Add Invitation Code Support to Ruby SDK

[KeeganBeuthin]

Changes

• Controller Layer: Validates invitation codes in auth_controller.rb before passing to SDK
• Core SDK: Handles parameter processing and URL generation in lib/kinde_sdk.rb

Files Changed

• app/controllers/kinde_sdk/auth_controller.rb - Added invitation_code parameter validation
• lib/kinde_sdk.rb - Added auto-derivation of is_invitation=true and validation logic
• spec/kinde_sdk_spec.rb - Added comprehensive test coverage for invitation_code scenarios

[coderabbitai]

Walkthrough

This PR introduces optional invitation_code support to the authentication flow. The controller validates and conditions the invitation_code parameter before passing it to the SDK, which normalizes it by stripping whitespace and setting an is_invitation flag. Tests verify correct handling of various scenarios including empty, whitespace-only, and trimmed codes.

Changes

Cohort / File(s)	Summary
Invitation Code Feature Implementation app/controllers/kinde_sdk/auth_controller.rb, lib/kinde_sdk.rb	Controller validates invitation_code (non-empty string, max 255 chars) and conditionally includes it in auth parameters. SDK preprocesses invitation_code by trimming whitespace and setting is_invitation="true" when present; removes parameters when absent or empty.
Invitation Code Tests spec/kinde_sdk_spec.rb	Adds comprehensive test suite covering invitation_code inclusion, exclusion (when not provided, empty, or whitespace-only), and whitespace trimming behavior.
Test Cleanup spec/examples.txt	Removed static snapshot of test example results and execution times.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Focus on validation logic in auth_controller.rb and parameter preprocessing in lib/kinde_sdk.rb to ensure consistent handling across both files
• Verify test coverage adequately captures edge cases (whitespace-only, boundary length constraints)

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title directly and clearly summarizes the main change: adding invitation code support to the Ruby SDK, which aligns with all modifications across the controller, core SDK, and test files.
Description check	✅ Passed	The description is relevant to the changeset, covering the key modifications in the controller layer, core SDK, and tests related to invitation code support.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f303e7c and 4328455.

📒 Files selected for processing (4)

• app/controllers/kinde_sdk/auth_controller.rb
• lib/kinde_sdk.rb
• spec/examples.txt
• spec/kinde_sdk_spec.rb

💤 Files with no reviewable changes (1)

• spec/examples.txt

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: brettchaldecott
Repo: kinde-oss/kinde-ruby-sdk PR: 36
File: lib/kinde_sdk/controllers/auth_controller.rb:46-59
Timestamp: 2025-03-17T05:02:07.199Z
Learning: In the Kinde Ruby SDK's AuthController, the client_credentials_auth method implementation that uses $redis and environment variables without explicit validation is working correctly for the Kinde integration as designed. The method also appropriately uses mgmt_path for redirection.

📚 Learning: 2025-03-17T05:02:07.199Z

Learnt from: brettchaldecott
Repo: kinde-oss/kinde-ruby-sdk PR: 36
File: lib/kinde_sdk/controllers/auth_controller.rb:46-59
Timestamp: 2025-03-17T05:02:07.199Z
Learning: In the Kinde Ruby SDK's AuthController, the client_credentials_auth method implementation that uses $redis and environment variables without explicit validation is working correctly for the Kinde integration as designed. The method also appropriately uses mgmt_path for redirection.

Applied to files:

• app/controllers/kinde_sdk/auth_controller.rb
• lib/kinde_sdk.rb
• spec/kinde_sdk_spec.rb

🧬 Code graph analysis (2)

app/controllers/kinde_sdk/auth_controller.rb (1)

lib/kinde_sdk.rb (1)

• auth_url (46-83)

spec/kinde_sdk_spec.rb (2)

lib/kinde_sdk.rb (1)

• auth_url (46-83)

app/controllers/kinde_sdk/auth_controller.rb (1)

• include (11-308)

🔇 Additional comments (3)

lib/kinde_sdk.rb (1)

59-64: LGTM! Clean invitation code normalization.

The implementation correctly handles invitation_code by stripping whitespace and auto-deriving the is_invitation flag. The defensive deletion of invalid/empty codes prevents malformed URLs. This works well with the controller's pre-validation layer.

app/controllers/kinde_sdk/auth_controller.rb (1)

25-31: Well-designed validation with defense in depth.

The invitation_code validation logic is sound:

• Type check prevents non-string inputs
• Length check on the original (pre-strip) string is a good security practice that prevents resource exhaustion from maliciously large whitespace strings
• Non-empty check after stripping ensures meaningful values
• Works harmoniously with the SDK's normalization layer

spec/kinde_sdk_spec.rb (1)

92-120: Excellent test coverage for invitation code scenarios.

The test suite comprehensively validates the invitation_code functionality:

• Presence/absence of invitation_code parameter
• Empty and whitespace-only edge cases
• Whitespace trimming behavior
• Correct auto-derivation of is_invitation flag

The tests clearly document the expected behavior and provide good regression protection.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Koosha-Owji]

@KeeganBeuthin Could you resolve the conflict? everything else looks good to me.