Biometric Authentication (Face ID / Fingerprint)

Peer mentors register activities frequently throughout their workday, making fast and frictionless re-authentication essential to adoption. Requiring full BankID authentication every session would create unacceptable friction and drive users back to paper-based or Word-based workflows. Biometric authentication preserves security (credentials never leave the device's secure enclave) while dramatically lowering the interaction cost of each app session. This is especially important for the target demographic, which includes users with motor and cognitive impairments who benefit from reduced input requirements and touch-based authentication.

Implemented using the local_auth Flutter plugin, which wraps iOS LocalAuthentication (Face ID / Touch ID) and Android BiometricPrompt APIs. The Secure Credential Store uses Flutter Secure Storage to persist the refresh token, encrypted at rest using AES-256. On successful biometric verification, the stored refresh token is read and exchanged for a new access token via POST /api/v1/auth/refresh. The Biometric Auth Service handles capability detection (checks if biometrics are enrolled and available), fallback to PIN/password if biometrics fail, and graceful degradation on devices without biometric hardware. Users can disable biometric login from Settings.