Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion src/routes/docs/products/auth/oauth2/+page.markdoc
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,14 @@ You'll be redirected to the OAuth 2 provider's login page to log in. Once comple

You can optionally configure `success` or `failure` redirect links on web to handle success and failure scenarios.

# Console consent redirects {% #console-consent-redirects %}

Some OAuth 2 flows, such as connecting an OAuth client to Appwrite or approving access for an MCP client, show an Appwrite Console consent screen before the user is redirected back to the requesting app.

When the redirect target is a native app deep link, the browser hands the redirect to the operating system. After the user approves or cancels the request, Appwrite Console shows a final outcome screen in the browser tab instead of leaving the consent screen open. On success, the screen includes an **Open app** action that retries the native redirect if the user dismissed the operating system prompt.

If the user needs to sign in before approving a consent request, Appwrite Console may store the full authorize request with a Pushed Authorization Request (PAR) handle and send the user through login with only `client_id` and `request_uri` in the resume URL. After login, Console resumes the original request from that handle. This is browser-visible as a shorter login redirect URL, but it does not change the OAuth response your app receives after approval.

# OAuth 2 profile {% #profile %}

After authenticating a user through their OAuth 2 provider, you can fetch their profile information such as their avatar image or name. To do this you can use the access token from the OAuth 2 provider and make API calls to the provider.
Expand Down Expand Up @@ -395,4 +403,4 @@ val response = account.updateSession(

{% info title="GraphQL" %}
OAuth 2 is not available through the GraphQL API. You can use the REST API or any Client SDK instead.
{% /info %}
{% /info %}
6 changes: 6 additions & 0 deletions src/routes/docs/tooling/ai/mcp-servers/api/+page.markdoc
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ Before launching the MCP server, you must [set up an Appwrite project](https://c

Ensure you save the **API key** along with the **project ID**, **region** and **endpoint URL** from the Settings page of your project as you'll need them later.

## OAuth consent

When an MCP client connects through Appwrite's hosted OAuth flow, the Console consent screen lets the user review the requested access before granting it. For MCP grants, users can keep the full requested access or customize the grant by narrowing project and organization resources and selecting read-only or read/write access where supported.

This narrowing happens at consent time. The MCP client still receives an OAuth grant only for the access the user approved, so requests outside the approved resources or scopes are not authorized.

Comment on lines +31 to +36

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 OAuth consent section placed under Prerequisites

The ## OAuth consent heading sits inside the # Pre-requisites section, between "Appwrite API key" and "Install uv". A developer scanning that section expects only setup steps; a behavioral description of what happens at consent time is unexpected there. Consider moving this to a standalone top-level section (e.g., # OAuth consent {% #oauth-consent %}) so it is discoverable on its own and doesn't inflate the prerequisites list with conceptual content.

Prompt To Fix With AI
This is a comment left during a code review.
Path: src/routes/docs/tooling/ai/mcp-servers/api/+page.markdoc
Line: 31-36

Comment:
**OAuth consent section placed under Prerequisites**

The `## OAuth consent` heading sits inside the `# Pre-requisites` section, between "Appwrite API key" and "Install uv". A developer scanning that section expects only setup steps; a behavioral description of what happens at consent time is unexpected there. Consider moving this to a standalone top-level section (e.g., `# OAuth consent {% #oauth-consent %}`) so it is discoverable on its own and doesn't inflate the prerequisites list with conceptual content.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Fix in Claude Code Fix in Codex

## Install uv

Install [uv](https://docs.astral.sh/uv/getting-started/installation/) on your system with:
Expand Down
Loading