In the check-in web app, the sign-out button is locked behind a password verification modal. This is to prevent end users (eventgoers in this case) from signing out from a kiosk. A password verification API will be needed in this case to verify the password of the logged-in account.