Sign Out of Account Securely
The Settings screen includes an account management card containing a sign-out action. Tapping the sign-out button presents a confirmation dialog before executing the logout to prevent accidental sign-outs. On confirmation, the Supabase session is invalidated, locally cached preferences and session tokens are cleared from shared_preferences, and the user is navigated to the login screen. Biometric credentials stored on-device are preserved so the user can sign back in quickly with BankID or biometrics without re-entering full credentials.
User Story
Acceptance Criteria
- Given I tap the sign-out action in Settings, when the action is triggered, then a confirmation dialog appears asking me to confirm sign-out
- Given I confirm sign-out, when the action completes, then my Supabase session is invalidated and I am navigated to the login screen
- Given I confirm sign-out, when the action completes, then no sensitive user data remains accessible in the app without re-authentication
- Given I cancel the sign-out confirmation dialog, when I dismiss it, then I remain signed in and return to the Settings screen
- Given I sign out and then sign back in with BankID or biometrics, when authentication completes, then my previously saved preferences are restored from Supabase
Business Value
Secure sign-out is a fundamental security requirement, particularly relevant for coordinators and organization administrators who handle sensitive personal data and encrypted assignment information. Clear account management from the settings screen reduces support tickets about how to log out and ensures sessions are not abandoned with sensitive data accessible.
Components
- Settings Screen ui
- Settings Card Widget ui
- Preferences Service service