authentication:
      • When network is restored, the app resumes the standard online sign-in flow.

6. Multi-User Support

  • The app can store up to 5 user accounts, each with their own credentials and authentication state.
  • The most recently used account becomes the active user.
  • Users can switch accounts; the app updates the active user and ensures secure access.
  • Account switching bypasses the SSO session (Single Sign-On, which allows users to access multiple services with one login); the app uses a prompt=login authorize request to reauthenticate and establish a new session for the selected user, ensuring proper isolation and security between user sessions.
  • If the user limit is reached, the app can remove the least recently used account or allow the user to remove one manually.

7. Data Security & Storage

  • All authentication data, credentials, and user information are encrypted and stored securely on the device.
  • Strong separation between users using unique identifiers.
  • Offline authentication is only available for users who have previously logged in online and registered their passkey.

8. Integration Flows

  • Deep Linking: The app uses a secure link to pass authentication data between the browser and the app. (Deep linking is a way to connect different parts of an app or website directly.)

9. Offline Authentication in TID MAUI SDK

  • The MAUI SDK supports offline authentication using the same principles: secure passkey registration, local verification, and encrypted storage.
  • When offline, the app verifies the user’s identity using stored credentials and issues a local token for access.
  • Minimal configuration is stored for verification (public key, origin, etc.).
  • Offline authentication is enabled via simple configuration options in the app settings.

10. Important Considerations & Limitations

  • Offline authentication will not work if the user clears cached data or credentials from the device/browser.
  • Only users who have registered their passkey online can use offline authentication.
  • Offline authentication provides secure, temporary access; some features may still require an online login.
  • The app ensures all data is encrypted and securely managed.

11. Summary

Offline authentication in Trimble Identity SDKs allows secure user verification and access to app features without internet connectivity. The solution supports multiple users, strong encryption, and seamless integration, making it ideal for fieldwork and remote scenarios.