Log out securely
The logout action is accessible from the app's settings menu. When triggered, the Auth Service calls Supabase Auth's sign-out method, which revokes the active session server-side and clears all locally stored tokens via the Auth Repository. The user is navigated to the login screen with no residual authenticated state. The logout confirmation may include a brief dialog for users who tap logout accidentally. This is especially important for shared devices and for maintaining data security given that the app handles sensitive personal information about vulnerable users.
User Story
Acceptance Criteria
- Given an authenticated user in the settings screen, when they tap Log Out, then a confirmation dialog or direct logout action clears the session and navigates to the login screen
- Given logout is confirmed, when the Auth Service processes the request, then the Supabase session is revoked server-side and all local tokens are removed from Flutter Secure Storage
- Given a successful logout, when the user presses the back button or navigates to any protected route, then they are redirected to the login screen
- Given a network failure during logout, when the Supabase revocation call fails, then local tokens are still cleared and the user is navigated to the login screen with an informational message
- Given a logged-out state, when the app is reopened, then no session is detected and the login screen is shown
Business Value
Secure logout is a fundamental security control required when handling sensitive health and personal data about vulnerable individuals. The app processes sensitive assignment data, contact information, and personal health details — ensuring sessions are fully terminated protects both users and the individuals they serve. Proper logout also satisfies baseline GDPR data protection expectations and prevents unauthorized access on shared or lost devices.
Components
- Auth Service service
- Auth Repository data
- Supabase Auth infrastructure