Update MCP documentation to reflect unified MCP capabilities across all app types

[ranuka-laksika]

Updates MCP-related documentation to reflect the unified MCP capabilities feature, which allows all application types (except Digital Wallet applications) to access MCP servers.

Related Issue:- https://github.com/wso2-enterprise/asgardeo-product/issues/35239
wso2/product-is#27383

[coderabbitai]

Warning

Rate limit exceeded

@ranuka-laksika has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 10 minutes and 21 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 10 minutes and 21 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: b8a0c99b-51a7-40a3-ac13-8ac38bc4d959

📥 Commits

Reviewing files that changed from the base of the PR and between ec32f84 and 0c3ac64.

📒 Files selected for processing (8)

• en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md
• en/includes/guides/agentic-ai/mcp/index.md
• en/includes/guides/applications/register-mcp-client-app.md
• en/includes/guides/authorization/mcp-server-authorization.md
• en/includes/quick-starts/agent-auth-py.md
• en/includes/quick-starts/agent-auth-ts.md
• en/includes/quick-starts/mcp-auth-server-py.md
• en/includes/quick-starts/mcp-auth-server.md

📝 Walkthrough

Walkthrough

Documentation updates standardize terminology from “clients” to “applications,” explicitly name the “MCP Client Application” template, adjust UI wording in the tutorial, and clarify that most application types (SPA, Traditional Web, Mobile, M2M) can access MCP servers while Digital Wallet applications cannot.

Changes

Cohort / File(s)	Summary
Core MCP Guides en/includes/guides/agentic-ai/mcp/index.md, en/includes/guides/applications/register-mcp-client-app.md, en/includes/guides/authorization/mcp-server-authorization.md	Explicitly name the MCP Client Application template, replace “client/clients” with “application/applications” in authorization contexts, broaden authorization eligibility to most OIDC app types, and state Digital Wallet apps cannot authorize MCP servers.
Quick-Start Guides en/includes/quick-starts/agent-auth-py.md, en/includes/quick-starts/agent-auth-ts.md, en/includes/quick-starts/mcp-auth-server-py.md, en/includes/quick-starts/mcp-auth-server.md	Add a guidance note that the MCP Client Application template provides optimized settings but other app types (SPA, Traditional Web, Mobile, M2M) may be used to access MCP servers; explicitly exclude Digital Wallet apps.
Tutorial & Release Notes en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md, en/identity-server/next/docs/get-started/about-this-release.md	Update tutorial wording to use “MCP Client Application” and “registered application,” adjust UI button text to “Authorize Resource,” and add release note describing enhanced MCP authorization and application-type compatibility (excluding Digital Wallet).

Suggested labels

Team/Authentication & registration

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete. It lacks required sections: Purpose (with issue links), Test environment, and Security checks from the repository template.	Add missing template sections: expand Purpose section with issue context, include Test environment details, and complete Security checks checklist.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: updating MCP documentation to reflect unified MCP capabilities across all application types.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

en/includes/quick-starts/mcp-auth-server.md (1)

318-318: Use one term format for application types.

Please keep naming consistent with other docs by using either all ... Application forms or all ... App forms in this list (currently mixed usage appears across the PR).

As per coding guidelines, "Use one term per concept; do not switch terminology mid-document or randomly mix expanded and abbreviated forms."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/includes/quick-starts/mcp-auth-server.md` at line 318, The sentence mixes
"Application" and "App" terms; pick one consistent term (e.g., use "Application"
or use "App") and update the sentence so all items use that term consistently —
adjust "MCP Client Application template", the list entries "Single Page App,
Traditional Web App, Mobile App, or M2M App", and "Digital Wallet applications"
to the chosen form (for example: "MCP Client Application template" and "Single
Page Application, Traditional Web Application, Mobile Application, or M2M
Application" or convert all to "... App") and ensure
pluralization/capitalization matches other docs.

en/identity-server/next/docs/get-started/about-this-release.md (2)

45-45: Consider improving clarity by using active voice and replacing ambiguous pronouns.

The sentence contains a passive construction ("can also be registered") and an ambiguous pronoun ("them" in "authorize applications to access them"). As per coding guidelines, prefer active voice and avoid ambiguous pronouns by replacing them with explicit nouns.

