docs(kit-social-login): reflect whitelabel cross-app reality#34
Merged
Conversation
The "you cannot use individual social methods with the free shared option" claim is no longer accurate. With v2.7+, VeChain Kit routes Google / Apple / X / Discord / GitHub / TikTok / LINE buttons through the whitelabel cross-app popup automatically when the consuming dApp doesn't pass a `privy` prop — they all work without paying Privy. Restructure the section to: - Lead with "Privy is OPTIONAL" instead of "Required" - Spell out exactly which methods work in the no-Privy path (and which still need self-hosted Privy: email, passkey, SMS, custom OAuth providers) - Replace the cross-app trade-offs hint with a head-to-head comparison table covering cost, setup, branding, login surface, shared identity, and security ownership.
Skill Size Report
Large reference files (>5.0K tok)
|
Skill Security AuditScanned 75 file(s) — found 14 issue(s) across 5 file(s). 🔵 LOW (14)
|
This was referenced May 19, 2026
Markdownlint flagged the bold-on-its-own-line "**Option A: …**" and "**Option B: …**" lines as emphasis-being-used-as-a-heading. Promote them to real `###` subsections (and the comparison-table intro line along with them) so the lint passes and the document outline reflects the structure properly.
Two updates to the kit-setup skill reference: - Show `isPrimary: true` in both loginMethods examples, marking the recommended CTA (filled inverted surface + green dot) instead of relying on a stale "primary CTA — filled, recommended dot" comment that implied VeWorld is special. The dev now controls emphasis per entry, and the kit falls back to first-visible if none is marked. - Fix the "Important" callout that listed `google`, `apple`, `github`, and `more` as Privy-required. After the cross-app whitelabel rollout, only `email`, `passkey`, and `sms` actually require self-hosted Privy. The OAuth providers (google/apple/twitter/ discord/github/tiktok/line) all work via the whitelabel popup, and `more` gracefully degrades to whatever's available. - Add a new "Recommended CTA" note explaining the `isPrimary` flag and which buttons currently honor the filled treatment.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
kit-social-login.mdreference doc still framed Privy as required for social login and stated that individual social methods likeemail,google,passkey,morecould not be used without your own Privy credentials. That's been wrong since the v2.7 whitelabel cross-app rollout — the kit now routes Google / Apple / X / Discord / GitHub / TikTok / LINE through VeChain's whitelabel popup automatically when the consuming dApp doesn't pass aprivyprop. AI assistants reading this reference were producing outdated guidance.Changes
vechainanduseLoginWithOAuth().initOAuth(...))Related
cross-app-connect/host this doc now describes)Test plan
🤖 Generated with Claude Code