Log Out and Clear Session Securely

• Given I am logged in and navigate to Settings, When I tap the logout option, Then a confirmation dialog is shown before proceeding
• Given I confirm logout, When the logout process runs, Then the auth session manager invalidates my Supabase session server-side
• Given logout completes, When I am redirected, Then I arrive at the auth method selector screen with no residual session state
• Given I attempt to navigate back after logout, When the back gesture is attempted, Then the navigation stack is cleared and I cannot return to authenticated screens
• Given I log out while biometric login was enabled, When logout completes, Then the biometric session token in secure storage is also cleared
• Given logout fails due to network error, When the error is caught, Then local session data is still cleared and I am logged out locally even if server-side revocation failed

Peer mentors handle sensitive contact information including health-related details about vulnerable individuals. A secure logout capability is essential to prevent unauthorized access if a device is lost, shared, or transferred. For organizations subject to GDPR and working with sensitive personal data, the ability to fully clear a session is both a legal and ethical requirement. This is especially important for the Norges Blindeforbund use case where peer mentors receive encrypted case assignments with sensitive personal data.

• Authentication Session Manager service
• Auth Token Store data
• Secure Session Storage data
• Secure Storage Adapter infrastructure
• Supabase Session Manager infrastructure
• Authentication Method Selector Screen ui

• Authenticate Using BankID critical
• Authenticate Using Vipps critical