Auth - SankethBK/diaryvault GitHub Wiki

DiaryVault is designed to work fully offline (internet connection is required during signup).

Signup: We only support username + password during signup. After a successful signup, the data is stored in firebase and then in local SQFlite table named Users.

Login: We support username+password, PIN and fingerprint login (if enabled).

1. When a username+password login is attempted, it first gets validated with data stored in Users table. On success, user is logged in.
2. If there is password mismatch in local Users table, firebase/appwrite login would be attempted (because there is a possibility that password was changed from some other device and local data is stale). If firebase/appwrite login is successful, data in local Users table is updated and user would be logged in.
3. Fingerprint login is disabled by default, it can be enabled in app settings. We store the id of last logged in user in shared preferences. If fingerprint login is attempted and successful, user with lastLoggedInUserId would be logged in.
4. PIN Login: Users can setup a 4-digit PIN which can be used to login. PIN is stored as hashed value in shared preferences.

Login as Guest: Guest login will allow users to use the app without creating account. lastLoggedInUserId will be hardcoded to guest_user_id to distinguish guest user from an actual user. Set of functionality will be limited for guest user, as some features require user account to work.

Other features like forgot password, reset email and reset password are supported with the help of Firebase.