🏠 Overview ✅ Implementation Tasks ✅ epic-bankid-vipps-login-ui-task-008

Biometric Auth Screen — fallback routing and unsupported device handling

epic-bankid-vipps-login-ui-task-008 — Add fallback logic to the Biometric Authentication Screen for devices where biometrics are unavailable or not enrolled. When biometrics are unsupported, display a clear explanation banner and route the user to BankID or Vipps re-authentication. When biometrics are available but not enrolled, show a prompt encouraging setup with a deep-link to device settings. Handle biometric lockout after multiple failures gracefully.

high priority medium complexity frontend pending frontend specialist Tier 2

Acceptance Criteria

When the device has no biometric hardware, a banner is displayed with plain-language explanation (e.g., 'This device does not support biometric login') and a single CTA routing to BankID or Vipps re-authentication
When biometric hardware exists but no biometrics are enrolled, the screen shows an enrollment prompt with a button that deep-links directly to the device's biometric settings (iOS Settings > Face ID & Passcode, Android Settings > Biometrics)
After 3 consecutive biometric failures the screen enters lockout state, dismisses further auth attempts, and navigates to the method selector screen with a toast message explaining why the session was reset
All three states (unsupported, not enrolled, locked out) are distinct UI states managed via BLoC events — no ad-hoc conditionals inside build()
Fallback routing preserves any post-login deep-link target so the user lands on the intended screen after re-authenticating via BankID or Vipps
The explanation banner and enrollment prompt meet WCAG 2.2 AA contrast (4.5:1 for text) and have correct Semantics labels for screen readers
Unit tests cover all three fallback state transitions: BiometricUnsupportedState, BiometricNotEnrolledState, BiometricLockedOutState
The deep-link to device settings is platform-conditional and gracefully no-ops on simulators/emulators without crashing

Technical Requirements

frameworks
Flutter
BLoC
local_auth (flutter plugin)
apis
LocalAuthentication.isDeviceSupported()
LocalAuthentication.getAvailableBiometrics()
AppSettings.openSecuritySettings() or platform channel for deep-link
data models
AuthSessionState
BiometricCapabilityStatus
performance requirements
Capability check must complete within 200ms so the fallback state is visible before the user notices a blank screen
State transitions must not cause visible jank — use const constructors on all static banner widgets
security requirements
Do not cache or log the biometric check result to persistent storage — re-evaluate on each screen mount
Lockout counter must be session-scoped, not persisted, to avoid leaking device usage metadata
Deep-link to system settings must not pass any user PII in the URL
ui components
BiometricFallbackBanner — explanation card with icon and CTA
EnrollmentPromptCard — motivational prompt with Settings deep-link button
LockoutStateOverlay — dismisses further interaction and shows countdown or redirect message

Execution Context

Execution Tier
Tier 2

Tier 2 - 518 tasks

Can start after Tier 1 completes

Implementation Notes

Use the BLoC pattern with a dedicated BiometricAuthBloc. On screen init, dispatch a CheckBiometricCapability event; the bloc calls a BiometricService abstraction (wraps local_auth) and emits the appropriate state. Avoid putting platform logic directly in the widget tree. For the iOS deep-link use 'App-Prefs:root=TOUCHID_PASSCODE', for Android use AndroidIntent with Settings.ACTION_SECURITY_SETTINGS — wrap in a platform channel or use the app_settings package if already in dependencies.

The lockout counter (failureCount) lives in the BLoC state, not in shared preferences. When navigating back to the method selector after lockout, push-replace so the back button does not return to the locked screen. The not-enrolled enrollment prompt should be non-blocking — users can dismiss it and still proceed to BankID/Vipps without setting up biometrics.

Testing Requirements

Unit tests (flutter_test) for all BLoC state transitions: emit BiometricUnsupportedState when isDeviceSupported returns false; emit BiometricNotEnrolledState when supported but no biometrics enrolled; emit BiometricLockedOutState after 3 auth failures. Widget tests verify the correct widget subtree renders for each state and that the CTA button navigates to the correct route. Integration test (added in task-012) covers the full fallback path: biometric screen → locked out → method selector. Mock local_auth responses using a FakeBiometricService injected via constructor to avoid platform dependency during CI.

Component
Biometric Authentication Screen
ui medium
Dependencies (1)
Implement the Biometric Authentication Screen using the Flutter local_auth package. The screen must show a branded prompt explaining why biometric authentication is requested, trigger the OS-native Face ID or fingerprint dialog, and pass the authentication result to BiometricAuthService. The screen must only display on subsequent logins after initial BankID or Vipps authentication has completed successfully. epic-bankid-vipps-login-ui-task-007
Epic Risks (3)
high impact medium prob technical

BankID on mobile uses a WebView or external app redirect that has known compatibility issues with Flutter's WebView package on certain Android versions. BankID's JavaScript-heavy broker pages may also trigger CSP or mixed-content errors in a Flutter WebView, preventing the authentication flow from completing.

Mitigation & Contingency

Mitigation: Use the flutter_inappwebview package (more mature than webview_flutter for complex OAuth pages) and validate BankID WebView rendering on the broker's test environment before integrating with the service layer. Prefer external browser redirect where the broker supports it.

Contingency: If WebView approach fails for certain BankID brokers, implement the full external browser redirect + deep link callback pattern as the primary flow and treat WebView as a fallback only.

medium impact medium prob technical

The OAuth redirect flows (both Vipps and BankID) temporarily move the user outside the Flutter app into an external browser or the Vipps/BankID app. Screen reader users may lose focus context during this transition and become disoriented when the app callback returns them to the loading state, failing the WCAG 2.2 AA mandate.

Mitigation & Contingency

Mitigation: Implement explicit accessibility announcements (live region announcements) at each transition point: when launching the external flow ('Opening Vipps'), during the loading wait state ('Waiting for Vipps confirmation'), and on return ('Login successful' or 'Login failed — please try again'). Test with VoiceOver on iOS and TalkBack on Android during development.

Contingency: If OAuth transition accessibility is unresolvable on a specific platform, add an explicit accessibility user guide in the onboarding flow explaining the external app redirect behavior to set user expectations.

low impact high prob technical

Biometric UI varies significantly across devices — Face ID (iPhone), fingerprint sensor (most Android), front-facing camera biometrics (some Android), and devices with no biometrics at all. Flutter's local_auth handles the OS dialog but the surrounding UI must gracefully handle all these cases, and testing coverage for all permutations is difficult.

Mitigation & Contingency

Mitigation: Use local_auth's getAvailableBiometrics() to detect the exact biometric type and render appropriate iconography (Face ID icon vs. fingerprint icon). For devices with no biometrics, skip the biometric screen entirely and route directly to full re-authentication.

Contingency: If a specific device configuration produces unexpected local_auth behavior in production, implement a user-accessible toggle in Settings to disable biometric login entirely, routing those users to the standard BankID/Vipps flow without biometrics.

Quick Links
All Tasks Execution Plan