Fix: Add missing documentation for IS 7.0.0, 7.1.0, and 7.2.0 (Product IS issue #26299)

[wso2-engineering-bot]

This PR was automatically generated by Claude AI.

Issue

• Issue: [Missing Documentation] Missing documentation in IS 7.2 which were present in 6.1 product-is#26299
• Type: Documentation
• Summary: This PR adds two documentation sections that were present in IS 6.1.0 but missing in IS 7.0.0, 7.1.0, and 7.2.0

Changes

This PR addresses the missing documentation identified in the product-is issue by adding two critical documentation pages to all affected versions:

1. Advanced OpenID Connect Configurations (oauth-app-config-advanced.md)

   • Location: guides/authentication/oidc/
   • Content: Comprehensive guide covering advanced OAuth/OpenID Connect configurations including:
     • OAuth version settings
     • Allowed grant types (Code, Password, Implicit, Client Credential, Refresh Token, SAML2, IWA-NTLM, JWT Bearer)
     • Callback URL configuration (including regex patterns and loopback URLs)
     • PKCE configurations
     • Token expiry time settings
     • Audience restrictions
     • Request object signature validation
     • ID token encryption
     • OIDC back-channel logout
     • Scope validators
     • Token issuer configuration
     • Authorization code validity period

2. Customize Authentication Error Messages (customize-authentication-error-messages.md)

   • Location: references/extend/authentication/
   • Content: Instructions for customizing authentication error messages including:
     • Configuration for showing authentication failure reasons
     • Query parameters (errorCode, failedUsername, remainingAttempts)
     • Error message customization in JSP files
     • Options for displaying errors on login page vs redirect

Affected Versions

• IS 7.0.0 ✓
• IS 7.1.0 ✓
• IS 7.2.0 ✓

All three versions now include both documentation pages with appropriate navigation entries in their respective mkdocs.yml files.

Files Changed

• Added: en/identity-server/7.0.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md
• Added: en/identity-server/7.0.0/docs/references/extend/authentication/customize-authentication-error-messages.md
• Modified: en/identity-server/7.0.0/mkdocs.yml
• Added: en/identity-server/7.1.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md
• Added: en/identity-server/7.1.0/docs/references/extend/authentication/customize-authentication-error-messages.md
• Modified: en/identity-server/7.1.0/mkdocs.yml
• Added: en/identity-server/7.2.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md
• Added: en/identity-server/7.2.0/docs/references/extend/authentication/customize-authentication-error-messages.md
• Modified: en/identity-server/7.2.0/mkdocs.yml

Notes

• The documentation content has been adapted from IS 6.1.0 with appropriate path updates for IS 7.x structure
• Internal documentation links have been updated to reflect the IS 7.x documentation structure
• Navigation entries have been added to appropriate sections in each version's mkdocs.yml

🤖 Generated with Claude Code

Summary by CodeRabbit

Documentation

• New Guides Added
  • Advanced OpenID Connect configuration guide covering OAuth versions, grant types, callback URLs with regex and loopback support, PKCE settings, token expiry options, audience restrictions, and token issuer configuration.
  • Guide on customizing authentication error messages, including configuration for invalid credentials, invalid users, and account lockout scenarios with JSP-level customization support.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

wso2-engineering-bot seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

Documentation additions across Identity Server versions 7.0.0, 7.1.0, and 7.2.0 introducing guides for advanced OpenID Connect configurations and authentication error message customization, accompanied by corresponding mkdocs.yml navigation updates.

Changes

Cohort / File(s)	Summary
Advanced OpenID Connect Configuration Documentation en/identity-server/7.0.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md, en/identity-server/7.1.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md, en/identity-server/7.2.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md	New documentation covering advanced OAuth/OIDC configuration options including OAuth version, grant types (Code, Password, Implicit, Client Credential, Refresh Token, SAML2, IWA-NTLM, jwt-bearer), callback URLs with regex multi-callback and loopback support, PKCE configurations, client secret options, token expiry settings, audience restrictions, request object signature validation, ID token encryption, back-channel logout, scope validators, token issuer modes, and authorization code validity periods with TOML examples.
Authentication Error Message Customization Documentation en/identity-server/7.0.0/docs/references/extend/authentication/customize-authentication-error-messages.md, en/identity-server/7.1.0/docs/references/extend/authentication/customize-authentication-error-messages.md, en/identity-server/7.2.0/docs/references/extend/authentication/customize-authentication-error-messages.md	New documentation describing how to customize authentication error messages via deployment.toml configuration. Covers three error types (invalid credentials, invalid user, account lock), query parameters (errorCode, failedUsername, remainingAttempts), and two customization modes: redirect to retry.do or display errors on login page. Includes configuration examples and JSP customization guidance.
MkDocs Navigation Updates en/identity-server/7.0.0/mkdocs.yml, en/identity-server/7.1.0/mkdocs.yml, en/identity-server/7.2.0/mkdocs.yml	Added navigation entries for new documentation files under Guides > Authentication > Logout (Advanced OpenID Connect Configurations) and References > Extend > Authentication (Customize authentication error messages).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

