Enhance Flutter SDK documentation with comprehensive improvements

[ashar-aala]

Description (required)

• Add build.gradle.kts support with Kotlin DSL examples
• Improve Android OAuth configuration with detailed explanations
• Enhance Portal URL generation with better error handling and imports
• Add billing URL parameters documentation with practical examples
• Add step-by-step Android configuration with manifest examples
• Document appAuthRedirectScheme explanation and usage
• Add AndroidManifest.xml complete configuration examples

Related issues & labels (optional)

• Closes #
• Suggested label:

Summary by CodeRabbit

• New Features

  • Added portal URL generation via a new createPortalUrl API and PortalPage options for profile, billing, and organization pages.
  • Extended login and registration to accept billing-related AdditionalParameters (planInterest, pricingTableKey).

• Documentation

  • Added comprehensive Android OAuth redirect scheme setup guidance with runnable examples and validation tips.
  • Documented portal navigation and billing-parameter usage across login, signup, and portal flows; updated public API references.

[coderabbitai]

Walkthrough

Updates the Flutter SDK documentation and public API: adds Android OAuth redirect scheme guidance, billing-related AdditionalParameters for login/register, and portal URL generation (PortalPage enum + createPortalUrl). Integrates runnable examples, validation notes, and API reference updates.

Changes

Cohort / File(s)	Summary
Flutter SDK docs (Android OAuth & examples) src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx	Adds Gradle (Groovy/Kotlin) appAuthRedirectScheme config blocks, AndroidManifest.xml intent-filter examples for login/logout redirect handling, explanation of appAuthRedirectScheme matching Kinde callbacks/env, and key configuration points (namespace, taskAffinity, redirect handler, scheme substitution) with validation guidance.
Flutter SDK docs (Billing parameters & Portal) src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx	Documents AdditionalParameters type (planInterest, pricingTableKey), shows passing additionalParameters to login/register, introduces PortalPage enum and createPortalUrl(returnUrl, subNav) API, usage examples (profile, billing, org management), and requirements (authenticated user, absolute returnUrl).
Public API surface (SDK library) lib/.../kinde_flutter_sdk.dart, lib/models/.../portal_page.dart, lib/models/.../additional_parameters.dart	Adds PortalPage enum values, AdditionalParameters class, createPortalUrl method, and extends login(...) / register(...) signatures to accept optional AdditionalParameters. (Paths abbreviated; changes are new public types and method signature additions.)
API reference docs src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx	Documents new createPortalUrl signature, PortalPage values, and notes optional additionalParameters on login/register.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as Flutter App (User)
  participant SDK as Kinde Flutter SDK
  participant Auth as Kinde Auth Server
  participant Portal as Kinde Portal

  rect rgba(200,230,255,0.25)
  note right of U: Optional billing context passed
  U->>SDK: login(register)(additionalParameters?)
  SDK->>Auth: Authorization request (+additionalParameters)
  Auth-->>SDK: Tokens
  SDK-->>U: Authenticated session
  end

  rect rgba(220,255,220,0.25)
  note right of U: Portal URL generation
  U->>SDK: createPortalUrl(returnUrl, subNav)
  SDK->>Auth: Request signed portal URL (authenticated)
  Auth-->>SDK: Portal URL
  SDK-->>U: URL string
  U->>Portal: Open portal URL (browser/webview)
  Portal-->>U: Target sub-page (profile/billing/org)
  end

Loading

sequenceDiagram
  autonumber
  actor A as Android App
  participant SDK as Kinde Flutter SDK
  participant Browser as System Browser

  note over A: App configured with appAuthRedirectScheme + manifest filters
  A->>SDK: Start auth flow
  SDK->>Browser: Open authorize URL (redirect_uri uses custom scheme)
  Browser-->>A: Redirect via custom scheme (login/logout)
  A->>SDK: Deliver intent to RedirectUriReceiverActivity
  SDK-->>A: Complete auth (tokens delivered)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• update: added the BuildContext information to the documentation. #311: Modifies Flutter SDK auth method signatures (adds/adjusts BuildContext/parameters) — directly related to login/register signature changes.
• Updated custom scheme for flutter user #486: Updates OAuth redirect URI guidance for Android — overlaps with added Android OAuth examples and manifest guidance.

Suggested reviewers

• brettchaldecott
• clairekinde11

Poem

A rabbit hops with joyful cheer,
Schemes and portals now appear.
Billing crumbs and enums bright,
URLs that gleam at night.
Hop—redirects land just right. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly indicates that the PR improves the Flutter SDK documentation and aligns with the changeset which adds Android OAuth guidance, portal URL generation, billing parameters, and API documentation updates; it therefore correctly reflects the primary purpose. The phrase "comprehensive improvements" is somewhat broad but does not make the title misleading or unrelated to the changes.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx (1)

654-666: Same launch pattern and import as above.

Keep examples consistent to reduce support noise.

