I am building an application for Mobile using IBM MobileFirst 6.3. The app will work as follows:-
User has to enter username and password to access the application features.
JSON Store is being used to store the user data with encryption.
At first use of the application JSON Store will be created and it is protected by the User's password[JSON STORE KEY] upon the successful login.
Users are allowed to change the password in any environment[Mobile or Web].
Lets take a scenario, if the user has changed password in Web and he tries to login in Mobile app. Login will be successful but JSON Store cannot be initialized since the user has changed the password.
Mobile and web application uses the same webservice and we are not allowed to modify the webservice for mobile application.
How can we handle this scenario?
The answer to Worklight Online + Offline Authentication describes an approach that I think that could work in your scenario.