♻️ Suggested revision

-MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access them, and grant user access through RBAC.
+You can also register MCP servers as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize applications to access these resources, and grant user access through RBAC.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 45,
Rewrite the sentence in active voice and replace the ambiguous pronoun "them"
with explicit nouns: change "MCP servers can also be registered as protected
resources, enabling granular access control over the servers and their
associated tools. Organizations can define specific permissions for MCP tools
and resources, authorize applications to access them, and grant user access
through Role-Based Access Control (RBAC)." to an active construction that
explicitly names the targets (e.g., "Organizations can register MCP servers as
protected resources to enable granular access control over servers and their
tools; they can define permissions for MCP tools and resources, authorize
applications to access the MCP servers and associated tools, and grant user
access through Role-Based Access Control (RBAC)."). Ensure pronouns are removed
or replaced with "MCP servers and associated tools" and keep RBAC reference
intact.

---

43-43: Consider using active voice for directness.

The sentence contains passive constructions ("can be registered", "can be accessed by"). While acceptable in release notes, active voice would be more direct. As per coding guidelines, prefer active voice and reduce weak be-verbs.

♻️ Suggested revision

-WSO2 Identity Server now provides enhanced standards-based authorization within the Model Context Protocol (MCP). MCP clients can be registered as applications using a preconfigured template that follows the recommended MCP identity configurations. Additionally, MCP servers can be accessed by most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications), with the exception of Digital Wallet applications.
+WSO2 Identity Server now provides enhanced standards-based authorization within the Model Context Protocol (MCP). You can register MCP clients as applications using a preconfigured template that follows the recommended MCP identity configurations. Additionally, most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications) can access MCP servers, with the exception of Digital Wallet applications.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 43,
Rewrite the passive sentences in the paragraph starting "WSO2 Identity Server
now provides enhanced standards-based authorization..." to active voice for
directness; e.g., change "MCP clients can be registered as applications using a
preconfigured template..." to "Register MCP clients as applications using a
preconfigured template that follows the recommended MCP identity
configurations," and change "MCP servers can be accessed by most application
types..." to "Most application types (Single Page Applications, Traditional Web
Applications, Mobile Applications, and M2M Applications) can access MCP servers,
except Digital Wallet applications." Keep the same meaning and terminology but
replace weak "can be" phrasing with active verbs like "register" and "access."

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md`:
- Line 134: The UI label in this document is inconsistent with the canonical
phrasing used elsewhere: find occurrences of "Authorize Resource" (e.g., the
Resource dropdown option referenced around the MCP authorization steps) and
change them to the standardized wording "Authorize a resource" so the label
matches the MCP authorization guide exactly.

In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Line 45: The sentence reintroduces the acronym "Role-Based Access Control
(RBAC)" redundantly; update the phrase "grant user access through Role-Based
Access Control (RBAC)" to use the already-defined acronym only — e.g., change it
to "grant user access through RBAC" — leaving the rest of the sentence about MCP
servers, protected resources, permissions, and authorizing applications
unchanged.

In `@en/includes/guides/authorization/mcp-server-authorization.md`:
- Line 61: Update the template name capitalization: replace the phrase "MCP
client Application" with the correct official name "MCP Client Application" in
the sentence that references the [MCP client Application] link (i.e., the link
text/anchor for the register-mcp-client-app guide) so the docs use the exact
product name consistently.

---

Nitpick comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Line 45: Rewrite the sentence in active voice and replace the ambiguous
pronoun "them" with explicit nouns: change "MCP servers can also be registered
as protected resources, enabling granular access control over the servers and
their associated tools. Organizations can define specific permissions for MCP
tools and resources, authorize applications to access them, and grant user
access through Role-Based Access Control (RBAC)." to an active construction that
explicitly names the targets (e.g., "Organizations can register MCP servers as
protected resources to enable granular access control over servers and their
tools; they can define permissions for MCP tools and resources, authorize
applications to access the MCP servers and associated tools, and grant user
access through Role-Based Access Control (RBAC)."). Ensure pronouns are removed
or replaced with "MCP servers and associated tools" and keep RBAC reference
intact.
- Line 43: Rewrite the passive sentences in the paragraph starting "WSO2
Identity Server now provides enhanced standards-based authorization..." to
active voice for directness; e.g., change "MCP clients can be registered as
applications using a preconfigured template..." to "Register MCP clients as
applications using a preconfigured template that follows the recommended MCP
identity configurations," and change "MCP servers can be accessed by most
application types..." to "Most application types (Single Page Applications,
Traditional Web Applications, Mobile Applications, and M2M Applications) can
access MCP servers, except Digital Wallet applications." Keep the same meaning
and terminology but replace weak "can be" phrasing with active verbs like
"register" and "access."