🧹 Nitpick comments (8)

src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx (8)

124-141: Clarify app-level Gradle placement and flavor overrides.

State explicitly that this belongs in the module (android/app) Gradle file. Also show how to set manifestPlaceholders per build type/flavor to avoid mixing schemes across variants.

Example (Groovy):

 android {
   defaultConfig {
-    manifestPlaceholders += [
+    manifestPlaceholders += [
       appAuthRedirectScheme: '<your_custom_scheme>'
     ]
   }
+  productFlavors {
+    dev {
+      manifestPlaceholders.appAuthRedirectScheme = 'myapp-dev'
+    }
+    prod {
+      manifestPlaceholders.appAuthRedirectScheme = 'myapp'
+    }
+  }
 }

---

143-152: Kotlin DSL: show flavor-specific placeholders.

Mirror the Groovy example so KTS users don’t guess how to scope per flavor.

 android {
   defaultConfig {
     manifestPlaceholders["appAuthRedirectScheme"] = "<your_custom_scheme>"
   }
+  productFlavors {
+    create("dev") {
+      manifestPlaceholders["appAuthRedirectScheme"] = "myapp-dev"
+    }
+    create("prod") {
+      manifestPlaceholders["appAuthRedirectScheme"] = "myapp"
+    }
+  }
 }

---

154-161: Explicitly define “scheme” (no ://) and align with envs.

Add a one-liner: “Use only the scheme portion (e.g., myapp), not ‘myapp://’.” Also call out that envs use full URLs while the manifest uses only the scheme to prevent common misconfigurations.

- The `appAuthRedirectScheme` is a custom URL scheme ...
+ The `appAuthRedirectScheme` is the URL scheme (e.g., `myapp`) — do not include `://`.
+ In env vars use full URLs (e.g., `myapp://kinde_callback`), but in the manifest use only the scheme.

---

210-217: Augment the checklist with namespace and deep-link notes.

• Add: “Define module namespace in build.gradle(.kts), e.g., android { namespace = "com.example.app" }.”
• Add: “Don’t use android:autoVerify for custom schemes.”
• Remove: “tools namespace” if no tools: attributes remain.

---

310-332: Document AdditionalParameters type and imports; note optionality.

Briefly define the model (fields optional) and where it’s imported from; otherwise readers can’t compile examples.

 ```dart
+// import 'package:url_launcher/url_launcher.dart'; // if launching URLs elsewhere
+// import 'package:kinde_flutter_sdk/kinde_flutter_sdk.dart';
+// AdditionalParameters has optional fields: { String? planInterest, String? pricingTableKey }
 // During login with billing context
 final token = await sdk.login(
   context: context,
   additionalParameters: AdditionalParameters(
     planInterest: 'premium',
     pricingTableKey: 'pricing_table_1'
   ),
 );

And add this type to the API Reference with a short table.

---

`597-672`: **Portal URL examples: include `url_launcher` import and failure handling.**

Readers will copy-paste. Add the import and handle `canLaunchUrl` to avoid runtime errors.

```diff
-    // Open the portal URL in browser or WebView
-    print('Portal URL: $portalUrl');
+    // Open the portal URL
+    final uri = Uri.parse(portalUrl);
+    if (!await canLaunchUrl(uri)) {
+      throw 'Cannot launch $uri';
+    }
+    await launchUrl(uri, mode: LaunchMode.externalApplication);

And prepend:

+import 'package:url_launcher/url_launcher.dart';

---

642-652: Use canLaunchUrl and external mode in examples.

Harden example to avoid silent failures when a handler is unavailable.

-  await launchUrl(Uri.parse(billingUrl));
+  final uri = Uri.parse(billingUrl);
+  if (await canLaunchUrl(uri)) {
+    await launchUrl(uri, mode: LaunchMode.externalApplication);
+  }

---

1019-1048: API reference: add return type and errors; cross-link enum.

Specify Future<String> return type, possible errors (unauthenticated, invalid returnUrl), and link PortalPage. Also add AdditionalParameters to Methods/Types since it’s used above.

- createPortalUrl({
+ Future<String> createPortalUrl({
   required String returnUrl,
   PortalPage subNav = PortalPage.profile
 })

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6e205ca and ea912c7.

📒 Files selected for processing (1)

• src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx (5 hunks)

🔇 Additional comments (2)

src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx (2)

626-636: Keep enum list auto-synced with SDK to prevent drift.

Note that values must mirror the SDK’s PortalPage. Consider generating this list from source or linking to the API doc to avoid future mismatches.

Would you like a small script to diff the enum in the repo against these docs?

---

668-672: Expand requirements: allowlists and org context.

• Add: “Ensure returnUrl origin is allowed in your Kinde app settings.”
• If org-specific pages are used, clarify how the current org context is determined.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx (1)

167-169: Remove tools:node="replace"; keep AppCompat theme but note dependency.

