Authentication Methods (Passkeys) - Meander Platform | Generated by Eircodex v4.0

high complexity extracted Profile Management Confidence: 100%

8

Components

106

Shared

0

User Stories

Yes

Analyzed

Description

This feature enables users to register and use FIDO2 passkeys as an authentication method, providing a phishing-resistant, passwordless login experience backed by device biometrics or hardware security keys. The Passkey Setup Screen guides users through the passkey registration flow using the platform authenticator APIs on iOS (Sign in with Apple passkeys) and Android (Credential Manager). Once registered, passkeys can be used as the primary or supplementary authentication method on subsequent logins without requiring a password entry.

User Flow

Authentication Methods (Passkeys) user flow

Click to expand

Analysis

Business Value

Passkeys represent the modern standard for secure, user-friendly authentication and directly address the platform's accessibility and usability requirements. For peer mentors with motor impairments or cognitive challenges — a core constituency across NHF, Blindeforbundet, and HLF — eliminating the password entry step reduces login friction substantially. From a security perspective, passkeys are immune to phishing and credential stuffing attacks, reducing the risk of unauthorized access to sensitive peer mentor and contact data. Adopting passkeys positions Meander as a security-forward platform aligned with current FIDO Alliance and W3C WebAuthn standards, which is increasingly expected by enterprise and public-sector customers.

Implementation Notes

The Passkey Auth Service integrates with the Flutter local_auth and credential_manager packages to interact with the platform's FIDO2 authenticator APIs. The backend REST API must implement WebAuthn registration and authentication ceremonies, storing public key credentials per user in the database. The setup flow uses a guided wizard pattern on the Passkey Setup Screen with clear explanations of what a passkey is, minimizing cognitive load for less technical users. Error handling must cover scenarios where the device does not support passkeys, falling back gracefully to existing authentication methods. WCAG 2.2 AA compliance applies throughout: all prompts, dialogs, and confirmations must be screen-reader accessible and support keyboard navigation on devices where applicable.

Components (114)

User Interface (2)

ui Passkey Setup Screen medium ui Passkey Setup Screen high

Service Layer (2)

service Passkey Auth Service high service Passkey Auth Service high

Data Layer (2)

data Passkey Credential Store low data Passkey Credential Store medium

Infrastructure (2)

infrastructure WebAuthn Platform Adapter high infrastructure WebAuthn Platform Adapter high

Shared Components

These components are reused across multiple features

User Interface (12)

ui Role Guard Widget low Shared ui Peer Mentor Selector Widget low Shared ui Event Date & Time Picker Widget low Shared ui Proxy Target Selector Widget low Shared ui Contact Search Widget low Shared ui Reporting Period Selector Widget low Shared ui Accessibility Design System high Shared ui Accessibility Design System high Shared ui Focus Indicator Widget low Shared ui Approval Status Indicator low Shared ui Receipt Preview Widget medium Shared ui Report Filter Bar medium Shared

Service Layer (34)

service Auth API Client medium Shared service Password Policy Validator low Shared service Permission Validation Middleware high Shared service Activity Service medium Shared service Event API Client low Shared service Event Repository Service medium Shared service File Upload Service high Shared service Expense Type Service high Shared service Contact Service medium Shared service STT Service medium Shared service Keyboard Navigation Service medium Shared service Screen Reader Support Service high Shared service Screen Reader Support Service high Shared service Localization Service medium Shared service Localization Service medium Shared service Repository Data Source Router high Shared service Role Scope Resolver low Shared service Audit Log Service medium Shared service Audit Log Service medium Shared service Report Access Control Service medium Shared service Export Audit Logger low Shared service Report Export Service medium Shared service Report Export Service medium Shared service Terminology Context Provider medium Shared service Terminology Service medium Shared service Terminology Service medium Shared service Feature Registry Loader low Shared service Hierarchy Access Control Service high Shared service Hierarchy Scope Resolver medium Shared service Association Service medium Shared service Audit Log Service high Shared service DPA Content Provider low Shared service Cookie Consent Service medium Shared service Cookie Consent Service medium Shared

Data Layer (22)

data Token Store low Shared data Token Store low Shared data Secure Token Store medium Shared data Secure Token Store medium Shared data Activity Store low Shared data Event List Cache Store low Shared data Expense Type Store medium Shared data Contact Store low Shared data Contact Store low Shared data Notes Store low Shared data Assignment Count Store low Shared data Push Token Repository low Shared data Notification Audit Log Store low Shared data Push Token Store low Shared data Push Token Store low Shared data Organization Impact Settings Repository low Shared data Accessibility Preferences Store low Shared data Local SQLite Database high Shared data Sync Queue medium Shared data Report Store high Shared data Mobile Terminology Store medium Shared data Security Metrics Repository medium Shared

Infrastructure (38)

infrastructure Keychain/Keystore Adapter low Shared infrastructure JWT Claims Extractor low Shared infrastructure Organization Labels Adapter low Shared infrastructure Keychain/Keystore Adapter low Shared infrastructure Auth API Client medium Shared infrastructure REST API Client medium Shared infrastructure WCAG Accessibility Adapter low Shared infrastructure Registration API Client low Shared infrastructure Accounting API Client high Shared infrastructure PDF Renderer Adapter medium Shared infrastructure File Share Adapter low Shared infrastructure FCM/APNs Adapter high Shared infrastructure Share Sheet Adapter low Shared infrastructure Share Plus Adapter low Shared infrastructure Platform Accessibility Bridge medium Shared infrastructure Semantics Override Adapter high Shared infrastructure URL Launcher Adapter low Shared infrastructure Markdown Content Renderer low Shared infrastructure Network Connectivity Monitor low Shared infrastructure Expense Receipt Storage Adapter low Shared infrastructure Audit Log Writer low Shared infrastructure Feature Flag Checker low Shared infrastructure Logo Upload Adapter low Shared infrastructure Terminology Constants Registry low Shared infrastructure Feature Flag Cache Adapter low Shared infrastructure Org Scope JWT Resolver medium Shared infrastructure Association Audit Logger low Shared infrastructure Token Blocklist medium Shared infrastructure Analytics Tracker low Shared infrastructure SEO Metadata Config low Shared infrastructure Analytics Tracker low Shared infrastructure Analytics Tracker low Shared infrastructure Sales Analytics Tracker low Shared infrastructure Email Provider Adapter low Shared infrastructure Terms of Service Content Provider low Shared infrastructure Legal PDF Asset Provider low Shared infrastructure Consent-Gated Script Loader low Shared infrastructure Legal Page Layout low Shared

User Stories

No user stories have been generated for this feature yet.