In `@en/includes/quick-starts/mcp-auth-server.md`:
- Line 318: The sentence mixes "Application" and "App" terms; pick one
consistent term (e.g., use "Application" or use "App") and update the sentence
so all items use that term consistently — adjust "MCP Client Application
template", the list entries "Single Page App, Traditional Web App, Mobile App,
or M2M App", and "Digital Wallet applications" to the chosen form (for example:
"MCP Client Application template" and "Single Page Application, Traditional Web
Application, Mobile Application, or M2M Application" or convert all to "...
App") and ensure pluralization/capitalization matches other docs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 35432f55-a009-4c84-84a7-1c21b18be41e

📥 Commits

Reviewing files that changed from the base of the PR and between ba7f137 and 53d2c0f.

📒 Files selected for processing (9)

• en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md
• en/identity-server/next/docs/get-started/about-this-release.md
• en/includes/guides/agentic-ai/mcp/index.md
• en/includes/guides/applications/register-mcp-client-app.md
• en/includes/guides/authorization/mcp-server-authorization.md
• en/includes/quick-starts/agent-auth-py.md
• en/includes/quick-starts/agent-auth-ts.md
• en/includes/quick-starts/mcp-auth-server-py.md
• en/includes/quick-starts/mcp-auth-server.md

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md (1)

80-80: ⚠️ Potential issue | 🟡 Minor

Remove trailing space.

Line 80 has a trailing space that causes the pipeline to fail.

🔧 Fix trailing space

-- pet-profile:write Permission to add new pet information or update existing pet information 
+- pet-profile:write Permission to add new pet information or update existing pet information

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md` at
line 80, Remove the trailing space at the end of the line containing the
permission text 'pet-profile:write Permission to add new pet information or
update existing pet information' so the line ends immediately after
"information" (no extra whitespace) to prevent the pipeline failure.

🧹 Nitpick comments (3)

en/identity-server/next/docs/get-started/about-this-release.md (1)

60-60: Simplify "with the exception of" to "except" for plain language.

The phrase "with the exception of Digital Wallet applications" can be simplified to "except Digital Wallet applications" to follow the plain language guideline.

✏️ Suggested simplification

-WSO2 Identity Server now provides enhanced standards-based authorization within the Model Context Protocol (MCP). MCP clients can be registered as applications using a preconfigured template that follows the recommended MCP identity configurations. Additionally, MCP servers can be accessed by most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications), with the exception of Digital Wallet applications.
+WSO2 Identity Server now provides enhanced standards-based authorization within the Model Context Protocol (MCP). MCP clients can be registered as applications using a preconfigured template that follows the recommended MCP identity configurations. Additionally, MCP servers can be accessed by most application types (Single Page Applications, Traditional Web Applications, Mobile Applications, and M2M Applications), except Digital Wallet applications.

As per coding guidelines: "Use plain language and short sentences."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 60,
In the paragraph that begins "WSO2 Identity Server now provides enhanced
standards-based authorization within the Model Context Protocol (MCP)..."
replace the phrase "with the exception of Digital Wallet applications" with the
simpler wording "except Digital Wallet applications" to follow plain-language
guidance; update that sentence text in the same paragraph accordingly.

en/includes/guides/agentic-ai/mcp/index.md (1)

39-39: Simplify "with the exception of" to "except" for plain language.

The phrase "with the exception of Digital Wallet applications" can be simplified to "except Digital Wallet applications" to follow the plain language guideline.

✏️ Suggested simplification

-{{ product_name }} provides a specialized **MCP Client Application** template for quickly setting up applications optimized for MCP connections. However, MCP servers can also be accessed by most other application types (such as Single Page Applications, Traditional Web Applications, and Mobile Applications), with the exception of Digital Wallet applications.
+{{ product_name }} provides a specialized **MCP Client Application** template for quickly setting up applications optimized for MCP connections. However, MCP servers can also be accessed by most other application types (such as Single Page Applications, Traditional Web Applications, and Mobile Applications), except Digital Wallet applications.

As per coding guidelines: "Use plain language and short sentences."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/includes/guides/agentic-ai/mcp/index.md` at line 39, Replace the phrase
"with the exception of Digital Wallet applications" with the simpler "except
Digital Wallet applications" in the sentence that references {{ product_name }}
and the "MCP Client Application" template so the line reads "...and Mobile
Applications, except Digital Wallet applications." Ensure you update the
sentence in the block that mentions MCP servers being accessible by other
application types (such as Single Page Applications, Traditional Web
Applications, and Mobile Applications).

en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md (1)

121-122: Simplify "except Digital Wallet applications" for plain language.

