feat: new guide - Deploy a Kinde app on Cloudflare Workers

[tamalchowdhury]

Description (required)

Related issues & labels (optional)

• Closes #
• Suggested label:

Summary by CodeRabbit

• Documentation
  • Added a comprehensive Cloudflare Workers guide for deploying Next.js apps with Kinde (setup, adapter, config, secrets, preview/deploy, troubleshooting).
  • Expanded Next.js SDK docs with middleware guidance and client-side AuthProvider/KindeProvider examples and flow updates.
  • Reworked edge-workers into a platform-focused overview linking detailed guides.
  • Updated front-matter (titles, sidebar ordering, related articles, languages, timestamps) across several guides for improved navigation.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a Cloudflare Workers deployment guide; adjusts frontmatter (sidebar order, titles, relatedArticles) across multiple docs; restructures the Next.js SDK guide with middleware and a new client-side AuthProvider, converting RootLayout to a synchronous export; expands the edge-workers overview with platform-specific guidance.

Changes

Cohort / File(s)	Summary
Sidebar & frontmatter edits src/content/docs/developer-tools/guides/code-sync-errors.mdx, src/content/docs/developer-tools/guides/deploy-on-netlify.mdx, src/content/docs/developer-tools/guides/kinde-and-electron.mdx, src/content/docs/developer-tools/guides/manage-kinde-configuration.mdx, src/content/docs/developer-tools/guides/protect-fastapi-routes-with-kinde.mdx	Adjusted sidebar.order values, minor frontmatter edits (title casing), and added two relatedArticles entries in manage-kinde-configuration.mdx.
New Cloudflare Workers guide src/content/docs/developer-tools/guides/deploy-on-cloudflare-workers.mdx	Added comprehensive MDX guide for deploying a Next.js app with Kinde on Cloudflare Workers: OpenNext adapter, wrangler.toml, env/secret handling, callback/logout config, preview/deploy commands, health checks, and troubleshooting.
Netlify & Vercel metadata src/content/docs/developer-tools/guides/deploy-on-netlify.mdx, src/content/docs/developer-tools/guides/deploy-on-vercel.mdx	Normalized title casing and updated frontmatter formatting; changed Netlify sidebar order and refined Vercel description formatting.
Next.js SDK restructuring src/content/docs/developer-tools/sdks/backend/nextjs-sdk.mdx, app/layout.tsx, app/AuthProvider.tsx	Reworked Next.js SDK docs: added explicit middleware section, introduced optional client-side KindeProvider/AuthProvider examples, changed RootLayout export from async to sync, updated server/client examples and auth-link usage; added AuthProvider component.
Edge workers overview expanded src/content/docs/integrate/third-party-tools/kinde-edge-workers.mdx	Converted a step-by-step guide into an overview linking to platform-specific integrations; added sections for Cloudflare Workers, JWT verification, Next.js Edge, Deno, Nuxt on Vercel; updated languages, related links, and timestamps.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant Middleware
  participant AppServer
  participant KindeAuth

  Client->>Middleware: HTTP request to route
  Middleware->>AppServer: Check session / validate token
  AppServer->>KindeAuth: Verify token / exchange code / fetch user
  KindeAuth-->>AppServer: Return verification / user session
  AppServer-->>Middleware: Session validated
  Middleware-->>Client: Serve content or redirect to login

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through docs by moonlight bright,
Added guides and set orders right,
Middleware routes and Cloudflare beams,
Sync'd layout, auth, and helpful schemes,
A little rabbit, docs alight!

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (12 files): ⚔️ src/content/docs/build/domains/organization-custom-domain.mdx (content) ⚔️ src/content/docs/build/domains/pointing-your-domain.mdx (content) ⚔️ src/content/docs/developer-tools/guides/code-sync-errors.mdx (content) ⚔️ src/content/docs/developer-tools/guides/deploy-on-netlify.mdx (content) ⚔️ src/content/docs/developer-tools/guides/deploy-on-vercel.mdx (content) ⚔️ src/content/docs/developer-tools/guides/kinde-and-electron.mdx (content) ⚔️ src/content/docs/developer-tools/guides/manage-kinde-configuration.mdx (content) ⚔️ src/content/docs/developer-tools/guides/protect-fastapi-routes-with-kinde.mdx (content) ⚔️ src/content/docs/developer-tools/sdks/backend/nextjs-sdk.mdx (content) ⚔️ src/content/docs/integrate/third-party-tools/kinde-edge-workers.mdx (content) ⚔️ src/content/docs/integrate/third-party-tools/kinde-mailgun-email-delivery.mdx (content) ⚔️ src/content/docs/manage-users/add-and-edit/send-invitations-webhook.mdx (content) These conflicts must be resolved before merging into main.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main addition in this PR: a new guide for deploying Kinde apps on Cloudflare Workers, which is the primary change represented by the new deploy-on-cloudflare-workers.mdx file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch tamal/feat/cloudflare-workers-nextjs-app

