Enroll Device Biometrics After First Login

• Given a user who has just completed their first BankID or Vipps login, when the session is established, then the app presents a biometric enrollment prompt with a clear explanation of its purpose
• Given a user who accepts biometric enrollment, when they complete the biometric challenge successfully, then an encrypted token reference is stored in Flutter Secure Storage and enrollment is confirmed
• Given a user who declines biometric enrollment, when they dismiss the prompt, then the app proceeds to the home screen without enrolling and does not repeatedly prompt during the same session
• Given a device where biometrics are not enrolled at the OS level, when the app attempts to offer biometric enrollment, then it displays a message directing the user to set up Face ID or fingerprint in device settings
• Given a device that does not support biometrics, when the enrollment prompt would normally appear, then it is silently skipped and BankID/Vipps becomes the only authentication path
• Given a user who enrolls biometrics, when they subsequently open the app, then the biometric prompt appears instead of the BankID/Vipps selection screen

Peer mentors log activities multiple times per day — every additional second of authentication friction directly contributes to underreporting, which is the primary problem the app solves. Biometric enrollment after first login reduces the daily authentication burden from a 15-30 second BankID/Vipps flow to a sub-second Face ID or fingerprint scan, dramatically improving usability for repeat users and reducing drop-off on activity registration.

• Biometric Auth Screen ui
• Biometric Auth Service service
• Auth Token Repository data