User flow
Journey: app open → onboarding (first install only) → login → home.
App open
Onboarding (1st time only)
Login
Home
PO approval document
Screen intent and copy
- 3 onboarding slides
- Login actions: email/password, forgot password, social login, sign-up redirect
Visual language
Approved colors and typography from brand manual, with clear Do / Don’t examples.
Scope boundaries
Included now
3-slide onboarding, full login (email/password, social, forgot password, sign-up).
Deferred from v1
Biometric login and “Remember Me”. New backend endpoints or auth schema changes.
Acceptance checklist
Onboarding only on first install; Skip and Get Started lead to login.
Login with inline validation, loading and error states.
Forgot password, Apple/Google and sign-up link working.
Users who update the app do not see onboarding.
Implementation changes
Launch flow and one-time logic
- Add startup route decision before normal auth routing.
- Persist
onboarding_v1_seen=truewhen user taps Skip or Get Started. - “New installs only”: if existing app data is detected and key is missing, auto-mark onboarding as seen.
Onboarding module
- 3-slide PageView with dot indicator.
- Controls: Skip on slides 1–2, Get Started on final slide.
- Copy rule:
PROJECTS | PEOPLE | FUTURE
— For header and tagline
Spread the Good News — For supporting line
Brand tokens: #175A39 #007c42 #22a846 #a5dd47 #e6b84a #2F3131 — Background: #f1f8f4
Login module (BLoC pattern)
- Email/password login with inline validation and loading/error states.
- Forgot-password trigger flow.
- Social login buttons for Apple and Google.
- Sign-up redirect entry.
API usage (existing endpoints)
POST /api/auth/login
POST /api/auth/social
POST /api/auth/forgot-password
POST /api/auth/register
Keep existing refresh/logout handling via current Dio interceptor flow.
Interfaces / contracts
- New local storage flags (EncryptedSharedPreferences):
onboarding_v1_seen,onboarding_v1_migrated(names aligned to existing constants style). - Navigation updates via existing
onGenerateRoute; no routing library change. - No public API contract changes; frontend consumes current documented auth APIs.
Test plan
Fresh install: onboarding appears once; Skip/Get Started lead to login.
Relaunch after completion: onboarding never appears again.
Existing-user update: onboarding is bypassed.
Login: success, invalid credentials, account issues, network/server errors.
Forgot password: email submission confirmation behavior.
Social login: Apple/Google success and invalid token handling.
UX quality: mobile-first layout, accessible tap targets/contrast, login load under 2 seconds.
Assumptions and defaults
- Apple/Google OAuth credentials already exist per flavor/environment.
- Stitch link will provide final visual assets; until then use current brand-manual tokens and approved copy rule.
Estimate
After PO approval: 7+ working days of implementation.