🏠 Overview ✅ Implementation Tasks ✅ epic-external-system-integration-configuration-admin-ui-task-014

Wizard save and edit integration config flow

epic-external-system-integration-configuration-admin-ui-task-014 — Implement wizard completion saving: on final confirmation, POST or PATCH the complete integration configuration to the Integration Config Service, handle success by navigating to the dashboard with a success toast, and handle API errors inline on the confirmation screen. Support re-opening the wizard in edit mode by pre-populating all steps from existing config.

critical priority high complexity integration pending fullstack developer Tier 5

Acceptance Criteria

On final wizard confirmation tap, a POST (new) or PATCH (edit) is sent to Integration Config Service with the complete config payload
The correct HTTP method is used: POST for new integrations, PATCH for existing — determined by presence of an integration ID in wizard state
On save success, user is navigated to the dashboard and a success toast is shown identifying the integration by name
On API validation error (422), field-level error messages are displayed inline on the relevant wizard step — wizard does not dismiss
On network/server error (5xx/timeout), an inline error banner is shown on the confirmation screen with a retry button
While save is in flight, the confirm button shows a loading spinner and is disabled to prevent double submission
Edit mode: opening the wizard with an existing integration ID pre-populates all steps with current config values
Edit mode: all steps are navigable and editable; only the final step reflects 'Update' vs 'Create' CTA label
Credential fields in edit mode show masked placeholder values and only send updated values if the user modifies them
Wizard state is cleared from memory after successful save to prevent stale data on next open
Organization ID is always sourced from JWT — never from wizard form input

Technical Requirements

frameworks
Flutter
BLoC
Riverpod
apis
Integration Config Service REST API — POST /organizations/{orgId}/integrations (create)
Integration Config Service REST API — PATCH /organizations/{orgId}/integrations/{integrationId} (update)
Integration Config Service REST API — GET /organizations/{orgId}/integrations/{integrationId} (pre-populate edit mode)
data models
activity_type
assignment
performance requirements
Save API call must complete within 5 seconds on standard network — show timeout error if exceeded
Pre-population of edit mode must complete within 1 second after wizard opens
Wizard step navigation must be instantaneous (no API calls on step change)
security requirements
Credential values (API keys, passwords) must never be logged or stored in local widget state beyond wizard session
Supabase Edge Function validates organization ownership before accepting POST/PATCH
JWT claims used server-side to scope the save operation — client org ID claim cannot be overridden
Integration credentials encrypted at rest via Supabase vault or equivalent before database storage
ui components
WizardConfirmationStep widget with summary of all config values
InlineErrorBanner widget for save errors
LoadingButton widget for confirm CTA
SuccessToast / SnackBar shown post-navigation on dashboard
MaskedCredentialField widget for edit mode credential display

Execution Context

Execution Tier
Tier 5

Tier 5 - 253 tasks

Can start after Tier 4 completes

Integration Task

Handles integration between different epics or system components. Requires coordination across multiple development streams.

Implementation Notes

Store the full wizard state in a single WizardStateCubit that is provided at the wizard route level and disposed on completion or cancellation. Use a discriminated union (sealed class) for wizard mode: CreateMode() and EditMode(integrationId). In EditMode, fetch existing config on wizard init and map each config field to the corresponding step's form state — use a WizardConfigMapper class to keep this mapping testable and separate from UI. For credential fields in edit mode, send a sentinel value (e.g., '__UNCHANGED__') from the client; the backend interprets this as 'keep existing value' to avoid re-transmitting secrets.

Validate all steps client-side before dispatching the save call to reduce unnecessary round-trips. On 422, parse the error response's field path to identify which step owns the errored field and surface the error on that step using the BLoC error state.

Testing Requirements

Write unit tests for WizardSaveCubit covering: POST success → navigates to dashboard, PATCH success → navigates to dashboard, 422 validation error → field errors mapped to correct steps, 5xx error → inline banner shown, double-tap prevention via button disablement. Write widget tests for the confirmation step verifying correct CTA label ('Create' vs 'Update') and loading state appearance. Write integration tests for round-trip create → fetch → edit → update flow using staging Supabase. Test credential masking: verify raw credential values are not present in widget tree during edit mode.

