🏠 Overview 🎯 Features 🎯 Email & Password Login

Email & Password Login

Feature Detail

medium complexity extracted Authentication & Access Control Confidence: 100%
5
Components
4
Shared
0
User Stories
Yes
Analyzed

Description

Email and password login is the MVP authentication mechanism for the Meander platform, providing standard credential-based sign-in for peer mentors, coordinators, and organization admins on both the mobile app and admin portal. The flow covers registration, sign-in, and password recovery via email. It serves as the universal baseline authentication layer before BankID and Vipps integrations are introduced in Phase 2, enabling the platform to ship on schedule without dependency on third-party certification timelines or the recurring per-organisation costs associated with Vipps.

Sources & reasoning

Lines 42 and 319 both explicitly mark email/password as the MVP authentication method while deferring BankID and Vipps to Phase 2. Phase 1 = MVP by ordinal mapping. The feature is foundational - no other platform capability works without authenticated sessions.

  • docs/source/likeperson.md · line 42
    MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2
  • docs/source/likeperson.md · line 319
    E-post/passord innlogging (BankID/Vipps i fase 2)

Analysis

Business Value

Email and password authentication is the foundational access layer that enables every other platform capability - no user can register activities, manage contacts, or run reports without first being able to sign in. It is the only credential method that is universally available, works without third-party dependencies, and carries no per-month licensing cost. Launching with email/password lets the platform reach all five partner organisations on schedule while BankID and Vipps - which require Norwegian certification processes and shared cost negotiations - are prepared in parallel. Reducing authentication risk at launch is essential given that all four real organisations must migrate from existing Word/Excel workflows simultaneously.

Implementation Notes

Built inside the Authentication Module (Product 3), which must stay decoupled and extractable into a standalone service at any time. Passwords stored as bcrypt hashes with appropriate cost factor; plaintext never written to logs or database. The module issues short-lived JWT access tokens and rotating refresh tokens; the mobile app stores tokens in flutter_secure_storage while the admin portal uses HTTP-only cookies. Password recovery sends time-limited single-use tokens via transactional email. The sign-in contract (sign-in, sign-out, refresh, identity lookup) must be stable so BankID and Vipps providers can be added later without forcing consumer changes.

Components (9)

User Interface (3)

ui ForgotPasswordScreen medium ui LoginScreen medium ui RegisterScreen medium

Service Layer (1)

service AuthService medium

Data Layer (1)

data TokenRepository medium

Shared Components

These components are reused across multiple features

User Stories

No user stories have been generated for this feature yet.