Skip to content

Document OAuth consent flow updates#3090

Open
atharva-appwrite wants to merge 1 commit into
mainfrom
docs/oauth-consent-flow-updates
Open

Document OAuth consent flow updates#3090
atharva-appwrite wants to merge 1 commit into
mainfrom
docs/oauth-consent-flow-updates

Conversation

@atharva-appwrite

Copy link
Copy Markdown

What

  • Document Console consent behavior for native app OAuth redirects, including the terminal outcome screen and retry action.
  • Document PAR-backed authorize request resumption across login as browser-visible behavior without changing app callback expectations.
  • Document MCP consent-time narrowing for project and organization resources on the API MCP server page.

Validation

  • git diff --check

Full repo checks were not run because bun is not installed in this environment, and pnpm install --frozen-lockfile is blocked by the current package.json / pnpm-lock.yaml mismatch on origin/main.

@appwrite

appwrite Bot commented Jul 9, 2026

Copy link
Copy Markdown

Appwrite Website

Project ID: 69d7efb00023389e8d27

Sites (1)
Site Status Logs Preview QR
 website
69d7f2670014e24571ca
Ready Ready View Logs Preview URL QR Code

Website (appwrite/website)

Project ID: 684969cb000a2f6c0a02

Sites (1)
Site Status Logs Preview QR
 website
68496a17000f03d62013
Processing Processing View Logs Preview URL QR Code


Tip

Schedule functions to run as often as every minute with cron expressions

@greptile-apps

greptile-apps Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds documentation for three related OAuth consent behaviors: native-app deep-link outcome screens and the Open app retry action on the OAuth2 page, PAR-backed login resumption that shortens the browser-visible login URL without affecting the app callback, and user-driven scope narrowing at consent time on the MCP API server page.

  • The oauth2/+page.markdoc changes are well-placed and technically accurate; the trailing-newline fix is also included.
  • The mcp-servers/api/+page.markdoc adds an "OAuth consent" subsection inside the existing "Pre-requisites" section, but the content describes runtime behavior rather than a setup step, which may confuse readers scanning for configuration prerequisites.

Confidence Score: 4/5

Documentation-only change with clear prose; safe to merge after addressing the section placement question.

Both files contain documentation additions with no broken anchors, missing images, or incorrect technical claims. The only concern is that the new "OAuth consent" content in the MCP API page is nested under a "Pre-requisites" heading even though it describes runtime consent behavior rather than a setup step, which could mislead readers who expect only configuration instructions there.

src/routes/docs/tooling/ai/mcp-servers/api/+page.markdoc — review section placement of the new OAuth consent subsection within Prerequisites.

Important Files Changed

Filename Overview
src/routes/docs/products/auth/oauth2/+page.markdoc Adds a new "Console consent redirects" top-level section describing native-app deep-link behavior and PAR-based login resumption; also fixes a missing trailing newline.
src/routes/docs/tooling/ai/mcp-servers/api/+page.markdoc Adds an "OAuth consent" subsection nested inside the "Pre-requisites" section, but the content describes runtime consent behavior rather than a setup prerequisite, which may mislead readers.

Fix All in Claude Code Fix All in Codex

Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
src/routes/docs/tooling/ai/mcp-servers/api/+page.markdoc:31-36
**OAuth consent section placed under Prerequisites**

The `## OAuth consent` heading sits inside the `# Pre-requisites` section, between "Appwrite API key" and "Install uv". A developer scanning that section expects only setup steps; a behavioral description of what happens at consent time is unexpected there. Consider moving this to a standalone top-level section (e.g., `# OAuth consent {% #oauth-consent %}`) so it is discoverable on its own and doesn't inflate the prerequisites list with conceptual content.

Reviews (1): Last reviewed commit: "Document OAuth consent flow updates" | Re-trigger Greptile

Comment on lines +31 to +36
## OAuth consent

When an MCP client connects through Appwrite's hosted OAuth flow, the Console consent screen lets the user review the requested access before granting it. For MCP grants, users can keep the full requested access or customize the grant by narrowing project and organization resources and selecting read-only or read/write access where supported.

This narrowing happens at consent time. The MCP client still receives an OAuth grant only for the access the user approved, so requests outside the approved resources or scopes are not authorized.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 OAuth consent section placed under Prerequisites

The ## OAuth consent heading sits inside the # Pre-requisites section, between "Appwrite API key" and "Install uv". A developer scanning that section expects only setup steps; a behavioral description of what happens at consent time is unexpected there. Consider moving this to a standalone top-level section (e.g., # OAuth consent {% #oauth-consent %}) so it is discoverable on its own and doesn't inflate the prerequisites list with conceptual content.

Prompt To Fix With AI
This is a comment left during a code review.
Path: src/routes/docs/tooling/ai/mcp-servers/api/+page.markdoc
Line: 31-36

Comment:
**OAuth consent section placed under Prerequisites**

The `## OAuth consent` heading sits inside the `# Pre-requisites` section, between "Appwrite API key" and "Install uv". A developer scanning that section expects only setup steps; a behavioral description of what happens at consent time is unexpected there. Consider moving this to a standalone top-level section (e.g., `# OAuth consent {% #oauth-consent %}`) so it is discoverable on its own and doesn't inflate the prerequisites list with conceptual content.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Fix in Claude Code Fix in Codex

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant