Dop/update doc lib

[doneill]

Fix for #19 & #20

[zinfin]

I think this a little clearer... When handling sensitive data on a mobile device, storing credentials on the device is not advised. In these cases you authenticate the user, get the credentials, and keep the credentials in memory. When a user closes the app, the memory is cleaned up, and the credentials will be gone forcing users to log into the app every time they open it. This is a good practice, but there are times when an app’s usability trumps this workflow. Instead, the app can minimize authentication prompts by storing credentials locally. The MapBook app demonstrates this pattern by using the DefaultAuthenticationManager in combination with an OAuth2 workflow and the Android KeyStore. By default, the DefaultAuthenticationManager stores OAuth2 access and refresh tokens using an in-memory CredentialCache. User passwords are never stored in the cache or on the device. The contents of the CredentialCache are encrypted using [Advanced Encryption Standard AES] (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) and stored on the device in the KeyStore. This workflow is used in the the Mapbook app to allow the app to automatically check for updates to the mobile map package on a server.

[doneill]

@zinfin Ok looks good, I will update with one slight variation of This is a good practice, but there are times when an app’s usability is preferred over this workflow over the following:

This is a good practice, but there are times when an app’s usability trumps this workflow

[doneill]

merged to dev with #21