This is in no way a criticism, but I feel like the authentication process in CBL is backwards.
Currently, our application takes a username/password and attempts to open a database with that username. We are also using encryption with the key as the user’s password. So, when the database is opened and the password is incorrect, an exception is thrown. However, if the database opens, then the replicators are started and we then check if the server gives an authentication error.
It seems kind of wrong that the user can decrypt the database, but then has to check against the server that they are still authenticated. Shouldn’t there just be a call to the server with the user/pass to authenticate, then open the database?
Then what happens if the user is not connected to any network? They cannot use the app because they can’t authenticate with a server? Not everyone is going to encrypt the app and not everyone is going to use a password on their authentication. Even if they do they might not use the same phrase for whatever reason. It is just a matter of not being able to know what your app wants to do at the library level.
I guess it does depend on what you want to do with the app. If you’re not connecting to a backend then the current implementation is fine, but if you want to maintain sync users then surely the first time they login/sign up, they need a connection to the network, and a database should not be created until they are logged in. After that, the app can store a cookie for offline use.