⚔️ Resolve merge conflicts (beta)

• Auto-commit resolved conflicts to branch tamal/feat/cloudflare-workers-nextjs-app
• Create stacked PR with resolved conflicts
• Post resolved changes as copyable diffs in a comment

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

src/content/docs/developer-tools/guides/deploy-on-cloudflare-workers.mdx (2)

73-79: Nit: inconsistent npm command style.

Line 73 uses npm install while line 79 uses the shorthand npm i -D. Consider using the same style throughout for consistency.

Proposed fix

-    npm i -D wrangler@latest
+    npm install -D wrangler@latest

---

213-221: Helpful troubleshooting section on KindeProvider and SSR.

The blank screen guidance is clear and actionable. One small suggestion: consider linking to the specific server-side auth patterns in the Kinde Next.js SDK docs so readers know exactly which methods to use instead.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying kinde-docs-preview with    Cloudflare Pages

Latest commit:	2d0d900
Status:	✅  Deploy successful!
Preview URL:	https://bf825746.kinde-docs-preview.pages.dev
Branch Preview URL:	https://tamal-feat-cloudflare-worker.kinde-docs-preview.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/content/docs/developer-tools/sdks/backend/nextjs-sdk.mdx (1)

247-256: ⚠️ Potential issue | 🟠 Major

isAuthenticated() is async but is called without await in a non-async function.

getKindeServerSession().isAuthenticated() returns a Promise (see migration note at line 2144 and correct usage on lines 531, 595). Without await, the condition on line 250 always evaluates to truthy (a Promise object), so the guard never fires. Readers copying this snippet will have a broken auth check.

Proposed fix

-    export default function Dashboard() {
+    export default async function Dashboard() {
       const { isAuthenticated } = getKindeServerSession()

-      if (!isAuthenticated()) {
+      if (!(await isAuthenticated())) {
         return <div>You are not authenticated</div>
       }

       return <div>Dashboard</div>
     }

🤖 Fix all issues with AI agents

In `@src/content/docs/developer-tools/guides/deploy-on-cloudflare-workers.mdx`:
- Around line 168-178: The docs currently put KINDE_CLIENT_SECRET in the
wrangler.toml [vars] block which exposes it in repo history; update the guide to
recommend keeping only non-secret values in [vars] and instruct readers to set
the client secret using Cloudflare's secret storage (e.g., tell them to run npx
wrangler secret put KINDE_CLIENT_SECRET) and note that secrets set via wrangler
secret are encrypted and not stored in wrangler.toml; reference the
wrangler.toml snippet and the KINDE_CLIENT_SECRET variable so editors can
replace the literal secret with guidance text and the CLI command.
- Around line 103-111: Remove the invalid JavaScript-style comment inside the
JSON code block and ensure the block contains only valid JSON; specifically,
edit the code block that shows package.json scripts (the "scripts" object
containing "preview", "deploy", and "cf-typegen") by deleting the line with "//
package.json" or moving that note above the code block as plain text so the JSON
remains parseable when copied.

In `@src/content/docs/developer-tools/sdks/backend/nextjs-sdk.mdx`:
- Around line 233-239: The code example for the React component Home has a
malformed closing sequence ")}" that merges the JSX return closing and the
function body closing on one line; update the Home component so the JSX return
is closed with a separate closing parenthesis and semicolon (or newline) and the
function body is closed on the next line with a standalone brace, keeping proper
indentation for the return block that contains <LoginLink> and <RegisterLink>.

In `@src/content/docs/integrate/third-party-tools/kinde-edge-workers.mdx`:
- Around line 88-91: Update the Nuxt on Vercel link under the "Nuxt on Vercel"
section: replace the old URL
`https://vercel.com/docs/frameworks/nuxt#edge-functions` with the current path
`https://vercel.com/docs/frameworks/full-stack/nuxt` and confirm whether the
`#edge-functions` anchor exists; if the anchor is missing or different, remove
or adjust the fragment to point to the correct section on the Nuxt doc page so
the link resolves correctly.

🧹 Nitpick comments (2)

src/content/docs/developer-tools/guides/deploy-on-cloudflare-workers.mdx (2)

62-67: Table row about KindeProvider could be more precise.

