Hi,

Please review the plan and let me know any changes needed.

Module 1 approval plan: One-time onboarding + Login

PO approval document

• User journey: App open → onboarding (first install only) → login → home.
• Screen intent and copy: 3 onboarding slides + login actions (email/password, forgot password, social login, sign-up redirect).
• Visual language: Approved colors and typography from brand manual, with clear “Do/Don’t” examples.
• Scope boundaries: What is included now vs intentionally deferred.
• Acceptance checklist.

Implementation changes

Launch flow and one-time logic:

• Add startup route decision before normal auth routing.
• Persist onboarding_v1_seen=true when user taps Skip or Get Started.
• Enforce “new installs only”: if existing app data is detected and key is missing, auto-mark onboarding as seen.

Onboarding module:

• 3-slide PageView with dot indicator.
• Controls: Skip on slides 1–2, Get Started on final slide.
• Copy rule: header/tagline uses PROJECTS | PEOPLE | FUTURE; supporting line uses Spread the Good News.
• Brand tokens: #175A39, #007c42, #22a846, #a5dd47, #e6b84a, #2F3131, background #f1f8f4.

Login module (BLoC pattern):

• Email/password login with inline validation and loading/error states.
• Forgot-password trigger flow.
• Social login buttons for Apple/Google.
• Sign-up redirect entry.

API usage (existing endpoints):

• POST /api/auth/login (email, password)
• POST /api/auth/social (provider, idToken, optional name)
• POST /api/auth/forgot-password (email)
• POST /api/auth/register (handoff path from sign-up)
• Keep existing refresh/logout handling via current Dio interceptor flow.

Deferred from v1:

• Biometric login and Remember Me.
• New backend endpoints or auth schema changes.

Interfaces / contracts

• New local storage flags in EncryptedSharedPreferences: onboarding_v1_seen, onboarding_v1_migrated (names aligned to existing constants style).
• Navigation updates via existing onGenerateRoute; no routing library change.
• No public API contract changes; frontend consumes current documented auth APIs.

Test plan

• Fresh install: onboarding appears once; skip/get started both lead to login.
• Relaunch after completion: onboarding never appears again.
• Existing-user update: onboarding is bypassed.
• Login success/failure: valid login, invalid credentials, account issues, network/server errors.
• Forgot password: email submission confirmation behavior.
• Social login: Apple/Google success + invalid token failure handling.
• UX quality: mobile-first layout, accessible tap targets/contrast, login load target under 2 seconds.

Assumptions and defaults

• Apple/Google OAuth credentials already exist per flavor/environment.
• Stitch link provides final visual assets; until then, use current brand-manual tokens and approved copy rule.

3. Estimated implementation after PO approval: 7+ working days.

Thanks,
Hari Prasath G