Log Out and Clear Session Securely

The peer mentor can initiate a logout from the settings screen. Upon logout, the auth session manager invalidates the Supabase session, clears the auth token store, removes the biometric session token from secure storage, and navigates the user back to the authentication method selector. If Vipps was used for login, any Vipps access tokens are also revoked. The logout process is synchronous from the user's perspective — the secure storage is cleared before the nav transition completes.

HIGH story-bankid-vipps-login-peer-mentor-008 3 pts

Story Points

High

Priority

BankID and Vipps Login

Feature

User Story

As a Peer Mentor (Likeperson)

I want to log out of the app and have my session and locally stored credentials cleared

So that my account cannot be accessed by someone else who picks up my device

Audience Summaries

Secure logout is a non-negotiable trust and compliance requirement for any platform handling sensitive personal data about vulnerable individuals. Peer mentors receive encrypted case assignments containing health-related details subject to GDPR, meaning incomplete session termination represents direct legal exposure for partner organizations like Norges Blindeforbund. A robust logout capability protects the organization from data breach liability, reinforces user trust in the platform's security posture, and demonstrates regulatory commitment to data minimization and access control. For device-sharing or device-loss scenarios — common among volunteer peer mentors — the ability to fully clear all session state including biometric tokens and Vipps access tokens is the primary safeguard against unauthorized access to sensitive caseloads.

This feature is foundational to Phase 2 partner adoption and organizational compliance sign-off.

This high-priority story has direct dependencies on the BankID login story and the Vipps authentication story, meaning it cannot enter development until both upstream auth flows are stable and testable. Delivery complexity is moderate-to-high: the logout flow must coordinate across multiple subsystems — Supabase session invalidation, local token store clearing, secure storage wipe, and conditional Vipps token revocation — all executed synchronously before the navigation transition. QA must cover at least six distinct acceptance criteria including network failure resilience (local clear must succeed even when server-side revocation fails), biometric session token removal, and navigation stack clearing to prevent back-gesture re-entry into authenticated screens. A confirmation dialog adds a user-acceptance step that must be included in UAT scripts.

Rollout risk is low if dependencies land on schedule, but any slippage in BankID or Vipps integration will block this story. Recommend staging logout QA alongside auth flow QA to avoid a bottleneck.

Implementation requires coordinating four distinct cleanup operations within the AuthSessionManager: (1) server-side Supabase session invalidation via the Supabase client's signOut API, (2) clearing the in-memory auth token store, (3) removing the biometric session token from the device's secure storage (e.g., Expo SecureStore or equivalent), and (4) conditionally revoking Vipps access tokens if Vipps was the login provider. The entire sequence must be synchronous from the user's perspective — the UI must not transition to the auth method selector until secure storage is confirmed cleared. Network failure during server-side revocation must be caught and handled gracefully: local session data is always cleared regardless of server response. The navigation stack must be fully reset (not just navigated away from) so back gestures cannot return the user to authenticated screens.

Edge cases include logout during active biometric session, logout with no network, and logout when Vipps token has already expired. Integration tests should mock each failure mode independently.

Acceptance Criteria

Given I am logged in and navigate to Settings, When I tap the logout option, Then a confirmation dialog is shown before proceeding
Given I confirm logout, When the logout process runs, Then the auth session manager invalidates my Supabase session server-side
Given logout completes, When I am redirected, Then I arrive at the auth method selector screen with no residual session state
Given I attempt to navigate back after logout, When the back gesture is attempted, Then the navigation stack is cleared and I cannot return to authenticated screens
Given I log out while biometric login was enabled, When logout completes, Then the biometric session token in secure storage is also cleared
Given logout fails due to network error, When the error is caught, Then local session data is still cleared and I am logged out locally even if server-side revocation failed

Business Value

Peer mentors handle sensitive contact information including health-related details about vulnerable individuals. A secure logout capability is essential to prevent unauthorized access if a device is lost, shared, or transferred. For organizations subject to GDPR and working with sensitive personal data, the ability to fully clear a session is both a legal and ethical requirement. This is especially important for the Norges Blindeforbund use case where peer mentors receive encrypted case assignments with sensitive personal data.

Components

Authentication Session Manager service
Auth Token Store data
Secure Session Storage data
Secure Storage Adapter infrastructure
Supabase Session Manager infrastructure
Authentication Method Selector Screen ui

Dependencies

Authenticate Using BankID critical
Authenticate Using Vipps critical

BankID and Vipps Login

Related Feature

Peer Mentor (Likeperson)

User Role