• Documentation additions follow consistent structure across all three versions with no executable logic
• Changes are repetitive (identical documentation added to multiple version branches)
• Navigation updates are straightforward configuration entries
• No code logic, dependencies, or complex interactions to validate

Poem

🐰 A documentation hop, thrice 'round we go,
Advanced OIDC guides now steal the show!
Error messages tamed with customization cheer,
Three versions blessed, crystal-clear!
Nav trees updated, pathways shine—
Knowledge blooms, a treasure fine! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description provides comprehensive details about the changes, affected versions, and files modified, but does not follow the required template structure with Purpose, Related PRs, Test environment, and Security checks sections.	Restructure the description to follow the repository template: add Purpose section with issue links, Related PRs section, Test environment details, and complete the Security checks checklist.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding missing documentation for three IS versions and references the related product issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fixing-product-is-issue-26299-1765430747

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

en/identity-server/7.2.0/docs/references/extend/authentication/customize-authentication-error-messages.md (1)

30-30: Fix grammar: Hyphenate "above-mentioned" in compound adjective.

Line 30 uses "above mentioned" where "above-mentioned" is grammatically correct when preceding a noun.

-If the `showAuthFailureReason` property is enabled, the user will be redirected to the `retry.do` page with the above mentioned query parameters during the authentication flow.
+If the `showAuthFailureReason` property is enabled, the user will be redirected to the `retry.do` page with the above-mentioned query parameters during the authentication flow.

en/identity-server/7.1.0/docs/references/extend/authentication/customize-authentication-error-messages.md (1)

30-30: Fix grammar: Hyphenate "above-mentioned" in compound adjective.

Line 30 uses "above mentioned" where "above-mentioned" is grammatically correct when preceding a noun. This same issue appears in the 7.0.0 version as well.

-If the `showAuthFailureReason` property is enabled, the user will be redirected to the `retry.do` page with the above mentioned query parameters during the authentication flow.
+If the `showAuthFailureReason` property is enabled, the user will be redirected to the `retry.do` page with the above-mentioned query parameters during the authentication flow.

en/identity-server/7.0.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md (1)

72-73: Minor style: Consider rewording to avoid repeated word at sentence start.

Lines 72–73 have stylistic repetition starting with "PKCE":

• Bullet point: "- PKCE Mandatory: Select this..."
• Next sentence: "PKCE is a recommended security measure..."

Rewording slightly improves readability:

 - **PKCE Mandatory**: Select this if you are using the <strong>Code</strong> grant type. PKCE is a recommended security measure used to mitigate a code interception attack.

     !!! info
-        See [Mitigating Authorization Code Interception Attacks]({{base_path}}/deploy/mitigate-attacks/mitigate-authorization-code-interception-attacks/) for more information.
+        See [Mitigating Authorization Code Interception Attacks]({{base_path}}/deploy/mitigate-attacks/mitigate-authorization-code-interception-attacks/) for more information on this recommended practice.

Alternatively, restructure to:

- **PKCE Mandatory**: A recommended security measure to mitigate code interception attacks. Select this if you are using the <strong>Code</strong> grant type. See [Mitigating Authorization Code Interception Attacks]({{base_path}}/deploy/mitigate-attacks/mitigate-authorization-code-interception-attacks/) for more information.

en/identity-server/7.0.0/docs/references/extend/authentication/customize-authentication-error-messages.md (1)

30-30: Fix grammar: Hyphenate "above-mentioned" in compound adjective.

Line 30 uses "above mentioned" where "above-mentioned" is grammatically correct when preceding a noun.

-If the `showAuthFailureReason` property is enabled, the user will be redirected to the `retry.do` page with the above mentioned query parameters during the authentication flow.
+If the `showAuthFailureReason` property is enabled, the user will be redirected to the `retry.do` page with the above-mentioned query parameters during the authentication flow.

en/identity-server/7.2.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md (1)

72-73: Minor style: Consider rewording to avoid repeated word at sentence start.

Lines 72–73 have stylistic repetition starting with "PKCE". Rewording slightly improves readability:

 - **PKCE Mandatory**: Select this if you are using the <strong>Code</strong> grant type. PKCE is a recommended security measure used to mitigate a code interception attack.

     !!! info
-        See [Mitigating Authorization Code Interception Attacks]({{base_path}}/deploy/mitigate-attacks/mitigate-authorization-code-interception-attacks/) for more information.
+        See [Mitigating Authorization Code Interception Attacks]({{base_path}}/deploy/mitigate-attacks/mitigate-authorization-code-interception-attacks/) for more information on this recommended practice.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 52b6efe and 82ac7ae.

