Clarify Google offline refresh docs

[riderx]

What

• add explicit website warnings that Google mode: 'offline' is a backend exchange flow and that SocialLogin.refresh({ provider: 'google' }) should not be called in-app in that mode
• surface the warning in the getting started guide, general Google guide, iOS guide, and Android guide

Why

• users are still reading the docs as if Google refresh should work from the app after choosing offline mode
• the missing piece is that offline mode only returns serverAuthCode; token refresh belongs on the backend after exchanging that code
• the Android page especially needed the warning because that is where many users copy their implementation

How

• add short caution notes in the platform and general docs where users make the integration choice
• keep the guidance consistent with the plugin API docs and native error messages
• verify the docs site builds with the updated MDX pages
• AI-assisted with Codex

Testing

• bunx prettier --write apps/docs/src/content/docs/docs/plugins/social-login/getting-started.mdx apps/docs/src/content/docs/docs/plugins/social-login/google/general.mdx apps/docs/src/content/docs/docs/plugins/social-login/google/ios.mdx apps/docs/src/content/docs/docs/plugins/social-login/google/android.mdx
• bun run build:docs

Not Tested

• production deployment preview after CI publishes the site artifacts

Summary by CodeRabbit

• Documentation
  • Clarified Google "offline" mode: the returned authorization code is for backend token exchange only.
  • Stated that in-app token refresh is not available in offline mode — refresh must be performed on the backend after exchanging the code.
  • Noted that on Web a fresh login is required to obtain a new Google token (refresh is not implemented).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8564a425-b6b1-4e97-93ff-14df66561fb6

📥 Commits

Reviewing files that changed from the base of the PR and between 3299565 and 1018946.

📒 Files selected for processing (1)

• apps/docs/src/content/docs/docs/plugins/social-login/google/web.mdx

✅ Files skipped from review due to trivial changes (1)

• apps/docs/src/content/docs/docs/plugins/social-login/google/web.mdx

---

📝 Walkthrough

Walkthrough

Added clarifying cautions to Google Social Login docs that serverAuthCode from google.mode: 'offline' is for backend token exchange and that SocialLogin.refresh() cannot be used in offline mode; web note also clarifies refresh on Web is not implemented.

Changes

Cohort / File(s)	Summary
Google Social Login docs (general & getting started) apps/docs/src/content/docs/docs/plugins/social-login/google/general.mdx, apps/docs/src/content/docs/docs/plugins/social-login/social-login/getting-started.mdx	Added cautions and notes explaining that serverAuthCode is for backend exchange and that SocialLogin.refresh() is not available for offline-mode flows.
Platform-specific Google notes apps/docs/src/content/docs/docs/plugins/social-login/google/android.mdx, apps/docs/src/content/docs/docs/plugins/social-login/google/ios.mdx, apps/docs/src/content/docs/docs/plugins/social-login/google/web.mdx	Inserted platform cautions: Android/iOS docs instruct backend exchange and disallow in-app SocialLogin.refresh() for offline; Web doc states frontend refresh is not implemented and recommends re-login to obtain a fresh token. Removed/cleaned trailing blank lines in some files.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: warn about offline mode + better document options for iOS for Social Login #387: Similar documentation updates clarifying Google Social Login offline-mode serverAuthCode backend-exchange workflow and frontend refresh limitations.

Poem

🐇 I hopped through docs with careful paws,
Whispered: "Server auth codes need backend laws."
No in-app refresh for offline play,
Exchange and store where night meets day.
Hooray—clear notes to guide the way! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately and concisely describes the main change: adding clarifications to Google offline refresh documentation across multiple MDX files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/social-login-offline-docs

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

apps/docs/src/content/docs/docs/plugins/social-login/google/general.mdx (1)

240-241: Optional: promote this reminder to a callout for visibility.

The text is important enough to be easily scannable like the other warnings.

Possible formatting tweak

-Notice what is missing here: there is no `SocialLogin.refresh()` call in the app. That is intentional. In Google offline mode, refresh happens after your backend exchanges `serverAuthCode` and stores the refresh token securely.
+:::note
+Notice what is missing here: there is no `SocialLogin.refresh()` call in the app. That is intentional. In Google offline mode, refresh happens after your backend exchanges `serverAuthCode` and stores the refresh token securely.
+:::

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/docs/src/content/docs/docs/plugins/social-login/google/general.mdx`
around lines 240 - 241, Convert the inline reminder about omitting
SocialLogin.refresh() into a visible callout component so it stands out like
other warnings; specifically, wrap the sentence that mentions there is no
SocialLogin.refresh() call and that Google offline mode performs refresh after
your backend exchanges serverAuthCode and stores the refresh token securely into
the project's standard note/warning callout component used elsewhere in docs (so
it is scannable and styled consistently), keeping the exact wording about
SocialLogin.refresh() and serverAuthCode intact.

apps/docs/src/content/docs/docs/plugins/social-login/getting-started.mdx (1)

115-116: Consider labeling the earlier refresh example as online-only.

This new warning is good, but readers may still copy the refresh snippet above without noticing mode constraints. A tiny inline qualifier near that snippet would make this foolproof.

Suggested doc tweak

-// For providers that support this mode
+// For providers that support this mode (Google requires `mode: 'online'`)
 const authCodeResult = await SocialLogin.getAuthorizationCode({ provider: 'google' });
+// Google refresh is available only in online mode
 await SocialLogin.refresh({ provider: 'google', options: {} as never });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/docs/src/content/docs/docs/plugins/social-login/getting-started.mdx`
around lines 115 - 116, Add an inline qualifier to the earlier refresh code
snippet to show it is for online mode only: update the snippet/example that
calls SocialLogin.refresh() to include a brief label or comment like
"online-only" and/or note that it requires google.mode: 'online' (and that
serverAuthCode should be sent to the backend for token exchange), so readers
won't copy the refresh example when using serverAuthCode/offline mode.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@apps/docs/src/content/docs/docs/plugins/social-login/getting-started.mdx`:
- Around line 115-116: Add an inline qualifier to the earlier refresh code
snippet to show it is for online mode only: update the snippet/example that
calls SocialLogin.refresh() to include a brief label or comment like
"online-only" and/or note that it requires google.mode: 'online' (and that
serverAuthCode should be sent to the backend for token exchange), so readers
won't copy the refresh example when using serverAuthCode/offline mode.

In `@apps/docs/src/content/docs/docs/plugins/social-login/google/general.mdx`:
- Around line 240-241: Convert the inline reminder about omitting
SocialLogin.refresh() into a visible callout component so it stands out like
other warnings; specifically, wrap the sentence that mentions there is no
SocialLogin.refresh() call and that Google offline mode performs refresh after
your backend exchanges serverAuthCode and stores the refresh token securely into
the project's standard note/warning callout component used elsewhere in docs (so
it is scannable and styled consistently), keeping the exact wording about
SocialLogin.refresh() and serverAuthCode intact.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6c8d659b-29a2-4a9f-ac00-4f7973874294

📥 Commits

Reviewing files that changed from the base of the PR and between 602b256 and 3299565.

📒 Files selected for processing (4)

• apps/docs/src/content/docs/docs/plugins/social-login/getting-started.mdx
• apps/docs/src/content/docs/docs/plugins/social-login/google/android.mdx
• apps/docs/src/content/docs/docs/plugins/social-login/google/general.mdx
• apps/docs/src/content/docs/docs/plugins/social-login/google/ios.mdx

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud