Update MCP documentation to reflect unified MCP capabilities across all app types#6039
Open
ranuka-laksika wants to merge 1 commit intowso2:masterfrom
Open
Update MCP documentation to reflect unified MCP capabilities across all app types#6039ranuka-laksika wants to merge 1 commit intowso2:masterfrom
ranuka-laksika wants to merge 1 commit intowso2:masterfrom
Conversation
Contributor
📝 WalkthroughWalkthroughDocumentation updates across multiple MCP guides and tutorials clarify application template naming, expand application-type compatibility information, and standardize terminology. Key changes include explicitly naming the "MCP Client Application" template, noting that most application types (excluding Digital Wallet) can access MCP servers, and replacing "clients" with "applications" in authorization contexts. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (3)
en/includes/quick-starts/mcp-auth-server.md (1)
318-318: Use one term format for application types.Please keep naming consistent with other docs by using either all
... Applicationforms or all... Appforms in this list (currently mixed usage appears across the PR).As per coding guidelines, "Use one term per concept; do not switch terminology mid-document or randomly mix expanded and abbreviated forms."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/includes/quick-starts/mcp-auth-server.md` at line 318, The sentence mixes "Application" and "App" terms; pick one consistent term (e.g., use "Application" or use "App") and update the sentence so all items use that term consistently — adjust "MCP Client Application template", the list entries "Single Page App, Traditional Web App, Mobile App, or M2M App", and "Digital Wallet applications" to the chosen form (for example: "MCP Client Application template" and "Single Page Application, Traditional Web Application, Mobile Application, or M2M Application" or convert all to "... App") and ensure pluralization/capitalization matches other docs.en/identity-server/next/docs/get-started/about-this-release.md (2)
45-45: Consider improving clarity by using active voice and replacing ambiguous pronouns.The sentence contains a passive construction ("can also be registered") and an ambiguous pronoun ("them" in "authorize applications to access them"). As per coding guidelines, prefer active voice and avoid ambiguous pronouns by replacing them with explicit nouns.
♻️ Suggested revision
-MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through RBAC. +You can also register MCP servers as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access these resources, and grant user access through RBAC.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 45, Rewrite the sentence in active voice and replace the ambiguous pronoun "them" with explicit nouns: change "MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through Role-Based Access Control (RBAC)." to an active construction that explicitly names the targets (e.g., "Organizations can register MCP servers as protected resources to enable granular access control over servers and their tools; they can define permissions for MCP tools and resources, authorize applications to access the MCP servers and associated tools, and grant user access through Role-Based Access Control (RBAC)."). Ensure pronouns are removed or replaced with "MCP servers and associated tools" and keep RBAC reference intact.
43-43: Consider using active voice for directness.The sentence contains passive constructions ("can be registered", "can be accessed by"). While acceptable in release notes, active voice would be more direct. As per coding guidelines, prefer active voice and reduce weak be-verbs.
♻️ Suggested revision
-WSO2 Identity Server now provides enhanced standards-based authorization within the Model Context Protocol (MCP). MCP clients can be registered as applications using a preconfigured template that follows the recommended MCP identity configurations. Additionally, MCP servers can be accessed by most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications), with the exception of Digital Wallet applications. +WSO2 Identity Server now provides enhanced standards-based authorization within the Model Context Protocol (MCP). You can register MCP clients as applications using a preconfigured template that follows the recommended MCP identity configurations. Additionally, most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications) can access MCP servers, with the exception of Digital Wallet applications.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 43, Rewrite the passive sentences in the paragraph starting "WSO2 Identity Server now provides enhanced standards-based authorization..." to active voice for directness; e.g., change "MCP clients can be registered as applications using a preconfigured template..." to "Register MCP clients as applications using a preconfigured template that follows the recommended MCP identity configurations," and change "MCP servers can be accessed by most application types..." to "Most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications) can access MCP servers, except Digital Wallet applications." Keep the same meaning and terminology but replace weak "can be" phrasing with active verbs like "register" and "access."
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md`:
- Line 134: The UI label in this document is inconsistent with the canonical
phrasing used elsewhere: find occurrences of "Authorize Resource" (e.g., the
Resource dropdown option referenced around the MCP authorization steps) and
change them to the standardized wording "Authorize a resource" so the label
matches the MCP authorization guide exactly.
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Line 45: The sentence reintroduces the acronym "Role-Based Access Control
(RBAC)" redundantly; update the phrase "grant user access through Role-Based
Access Control (RBAC)" to use the already-defined acronym only — e.g., change it
to "grant user access through RBAC" — leaving the rest of the sentence about MCP
servers, protected resources, permissions, and authorizing applications
unchanged.
In `@en/includes/guides/authorization/mcp-server-authorization.md`:
- Line 61: Update the template name capitalization: replace the phrase "MCP
client Application" with the correct official name "MCP Client Application" in
the sentence that references the [MCP client Application] link (i.e., the link
text/anchor for the register-mcp-client-app guide) so the docs use the exact
product name consistently.
---
Nitpick comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Line 45: Rewrite the sentence in active voice and replace the ambiguous
pronoun "them" with explicit nouns: change "MCP servers can also be registered
as protected resources, enabling granular access control over the servers and
their associated tools. Organizations can define specific permissions for MCP
tools and resources, authorize applications to access them, and grant user
access through Role-Based Access Control (RBAC)." to an active construction that
explicitly names the targets (e.g., "Organizations can register MCP servers as
protected resources to enable granular access control over servers and their
tools; they can define permissions for MCP tools and resources, authorize
applications to access the MCP servers and associated tools, and grant user
access through Role-Based Access Control (RBAC)."). Ensure pronouns are removed
or replaced with "MCP servers and associated tools" and keep RBAC reference
intact.
- Line 43: Rewrite the passive sentences in the paragraph starting "WSO2
Identity Server now provides enhanced standards-based authorization..." to
active voice for directness; e.g., change "MCP clients can be registered as
applications using a preconfigured template..." to "Register MCP clients as
applications using a preconfigured template that follows the recommended MCP
identity configurations," and change "MCP servers can be accessed by most
application types..." to "Most application types (Single Page Applications,
Traditional Web Applications, Mobile Applications, and M2M Applications) can
access MCP servers, except Digital Wallet applications." Keep the same meaning
and terminology but replace weak "can be" phrasing with active verbs like
"register" and "access."
In `@en/includes/quick-starts/mcp-auth-server.md`:
- Line 318: The sentence mixes "Application" and "App" terms; pick one
consistent term (e.g., use "Application" or use "App") and update the sentence
so all items use that term consistently — adjust "MCP Client Application
template", the list entries "Single Page App, Traditional Web App, Mobile App,
or M2M App", and "Digital Wallet applications" to the chosen form (for example:
"MCP Client Application template" and "Single Page Application, Traditional Web
Application, Mobile Application, or M2M Application" or convert all to "...
App") and ensure pluralization/capitalization matches other docs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 35432f55-a009-4c84-84a7-1c21b18be41e
📒 Files selected for processing (9)
en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.mden/identity-server/next/docs/get-started/about-this-release.mden/includes/guides/agentic-ai/mcp/index.mden/includes/guides/applications/register-mcp-client-app.mden/includes/guides/authorization/mcp-server-authorization.mden/includes/quick-starts/agent-auth-py.mden/includes/quick-starts/agent-auth-ts.mden/includes/quick-starts/mcp-auth-server-py.mden/includes/quick-starts/mcp-auth-server.md
| WSO2 Identity Server now provides enhanced standards-based authorization within the Model Context Protocol (MCP). MCP clients can be registered as applications using a preconfigured template that follows the recommended MCP identity configurations. Additionally, MCP servers can be accessed by most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications), with the exception of Digital Wallet applications. | ||
|
|
||
| MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize MCP client applications to access them, and grant user access through Role-Based Access Control (RBAC). | ||
| MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through Role-Based Access Control (RBAC). |
Contributor
There was a problem hiding this comment.
Remove redundant acronym definition.
RBAC is already defined earlier in the document (Line 37 as "role-based access control (RBAC)"). Redefining it here as "Role-Based Access Control (RBAC)" violates the guideline to define acronyms once and use them consistently thereafter. As per coding guidelines, define acronyms on first use and then use the acronym consistently without redefining.
📝 Suggested fix
-MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through Role-Based Access Control (RBAC).
+MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through RBAC.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through Role-Based Access Control (RBAC). | |
| MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through RBAC. |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 45,
The sentence reintroduces the acronym "Role-Based Access Control (RBAC)"
redundantly; update the phrase "grant user access through Role-Based Access
Control (RBAC)" to use the already-defined acronym only — e.g., change it to
"grant user access through RBAC" — leaving the rest of the sentence about MCP
servers, protected resources, permissions, and authorizing applications
unchanged.
|
|
||
| !!! note | ||
| Currently MCP servers can only be authorized to applications that are created from the [MCP client Application]({{base_path}}/guides/applications/register-mcp-client-app/) template. | ||
| MCP servers can be authorized to all OIDC application types including Custom OIDC applications, Traditional Web applications, Single-Page applications (SPA), Mobile applications, and Machine-to-Machine (M2M) applications. The [MCP client Application]({{base_path}}/guides/applications/register-mcp-client-app/) template provides a pre-configured option for MCP-specific use cases. Digital Wallet applications can only access Verifiable Credential resources and cannot authorize MCP servers. |
Contributor
There was a problem hiding this comment.
Fix template name capitalization for consistency.
Please change MCP client Application to MCP Client Application to match the official template name used across the docs.
As per coding guidelines, "Use official product and feature names exactly as defined; do not invent shorthand names, change capitalization, or alternate between long and short forms unless formally introduced."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/includes/guides/authorization/mcp-server-authorization.md` at line 61,
Update the template name capitalization: replace the phrase "MCP client
Application" with the correct official name "MCP Client Application" in the
sentence that references the [MCP client Application] link (i.e., the link
text/anchor for the register-mcp-client-app guide) so the docs use the exact
product name consistently.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates MCP-related documentation to reflect the unified MCP capabilities feature, which allows all application types (except Digital Wallet applications) to access MCP servers.
Related Issue:- https://github.com/wso2-enterprise/asgardeo-product/issues/35239
wso2/product-is#27383
Summary by CodeRabbit