feat: add invitation code support to OAuth login flow

[KomanRudden]

Added invitation code support to OAuth login flow

Add support for invitation_code query parameter in FastAPI and Flask login routes. Automatically set is_invitation flag when invitation_code is provided. Add INVITATION_CODE and IS_INVITATION to LoginOptions.

Checklist

• I have read the “Pull requests” section in the contributing guidelines.
• I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

[coderabbitai]

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding invitation code support to the OAuth login flow across the codebase.
Description check	✅ Passed	The description is directly related to the changeset, explaining the addition of invitation_code support, automatic is_invitation flag setting, and new LoginOptions constants.
Docstring Coverage	✅ Passed	Docstring coverage is 92.73% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/invitation-code

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

testv2/testv2_framework/test_fastapi_framework.py (1)

30-53: Prefix unused response variables with _ to silence linter warnings.

Lines 32, 40, and 48 assign resp but never use it. The call is needed for its side effect, but the variable can be prefixed to signal intent.

Proposed fix

     def test_login_with_invitation_code(self):
         """invitation_code query param is forwarded to oauth.login()."""
-        resp = self.client.get("/login?invitation_code=inv_abc123")
+        _resp = self.client.get("/login?invitation_code=inv_abc123")
 
         self.mock_oauth.login.assert_called_once()
         login_options = self.mock_oauth.login.call_args[0][0]
         self.assertEqual(login_options["invitation_code"], "inv_abc123")
 
     def test_login_without_invitation_code(self):
         """No invitation_code means oauth.login() gets an empty dict."""
-        resp = self.client.get("/login")
+        _resp = self.client.get("/login")
 
         self.mock_oauth.login.assert_called_once()
         login_options = self.mock_oauth.login.call_args[0][0]
         self.assertNotIn("invitation_code", login_options)
 
     def test_login_with_empty_invitation_code(self):
         """An empty invitation_code query param is not forwarded."""
-        resp = self.client.get("/login?invitation_code=")
+        _resp = self.client.get("/login?invitation_code=")
 
         self.mock_oauth.login.assert_called_once()
         login_options = self.mock_oauth.login.call_args[0][0]
         self.assertNotIn("invitation_code", login_options)

testv2/testv2_framework/test_flask_framework.py (2)

29-54: Same lint nit: prefix unused resp with _.

Same as the FastAPI tests — lines 32, 41, and 50 assign resp without using it.

Proposed fix

     def test_login_with_invitation_code(self):
         """invitation_code query param is forwarded to oauth.login()."""
         with self.app.test_request_context():
-            resp = self.client.get("/login?invitation_code=inv_abc123")
+            _resp = self.client.get("/login?invitation_code=inv_abc123")

     def test_login_without_invitation_code(self):
         """No invitation_code means oauth.login() gets an empty dict."""
         with self.app.test_request_context():
-            resp = self.client.get("/login")
+            _resp = self.client.get("/login")

     def test_login_with_empty_invitation_code(self):
         """An empty invitation_code query param is not forwarded."""
         with self.app.test_request_context():
-            resp = self.client.get("/login?invitation_code=")
+            _resp = self.client.get("/login?invitation_code=")

---

31-36: The test_request_context() wrapper is redundant here.

Flask's test_client().get(...) already pushes its own request context internally. The with self.app.test_request_context(): block around each self.client.get(...) call is unnecessary. It works, but removing it would simplify the tests and align with the FastAPI counterpart's style.

Also applies to: 40-45, 49-54

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[DanielRivers]

Approved would be good to add tests to the kinde_sdk/auth/oauth.py

[KomanRudden]

@DanielRivers , tests added as requested.