feat: Flutter SDK update for version 23.1.0

[ChiragAgg5k]

This PR contains updates to the Flutter SDK for version 23.1.0.

[greptile-apps]

Greptile Summary

This PR bumps the Flutter SDK to 23.1.0, adding the x OAuth provider, a userType field to the Log model, a getHeaders() introspection method on Client, and upgrading flutter_web_auth_2 from 5.0.0-alpha.3 to the stable 5.0.0 release (which required removing the now-deleted intentFlags: ephemeralIntentFlags option from the Android OAuth flow). All changes are well-implemented and test coverage is updated accordingly.

Confidence Score: 5/5

Safe to merge; only P2 findings remain, no functional bugs introduced.

All changes are straightforward SDK updates (version bumps, new enum value, new model field, new accessor method). The only concern is that adding required userType to the Log constructor is technically source-breaking but is not tagged [BREAKING] in the changelog — this is a documentation gap, not a runtime defect. The getHeaders() implementation correctly returns a defensive copy. No security vulnerabilities or logic errors were found.

CHANGELOG.md — the missing [BREAKING] annotation for the Log constructor change.

Important Files Changed

Filename	Overview
CHANGELOG.md	Added 23.1.0 entries; the userType addition to Log is not flagged as [BREAKING] even though it changes the constructor signature.
lib/src/client.dart	Added getHeaders() abstract method to the Client interface; straightforward addition.
lib/src/client_base.dart	Added abstract getHeaders() declaration to bridge the interface; correct.
lib/src/client_browser.dart	Implemented getHeaders() with a defensive copy; bumped SDK/response-format version strings.
lib/src/client_io.dart	Implemented getHeaders(), bumped version strings, and removed intentFlags: ephemeralIntentFlags to align with the stable flutter_web_auth_2 5.0.0 API.
lib/src/models/log.dart	Added required userType field; this is a breaking change to the constructor signature not flagged as [BREAKING] in the changelog.
lib/src/enums/o_auth_provider.dart	Added x OAuth provider in correct alphabetical position.
pubspec.yaml	Bumped package version to 23.1.0; upgraded flutter_web_auth_2 from alpha.3 to stable 5.0.0.
test/src/models/log_test.dart	Added userType to test fixture; covers the new field correctly.
test/src/models/mfa_type_test.dart	Updated test values to use realistic TOTP URI format; no logic changes.
test/services/account_test.dart	Updated MFA authenticator test data to use realistic TOTP URI values; consistent with mfa_type_test changes.

_{Reviews (1): Last reviewed commit: "Commit from GitHub Actions (Format and p..." | Re-trigger Greptile}

[greptile-apps]

Missing [BREAKING] tag for Log constructor change

Adding userType as a required named parameter to the Log constructor is a source-breaking change — any code that constructs Log directly (e.g. in unit tests or test doubles) will fail to compile without updating the call site. The 23.0.0 entry uses [BREAKING] for the $sequence type change, but this addition is unmarked in 23.1.0.

Suggested change

	* Added `getHeaders()` method to `Client`
	* [BREAKING] Added required `userType` field to `Log` model

[greptile-apps]

getHeaders() exposes sensitive authentication headers

The returned map includes all headers set via addHeader, which may contain X-Appwrite-JWT, X-Appwrite-Session, X-Appwrite-Dev-Key, or impersonation tokens. The defensive copy (Map.from(...)) prevents mutation of internal state, which is good, but callers receive plain-text copies of any credentials stored in _headers. A brief doc comment noting that the return value may include sensitive values would help consumers use this API safely.