The advice "Avoid for SSR - use server-side auth patterns" is helpful, but it may be worth briefly noting why (e.g., it depends on client-side APIs or hydration behavior incompatible with the Workers edge runtime). A single parenthetical or link to the troubleshooting section below (line 200) would help readers connect the dots without having to scroll.

---

88-99: Consider noting that compatibility_date should be kept current.

The hardcoded "2026-02-06" is fine as a starting reference, but readers copying this months later may not realize they should update it. A brief inline comment in the TOML (e.g., # use today's date) would help.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/content/docs/developer-tools/sdks/backend/nextjs-sdk.mdx (1)

245-257: ⚠️ Potential issue | 🟠 Major

isAuthenticated() returns a Promise — calling it without await in a non-async function is always truthy.

The Dashboard component was changed from async to a plain function, but isAuthenticated() still returns a promise (as documented in this same file at line 532 and in the migration notes at line 2146). A Promise object is truthy, so !isAuthenticated() is always false and the "not authenticated" branch is unreachable.

Either restore async/await or add a note that this example uses the client-side pattern.

Proposed fix (restore async/await to match the SDK behavior)

-    export default function Dashboard() {
-      const { isAuthenticated } = getKindeServerSession()
+    export default async function Dashboard() {
+      const { isAuthenticated } = getKindeServerSession()
 
-      if (!isAuthenticated()) {
+      if (!(await isAuthenticated())) {
         return <div>You are not authenticated</div>
       }
 
       return <div>Dashboard</div>
     }

🤖 Fix all issues with AI agents

In `@src/content/docs/developer-tools/guides/deploy-on-cloudflare-workers.mdx`:
- Around line 62-66: Update the table row about Environment variables to clarify
secrets vs public vars: change the Cloudflare Workers cell text from "Must be in
`wrangler.toml` `[vars]` section" to something like "Public vars in
`wrangler.toml` `[vars]`; secrets via `wrangler secret put`" so it matches Step
3 and prevents putting secrets such as KINDE_CLIENT_SECRET into `[vars]`; ensure
references to `wrangler.toml`, `[vars]`, `wrangler secret put`, and
KINDE_CLIENT_SECRET are used to locate and update the table entry.

🧹 Nitpick comments (1)

src/content/docs/integrate/third-party-tools/kinde-edge-workers.mdx (1)

64-64: Nit: "JWT tokens" is redundant (the T in JWT stands for Token).

Consider using "verify JWTs" or "verify JWT access tokens" instead of "verify JWT tokens."

Proposed fix

-If you need to **verify JWT tokens** in Cloudflare Workers (for API protection or custom authentication flows), use our JWT verification guide:
+If you need to **verify JWTs** in Cloudflare Workers (for API protection or custom authentication flows), use our JWT verification guide:

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/content/docs/developer-tools/guides/deploy-on-cloudflare-workers.mdx`:
- Around line 226-230: Update the troubleshooting step so it does not instruct
users to add secrets to the `[vars]` section of wrangler.toml: change step 2 to
clarify that only non-secret Kinde environment variables belong in `[vars]` and
explicitly state that KINDE_CLIENT_SECRET (and any other client secrets) must be
stored as secrets via wrangler secret (or environment-specific secret storage)
rather than committed in `[vars]`; reference the existing step text that
mentions `wrangler.toml`, `KINDE_CLIENT_SECRET`, and the `[vars]` section when
making the edit.

[onderay]

@tamalchowdhury also add in a note that when they change to use a custom domain within Cloudflare that that URL will be updated in a few places where the env vars are used.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@src/content/docs/developer-tools/guides/deploy-on-cloudflare-workers.mdx`:
- Around line 256-258: Add a trailing period to the sentence that ends with
"without the `nodejs_compat_populate_process_env` compatibility flag" in the
paragraph starting "Environment variables must be defined in `wrangler.toml`..."
and, while editing that paragraph, make the Cloudflare link ("Cloudflare Next.js
documentation") more prominent (e.g., move it earlier in the sentence or
emphasize the link text) so it’s clearer to readers.
- Around line 159-161: Update the Aside note to explicitly list which URLs must
be updated when using a custom domain: mention KINDE_SITE_URL,
KINDE_POST_LOGIN_REDIRECT_URL, and KINDE_POST_LOGOUT_REDIRECT_URL in
wrangler.toml as well as the callback and logout redirect URLs configured in the
Kinde dashboard; state that all these values should point to the new custom
domain and give brief guidance to update both wrangler.toml and the Kinde
dashboard settings.