Be Prompted to Re-Authenticate When My Session Becomes Sensitive

Not all app actions carry the same sensitivity. Registering a 30-minute activity is low-risk; accessing an encrypted contact assignment with personal health details is high-risk. The biometric prompt overlay should be triggerable on a per-action basis for elevated-sensitivity operations, rather than only at app launch. This step-up authentication pattern is especially important for Blindeforbundet's encrypted contact assignment workflows and NHF's sensitive field display requirements. The biometric prompt must be dismissible with a fallback to password for accessibility.

MEDIUM story-biometric-session-authentication-peer-mentor-005 5 pts

Story Points

Medium

Priority

Biometric Session Authentication

Feature

User Story

As a Peer Mentor (Likeperson)

I want to be asked to re-authenticate with biometrics when I access sensitive operations like viewing encrypted contact details or submitting expense claims

So that the app protects sensitive data while still allowing low-friction access to routine registration tasks, without requiring me to log in and out repeatedly

Audience Summaries

This story directly enables Blindeforbundet's encrypted contact assignment workflows and NHF's sensitive field protection requirements by introducing step-up biometric authentication — a targeted re-authentication prompt triggered only for high-sensitivity actions, not at every app launch. This preserves the low-friction user experience that drives peer mentor engagement while satisfying data protection obligations for personal health and contact information. By implementing this pattern now, the platform establishes a GDPR-compliant audit trail for sensitive data access, reducing regulatory risk and strengthening the trust of partner organizations. It positions the app as enterprise-grade for disability sector NGOs, supporting contract renewals and expansion to new partners who require demonstrable security controls without usability trade-offs.

This story carries medium complexity and touches the authentication layer, screen navigation lifecycle, and accessible UI components simultaneously. Delivery requires close coordination between mobile developers, the UX team (for accessible prompt design and focus management), and security stakeholders at Blindeforbundet and NHF who define which screens qualify as sensitive. Acceptance criteria include screen reader semantics, fallback password flows, per-session caching of step-up results, and graceful degradation when biometric hardware is unavailable — each representing a distinct test scenario. Dependencies on the base biometric session authentication stories (peer-mentor-001 and peer-mentor-004) must be resolved before this work begins.

UAT should involve assistive technology users to validate focus management. Rollout risk is low if the caching mechanism is scoped correctly to avoid over-prompting.

Implementation requires a per-route or per-component trigger mechanism that invokes the device biometric API (e.g., expo-local-authentication or react-native-biometrics) outside the standard app-launch auth flow. A SensitiveScreenGuard component or higher-order hook should wrap qualifying screens, checking a step-up auth cache keyed to the current navigation context before rendering decrypted content. The cache must be invalidated on navigation away from the sensitive screen. Fallback to password must integrate with the existing credential validation flow.

Accessibility requirements demand that the overlay uses appropriate ARIA roles and moves focus programmatically. Edge cases include biometric hardware absence, concurrent navigation events, and race conditions between the prompt lifecycle and screen unmount. Unit tests should cover all six acceptance criteria branches; integration tests should verify that encrypted fields remain hidden if authentication is cancelled or fails.

Acceptance Criteria

Given I am in an active session and navigate to a screen that displays encrypted personal data, When the screen loads, Then a biometric prompt overlay is displayed before the sensitive content is revealed
Given the biometric step-up prompt is shown, When I authenticate successfully, Then the sensitive content is decrypted and displayed immediately
Given the biometric step-up prompt is shown, When I cancel or fail biometric authentication, Then the sensitive content remains hidden and I am offered a password fallback or navigation back
Given I am using a screen reader, When the biometric step-up prompt appears, Then the prompt is announced with appropriate semantics and focus is managed correctly
Given biometric step-up is triggered, When I complete authentication, Then the step-up result is cached for the current screen session so I am not re-prompted within the same navigation context
Given biometric hardware is unavailable, When a sensitive screen is accessed, Then I am prompted to enter my password as the step-up authentication method instead

Business Value

Blindeforbundet's encrypted contact assignment feature requires sending sensitive personal information (names, addresses, health summaries) to peer mentors. NHF requires a warning when sensitive fields are read aloud by screen readers. Step-up biometric authentication satisfies these data protection requirements without forcing full logout and re-login, preserving the low-friction user experience. This also supports future GDPR compliance for sensitive data access logging.

Components

Biometric Prompt Overlay ui
Biometric Authentication Service service
Local Auth Integration infrastructure
Biometric Authentication Service service
Encrypted Field Display Widget ui
Field Encryption Utilities infrastructure
Sensitive Field Warning Dialog ui
Sensitive Field Privacy Guard service
Live Region Announcer ui
Biometric Authentication Service service

Dependencies

Biometric Session Authentication

Related Feature

Peer Mentor (Likeperson)

User Role