Navigation Shell Reacts to Authentication State Changes

• Given a user is authenticated and on any screen, when their Supabase session expires, then the navigation shell automatically redirects to the login screen and clears the authenticated navigation stack
• Given a user taps 'Log out', when the logout action completes, then the navigation stack is fully cleared and the login screen is shown with no back navigation possible to authenticated screens
• Given a user's session expired while they were away from the app, when they return and tap a push notification deep link, then they are shown the login screen first, and after authentication, they are taken to the deep link destination
• Given the Supabase auth provider emits a token refresh event, when the refresh succeeds silently, then the navigation shell does not reload or flash — the user experience is uninterrupted
• Given the user is on a tab that requires a specific role, when an admin changes their role in the backend and the Supabase realtime event arrives, then the navigation shell re-evaluates guards and navigates away from any newly restricted routes

Reactive authentication state management is a security requirement. Users who remain on authenticated screens after their session has expired could inadvertently interact with data operations that fail silently or expose cached sensitive information. For an app handling encrypted personal data (Blindeforbundet assignments, NDA documents, medical records), ensuring that unauthenticated state immediately triggers a navigation redirect is critical for data protection compliance and user trust.

• App Router Service service
• Navigation State Store data