From 3dc7dc93d8c82894cc90b1756e20ec6138a7e31f Mon Sep 17 00:00:00 2001
From: Luis Nachtigall <31982496+LeLunZ@users.noreply.github.com>
Date: Tue, 21 Apr 2026 22:52:00 +0200
Subject: [PATCH] fix(mobile): clear local data on forced logout (#27957)

---
 mobile/lib/routing/auth_guard.dart | 8 +++++---
 mobile/lib/routing/router.dart     | 5 ++++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/mobile/lib/routing/auth_guard.dart b/mobile/lib/routing/auth_guard.dart
index b0cd9ea9ea..eaa821c0eb 100644
--- a/mobile/lib/routing/auth_guard.dart
+++ b/mobile/lib/routing/auth_guard.dart
@@ -7,13 +7,15 @@ import 'package:immich_mobile/domain/services/store.service.dart';
 import 'package:immich_mobile/entities/store.entity.dart';
 import 'package:immich_mobile/routing/router.dart';
 import 'package:immich_mobile/services/api.service.dart';
+import 'package:immich_mobile/services/auth.service.dart';
 import 'package:logging/logging.dart';
 import 'package:openapi/api.dart';
 
 class AuthGuard extends AutoRouteGuard {
   final ApiService _apiService;
+  final AuthService _authService;
   final _log = Logger("AuthGuard");
-  AuthGuard(this._apiService);
+  AuthGuard(this._apiService, this._authService);
   @override
   void onNavigation(NavigationResolver resolver, StackRouter router) async {
     resolver.next(true);
@@ -27,7 +29,7 @@ class AuthGuard extends AutoRouteGuard {
       if (res == null || res.authStatus != true) {
         // If the access token is invalid, take user back to login
         _log.fine('User token is invalid. Redirecting to login');
-        unawaited(router.replaceAll([const LoginRoute()]));
+        unawaited(router.replaceAll([const LoginRoute()]).then((_) => _authService.clearLocalData()));
       }
     } on StoreKeyNotFoundException catch (_) {
       // If there is no access token, take us to the login page
@@ -38,7 +40,7 @@ class AuthGuard extends AutoRouteGuard {
       // On an unauthorized request, take us to the login page
       if (e.code == HttpStatus.unauthorized) {
         _log.warning("Unauthorized access token.");
-        unawaited(router.replaceAll([const LoginRoute()]));
+        unawaited(router.replaceAll([const LoginRoute()]).then((_) => _authService.clearLocalData()));
         return;
       }
     } catch (e) {
diff --git a/mobile/lib/routing/router.dart b/mobile/lib/routing/router.dart
index 76c9d2efd2..0a9f6c4199 100644
--- a/mobile/lib/routing/router.dart
+++ b/mobile/lib/routing/router.dart
@@ -73,6 +73,7 @@ import 'package:immich_mobile/routing/auth_guard.dart';
 import 'package:immich_mobile/routing/duplicate_guard.dart';
 import 'package:immich_mobile/routing/locked_guard.dart';
 import 'package:immich_mobile/services/api.service.dart';
+import 'package:immich_mobile/services/auth.service.dart';
 import 'package:immich_mobile/services/local_auth.service.dart';
 import 'package:immich_mobile/services/secure_storage.service.dart';
 import 'package:maplibre_gl/maplibre_gl.dart';
@@ -82,6 +83,7 @@ part 'router.gr.dart';
 final appRouterProvider = Provider(
   (ref) => AppRouter(
     ref.watch(apiServiceProvider),
+    ref.watch(authServiceProvider),
     ref.watch(galleryPermissionNotifier.notifier),
     ref.watch(secureStorageServiceProvider),
     ref.watch(localAuthServiceProvider),
@@ -96,11 +98,12 @@ class AppRouter extends RootStackRouter {
 
   AppRouter(
     ApiService apiService,
+    AuthService authService,
     GalleryPermissionNotifier galleryPermissionNotifier,
     SecureStorageService secureStorageService,
     LocalAuthService localAuthService,
   ) {
-    _authGuard = AuthGuard(apiService);
+    _authGuard = AuthGuard(apiService, authService);
     _duplicateGuard = const DuplicateGuard();
     _lockedGuard = LockedGuard(apiService, secureStorageService, localAuthService);
   }