Continue Using the App Offline After Biometric Authentication
Peer mentors may conduct visits in rural areas, care homes, or other locations with poor connectivity. After successful biometric authentication during an online session, the app should cache sufficient state to allow continued offline use including activity registration and contact viewing (for non-encrypted fields). The biometric check itself can be performed locally via the device's biometric hardware without requiring a server round-trip. Session validity checks that require network should be deferred until connectivity is restored, with the cached session used in the interim.
User Story
Audience Summaries
Peer mentors serving elderly, disabled, and isolated individuals frequently operate in rural areas, care homes, and other locations with unreliable or absent mobile connectivity. If the authentication and activity registration flows require a live network connection, the app fails precisely when its value is highest — during an in-person visit. This story ensures that after a successful online biometric authentication, the app continues to function offline for core tasks: activity registration and non-encrypted contact viewing. Queued registrations sync automatically when connectivity returns.
This capability is essential for achieving the low-friction registration goal across all partner organizations and directly supports volunteer retention, since mentors who encounter offline failures are less likely to maintain consistent logging habits.
Offline biometric authentication and session caching introduces cross-cutting concerns spanning authentication, data sync, and UI state management, making this a moderately complex story despite its medium priority. Delivery depends on the base biometric authentication story (peer-mentor-004) being complete. The team must define a clear sync queue implementation (likely leveraging a local SQLite or AsyncStorage layer), handle conflict resolution when queued registrations arrive after connectivity restores, and implement a non-alarming offline indicator across all relevant screens. Testing must cover offline app relaunch, mid-session connectivity loss, return-to-online sync, and the specific restriction that encrypted contact details require connectivity.
Device lab testing across Android and iOS on real low-connectivity networks is strongly recommended. Stakeholder sign-off on the encrypted-content-offline messaging is needed from Blindeforbundet before delivery.
This story requires four coordinated subsystems: (1) a local biometric check that bypasses the Supabase session validation round-trip when offline, using cached credentials or a locally stored session token with an expiry window; (2) a sync queue (e.g., a local database table or AsyncStorage queue) that persists activity registrations and flushes them when NetInfo reports connectivity restored; (3) a connectivity-aware data layer that serves cached responses for non-sensitive endpoints and blocks decryption of encrypted fields when offline; and (4) a NetInfo listener that triggers background session refresh against Supabase when the device comes online without interrupting the active user session. The biometric library must be invoked in a context where no network call is made for the check itself. Edge cases include token expiry during extended offline periods, partial sync failures, and users who relaunch the app in airplane mode. End-to-end tests should simulate offline relaunch, queue flush, and the encrypted-content restriction.
Acceptance Criteria
- Given I am authenticated and then lose network connectivity, When I try to register an activity, Then the registration flow works normally and data is queued for sync
- Given I am offline and the app is relaunched, When I authenticate with biometrics, Then the local biometric check succeeds and I can access the app using cached data
- Given I am offline after biometric authentication, When I navigate to a screen requiring live data, Then I see a clear non-alarming offline indicator and can view cached data where available
- Given I come back online after offline usage, When connectivity is restored, Then queued activity registrations sync automatically and I am notified of sync completion
- Given biometric authentication succeeds offline, When the device goes online, Then the session is validated with the Supabase backend and refreshed if needed without interrupting the user
- Given I attempt to access encrypted contact details while offline, When the screen loads, Then I see a message that encrypted content requires connectivity and am offered available cached information
Business Value
Peer mentors serving elderly, disabled, and isolated individuals often work in locations without reliable mobile data. If authentication requires a network round-trip, the app becomes unusable precisely when it is most needed. Offline biometric authentication combined with local session caching ensures the activity registration flow — the app's core value — works regardless of connectivity. This is critical for achieving the low-friction registration goal across all partner organizations.
Components
- Biometric Authentication Service service
- Local Auth Integration infrastructure
- Session Resume Manager service
- Secure Session Storage data
- Supabase Session Manager infrastructure
- Local Storage Adapter infrastructure
- Local Storage Adapter infrastructure
- Offline Contact Search Repository data
- Contact Cache Sync Repository data
- Summary Offline Cache data
- Biometric Authentication Service service