Test concurrent save prevention: rapid double-tap must result in exactly one API call.

Component
Integration Setup Wizard
ui high
Dependencies (2)
Add per-step validation logic to the Integration Setup Wizard. Each step must validate required fields before allowing navigation forward. Display inline error messages using the plain-language error display pattern. Prevent submission if any step fails validation, and scroll to the first error field automatically. epic-external-system-integration-configuration-admin-ui-task-008 Wire the Credential Management Form connection-test button to the Integration Config Service API endpoint. Display a loading spinner during the test, show a green success banner with response latency on pass, or a red error banner with the error message on failure. Disable the Save button until a successful connection test has been completed. epic-external-system-integration-configuration-admin-ui-task-010
Epic Risks (4)
medium impact high prob technical

The multi-step Integration Setup Wizard must render different credential fields, field mapping targets, and validation rules depending on the selected integration type. If the type-specific branching logic is implemented as conditional widget trees rather than driven by the Integration Type Registry, the wizard becomes unmaintainable and adding new integration types requires UI code changes.

Mitigation & Contingency

Mitigation: Design the wizard to be metadata-driven from the Integration Type Registry from day one. Credential form fields, required field validation, and mapping target lists are all fetched from the registry, not hardcoded in widgets. Implement one integration type end-to-end first (Xledger) to validate the pattern before building the others.

Contingency: If the metadata-driven approach proves too complex for the initial delivery, implement Xledger and Dynamics as hardcoded wizard variants and create a registry-driven refactor as a follow-up technical debt ticket with a fixed deadline.

medium impact medium prob dependency

The Excluded Features Configuration Panel must wire directly into the feature flag system to suppress HLF app features. If the feature flag system does not yet expose a writable admin interface, this panel cannot save its configuration, blocking the HLF-specific acceptance criteria.

Mitigation & Contingency

Mitigation: Verify that the Organization-scoped Feature Flags feature (a declared dependency) exposes a Dart API for programmatic flag writes before starting this panel. Coordinate with the feature flags team to ensure the write API is available. If needed, schedule this panel as the last item in the epic.

Contingency: If the feature flag write API is unavailable at implementation time, store excluded features in the integration's JSONB settings column and wire them into a local feature flag provider that merges database state with the standard flag system at app startup.

high impact medium prob scope

The Field Mapping Editor's usability for non-technical org admins is high-risk. If the visual mapping interface is confusing, admins will configure incorrect mappings that cause silent data corruption in accounting exports — a serious financial risk discovered only at month-end reconciliation.

Mitigation & Contingency

Mitigation: Conduct usability testing with at least one admin user from Blindeforbundet on the field mapping editor prototype before full implementation. Provide descriptive labels and sample data values for all fields. Add a 'test mapping' preview that shows a transformed sample record before saving.

Contingency: If usability testing reveals the visual editor is too complex, implement a simplified list-based mapping editor (select app field → select external field, one row at a time) as a fallback, deferring the drag-and-drop visual editor to a future iteration.

medium impact medium prob technical

The Credential Management Form's masked fields and connection-test flow may conflict with screen reader requirements — VoiceOver and JAWS must be able to navigate the form, understand which fields are already configured, and receive feedback on connection test results without exposing credential values in accessible text.

Mitigation & Contingency

Mitigation: Design accessible semantics labels for masked fields (e.g., 'API key: configured, last 4 characters: abcd') from the start. Use Flutter's Semantics widget to provide screen-reader-specific text that differs from visual display. Test with VoiceOver on iOS and TalkBack on Android during development, not only at QA.

Contingency: If accessibility conflicts with security requirements for the credential form, implement a separate 'accessibility mode' flow where credential configuration is done through a separate confirmation step that provides more explicit semantic feedback without risk of value exposure.

Quick Links
All Tasks Execution Plan