📒 Files selected for processing (9)

• en/identity-server/7.0.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md (1 hunks)
• en/identity-server/7.0.0/docs/references/extend/authentication/customize-authentication-error-messages.md (1 hunks)
• en/identity-server/7.0.0/mkdocs.yml (2 hunks)
• en/identity-server/7.1.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md (1 hunks)
• en/identity-server/7.1.0/docs/references/extend/authentication/customize-authentication-error-messages.md (1 hunks)
• en/identity-server/7.1.0/mkdocs.yml (2 hunks)
• en/identity-server/7.2.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md (1 hunks)
• en/identity-server/7.2.0/docs/references/extend/authentication/customize-authentication-error-messages.md (1 hunks)
• en/identity-server/7.2.0/mkdocs.yml (2 hunks)

🧰 Additional context used

🪛 LanguageTool

en/identity-server/7.2.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md

[style] ~72-~72: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...g the Code grant type. PKCE is a recommended security measure used ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

en/identity-server/7.0.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md

[style] ~72-~72: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...g the Code grant type. PKCE is a recommended security measure used ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

en/identity-server/7.1.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md

[style] ~72-~72: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...g the Code grant type. PKCE is a recommended security measure used ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

en/identity-server/7.1.0/docs/references/extend/authentication/customize-authentication-error-messages.md

[style] ~10-~10: Using many exclamation marks might seem excessive (in this case: 3 exclamation marks for a text that’s 1499 characters long)
Context: ...ials - Invalid user - Account lock !!! note Account lock errors are return...

(EN_EXCESSIVE_EXCLAMATION)

---

[grammar] ~30-~30: Use a hyphen to join words.
Context: ...ed to the retry.do page with the above mentioned query parameters during the au...

(QB_NEW_EN_HYPHEN)

en/identity-server/7.0.0/docs/references/extend/authentication/customize-authentication-error-messages.md

[style] ~10-~10: Using many exclamation marks might seem excessive (in this case: 3 exclamation marks for a text that’s 1499 characters long)
Context: ...ials - Invalid user - Account lock !!! note Account lock errors are return...

(EN_EXCESSIVE_EXCLAMATION)

---

[grammar] ~30-~30: Use a hyphen to join words.
Context: ...ed to the retry.do page with the above mentioned query parameters during the au...

(QB_NEW_EN_HYPHEN)

en/identity-server/7.2.0/docs/references/extend/authentication/customize-authentication-error-messages.md

[style] ~10-~10: Using many exclamation marks might seem excessive (in this case: 3 exclamation marks for a text that’s 1499 characters long)
Context: ...ials - Invalid user - Account lock !!! note Account lock errors are return...

(EN_EXCESSIVE_EXCLAMATION)

---

[grammar] ~30-~30: Use a hyphen to join words.
Context: ...ed to the retry.do page with the above mentioned query parameters during the au...

(QB_NEW_EN_HYPHEN)

🔇 Additional comments (7)

en/identity-server/7.2.0/mkdocs.yml (2)

634-634: Navigation entry correctly placed and formatted.

The addition of the Advanced OpenID Connect Configurations guide is properly located within the OIDC flows section of the navigation tree.

---

1248-1248: Navigation entry correctly placed and formatted.

The addition of the authentication error message customization reference is properly positioned within the Authentication extensions section.

en/identity-server/7.0.0/mkdocs.yml (2)

592-592: Navigation entry correctly placed and formatted.

The addition of the Advanced OpenID Connect Configurations guide is properly integrated into the OIDC flows section of the navigation hierarchy, maintaining consistency across versions.

---

1063-1063: Navigation entry correctly placed and formatted.

The authentication error message customization reference is correctly positioned within the Authentication extensions documentation, aligning with the information architecture.

en/identity-server/7.1.0/mkdocs.yml (2)

622-622: Navigation entry placement is correct.

The "Advanced OpenID Connect Configurations" entry is properly positioned as a sibling configuration option under "Configure OIDC flows," at the same indentation level as the "Logout" subsection. The file reference is accurate.

---

1166-1166: Navigation entry placement is correct.

The "Customize authentication error messages" entry is properly positioned under "Authentication" extensions, at the appropriate indentation level alongside other authentication-related extensions. The file reference is accurate.

en/identity-server/7.1.0/docs/guides/authentication/oidc/oauth-app-config-advanced.md (1)

1-151: Comprehensive documentation with accurate content and proper structure.

The file is well-organized, clearly written, and covers all essential advanced OIDC configuration options. Use of MkDocs syntax (collapsible sections, admonitions, code blocks) is appropriate and follows best practices. Internal links correctly use the {{base_path}} template variable, and external RFC references are properly formatted with target="_blank" directives.

The TOML configuration example at lines 150–151 is valid and provides practical guidance. Content accuracy is solid across all 13 sections.