• tools:node="replace" can clobber manifest merges from transitive libs and is unnecessary here. Remove it and the tools namespace if it’s unused elsewhere.
• Retain Theme.AppCompat.Translucent.NoTitleBar (we’ve seen crashes without it), but call out the appcompat dependency so this style resolves at build time.

-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:tools="http://schemas.android.com/tools">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">

 ...
         <!-- OAuth Redirect Handler -->
         <activity
             android:name="net.openid.appauth.RedirectUriReceiverActivity"
             android:theme="@style/Theme.AppCompat.Translucent.NoTitleBar"
-            android:exported="true"
-            tools:node="replace">
+            android:exported="true">

Add this dependency if not already present (outside the manifest):

Groovy:

dependencies {
  implementation "androidx.appcompat:appcompat:1.7.0"
}

Kotlin DSL:

dependencies {
  implementation("androidx.appcompat:appcompat:1.7.0")
}

Also applies to: 186-205

🧹 Nitpick comments (5)

src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx (5)

124-152: Clarify placeholder usage for custom scheme (no ://, lowercase).

To prevent common misconfigurations, add a short note that the manifest placeholder should be only the scheme (e.g., myapp), not myapp://, and recommend lowercase to avoid Android parsing quirks.

 **For build.gradle.kts (Kotlin DSL):**
 ```kotlin
 android {
     ...
     defaultConfig {
         ...
         manifestPlaceholders["appAuthRedirectScheme"] = "<your_custom_scheme>"
     }
 }

+Tip: Use only the scheme part here (e.g., myapp — no ://) and prefer lowercase. Your env vars should then be myapp://kinde_callback and myapp://kinde_logoutcallback.

---

`210-217`: **Update key points: tools namespace not needed; add appcompat note.**

Since we’re removing tools:node, the tools namespace bullet should go. Add a note about resolving the AppCompat theme via the appcompat dependency.


```diff
-**Key Configuration Points:**
-
-- Add the `tools` namespace to the manifest root
+**Key Configuration Points:**
+- Ensure the AppCompat theme resolves by including `androidx.appcompat:appcompat` in your app module dependencies
 - Set `taskAffinity="${applicationId}"` for the main activity  
 - Include the `RedirectUriReceiverActivity` with proper intent filters for both login and logout callbacks
 - The `${appAuthRedirectScheme}` in the manifest gets replaced with your custom scheme from build.gradle
 - Intent filters handle both `kinde_callback` (login) and `kinde_logoutcallback` (logout) URLs

---

310-333: Document SDK surface for AdditionalParameters and add availability note.

The examples look good. Please add an “API” note so readers know the option is part of login/register and which SDK version introduced it.

 ## Billing URL Parameters
 
 When directing users to authentication flows with billing context, you can now pass additional parameters to indicate pricing interests:
 
 ```dart
@@
 );

+Note:
+- additionalParameters is supported by both login and register.
+- Please ensure you are using kinde_flutter_sdk version X.Y.Z or later where AdditionalParameters was introduced.

---

`597-672`: **Strengthen guidance for createPortalUrl (whitelisting and open‑redirect safety).**

Add requirements to avoid configuration issues and security pitfalls when handling returnUrl.


```diff
 ### Requirements
 
-- User must be authenticated before calling `createPortalUrl()`
-- The `returnUrl` parameter must be an absolute URL
+- User must be authenticated before calling `createPortalUrl()`.
+- The `returnUrl` must be an absolute URL and its domain should be allowed in your Kinde app’s Allowed redirect URLs.
+- Do not pass user-controlled input directly as `returnUrl` to avoid open‑redirect risks.

---

1019-1048: Use absolute returnUrl in examples to match the requirement.

Examples currently use your_return_url without scheme/host. Show an absolute HTTPS URL for consistency with the Requirements.

 // Navigate to user profile
 final profileUrl = await sdk.createPortalUrl(
-  returnUrl: 'your_return_url'
+  returnUrl: 'https://yourapp.com/settings/profile'
 );
 
 // Navigate to billing page
 final billingUrl = await sdk.createPortalUrl(
-  returnUrl: 'your_return_url',
+  returnUrl: 'https://yourapp.com/settings/billing',
   subNav: PortalPage.planSelection
 );

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ea912c7 and 76e755b.

📒 Files selected for processing (1)

• src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx (5 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-15T05:43:48.408Z

Learnt from: ashar-aala
PR: kinde-oss/documentation#560
File: src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx:0-0
Timestamp: 2025-09-15T05:43:48.408Z
Learning: Theme.AppCompat.Translucent.NoTitleBar is required for RedirectUriReceiverActivity in Android manifest configurations when using AppAuth library. Removing this theme causes crashes with "java.lang.IllegalStateException: You need to use a Theme.AppCompat theme (or descendant) with this activity".

Applied to files:

• src/content/docs/developer-tools/sdks/native/flutter-sdk.mdx

[clairekinde11]

Copy is fine - needs Daniel's technical approval