The phrase "except Digital Wallet applications" is clearer and more concise than "except Digital Wallet applications" at the end of the sentence.

✏️ Suggested simplification

-    While the **MCP Client Application** template provides optimized defaults for MCP connections, you can also use other application types (Single Page App, Traditional Web App, Mobile App, or M2M App) to access MCP servers, except Digital Wallet applications.
+    While the **MCP Client Application** template provides optimized defaults for MCP connections, you can also use other application types (Single Page App, Traditional Web App, Mobile App, or M2M App) to access MCP servers except Digital Wallet applications.

As per coding guidelines: "Use plain language and short sentences."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md`
around lines 121 - 122, Update the note sentence that ends with "except Digital
Wallet applications" to use plain language and a shorter phrase: replace "except
Digital Wallet applications" with "except digital wallets" in the MCP Client
Application template note (the exclamation-note block beginning "While the **MCP
Client Application** template..."). Ensure capitalization is consistent with
surrounding copy.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md`:
- Around line 116-117: The two nested list items under the parent list (the
lines starting with "- **Name** - provide a meaningful name" and "- **Redirect
URL** - provide an endpoint...") are indented with 4 spaces; update their
indentation to 2 spaces so the nested bullets comply with MD007 and render
correctly in Markdown. Locate the nested list block in the tutorial content and
reduce the leading spaces from 4 to 2 for the "- **Name**" and "- **Redirect
URL**" lines, keeping the text unchanged.

---

Outside diff comments:
In `@en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md`:
- Line 80: Remove the trailing space at the end of the line containing the
permission text 'pet-profile:write Permission to add new pet information or
update existing pet information' so the line ends immediately after
"information" (no extra whitespace) to prevent the pipeline failure.

---

Nitpick comments:
In `@en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md`:
- Around line 121-122: Update the note sentence that ends with "except Digital
Wallet applications" to use plain language and a shorter phrase: replace "except
Digital Wallet applications" with "except digital wallets" in the MCP Client
Application template note (the exclamation-note block beginning "While the **MCP
Client Application** template..."). Ensure capitalization is consistent with
surrounding copy.

In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Line 60: In the paragraph that begins "WSO2 Identity Server now provides
enhanced standards-based authorization within the Model Context Protocol
(MCP)..." replace the phrase "with the exception of Digital Wallet applications"
with the simpler wording "except Digital Wallet applications" to follow
plain-language guidance; update that sentence text in the same paragraph
accordingly.

In `@en/includes/guides/agentic-ai/mcp/index.md`:
- Line 39: Replace the phrase "with the exception of Digital Wallet
applications" with the simpler "except Digital Wallet applications" in the
sentence that references {{ product_name }} and the "MCP Client Application"
template so the line reads "...and Mobile Applications, except Digital Wallet
applications." Ensure you update the sentence in the block that mentions MCP
servers being accessible by other application types (such as Single Page
Applications, Traditional Web Applications, and Mobile Applications).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 1235fc36-95d8-4323-963f-e4c763e1eb17

📥 Commits

Reviewing files that changed from the base of the PR and between 53d2c0f and ec32f84.

📒 Files selected for processing (9)

• en/asgardeo/docs/tutorials/end-to-end-mcp-authorization-with-asgardeo.md
• en/identity-server/next/docs/get-started/about-this-release.md
• en/includes/guides/agentic-ai/mcp/index.md
• en/includes/guides/applications/register-mcp-client-app.md
• en/includes/guides/authorization/mcp-server-authorization.md
• en/includes/quick-starts/agent-auth-py.md
• en/includes/quick-starts/agent-auth-ts.md
• en/includes/quick-starts/mcp-auth-server-py.md
• en/includes/quick-starts/mcp-auth-server.md

✅ Files skipped from review due to trivial changes (4)

• en/includes/quick-starts/agent-auth-py.md
• en/includes/quick-starts/agent-auth-ts.md
• en/includes/quick-starts/mcp-auth-server.md
• en/includes/quick-starts/mcp-auth-server-py.md

🚧 Files skipped from review as they are similar to previous changes (1)

• en/includes/guides/applications/register-mcp-client-app.md