Merged
Conversation
Contributor
📝 WalkthroughWalkthroughUpdated release documentation from WSO2 Identity Server 7.2.0 to 7.3.0, including revised "What's new" features, updated "Fixed issues" links, and removal of the deprecated features list. Replaced prior feature content with new 7.3.0 capabilities and improvements. Changes
Suggested labels
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Thisara-Welmilla
approved these changes
Apr 9, 2026
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 6
🧹 Nitpick comments (2)
en/identity-server/next/docs/get-started/about-this-release.md (2)
77-77: Review bold formatting usage.Bold text is reserved for UI labels, buttons, and menu items. Lines 77, 91, and 93 use bold for emphasis on configuration capability names, which doesn't align with the formatting guidelines. Consider using regular text or restructuring as proper subheadings if these represent distinct configuration categories.
As per coding guidelines: "Format UI labels, buttons, and menu items in bold."
Also applies to: 91-91, 93-93
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 77, The bolding of configuration capability names (e.g., "**Trusted token issuer support**" in the about-this-release content and the similar bolded phrases at the other two occurrences) violates the style rule that bold is reserved for UI labels/buttons/menu items; update those instances to use plain text or convert them into proper subheadings (e.g., change "**Trusted token issuer support**: Configure..." to "Trusted token issuer support: Configure..." or to a heading like "### Trusted token issuer support") so the copy follows the formatting guidelines.
179-181: Define platform-specific acronyms on first use.The acronyms ADM, MPNS, WNS, and FCM are platform-specific and may not be universally known. As per coding guidelines, define acronyms on first use unless universally known.
📝 Suggested expansion
-- **Expanded global coverage with Amazon SNS**: WSO2 Identity Server can now deliver push notifications across six major platforms: Android, iOS (Apple Push Notification service), Amazon Fire OS (ADM), Baidu Cloud Push, Windows Phone (MPNS), and Windows (WNS). This enables organizations to deliver a consistent login experience across a wide range of devices and regions. +- **Expanded global coverage with Amazon SNS**: WSO2 Identity Server can now deliver push notifications across six major platforms: Android, iOS (Apple Push Notification service), Amazon Fire OS (Amazon Device Messaging - ADM), Baidu Cloud Push, Windows Phone (Microsoft Push Notification Service - MPNS), and Windows (Windows Push Notification Service - WNS). This enables organizations to deliver a consistent login experience across a wide range of devices and regions. -- **Multiple provider support**: You can configure multiple push services simultaneously within the same deployment, such as FCM and Amazon SNS. This eliminates single-provider bottlenecks and improves delivery reliability by combining the strengths of different providers. +- **Multiple provider support**: You can configure multiple push services simultaneously within the same deployment, such as Firebase Cloud Messaging (FCM) and Amazon SNS. This eliminates single-provider bottlenecks and improves delivery reliability by combining the strengths of different providers.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@en/identity-server/next/docs/get-started/about-this-release.md` around lines 179 - 181, The two bullets use platform acronyms (ADM, MPNS, WNS, FCM) without definition; update the about-this-release.md text around the push notifications bullets to define each acronym on first use (e.g., "Amazon Device Messaging (ADM)", "Microsoft Push Notification Service (MPNS)", "Windows Notification Service (WNS)", "Firebase Cloud Messaging (FCM)") and then continue using the acronyms (reference the existing bullet text containing "Amazon Fire OS (ADM)", "Windows Phone (MPNS)", "Windows (WNS)", and any mention of "FCM") so the document follows the guideline to define platform-specific acronyms on first use.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Around line 72-95: Remove the duplicated section describing Token Exchange:
keep only one of the two blocks (either the "Selectable token issuer for
organization applications" paragraph or the "Token exchange for organization
applications" section) and delete the other; ensure the retained block includes
the trusted token issuer, implicit user account association, lookup attributes
points, and a single correct documentation link (use the same
{{base_path}}/guides/authentication/configure-token-exchange/ format).
- Line 95: The markdown link to "token exchange" is missing a slash after the
{{base_path}} placeholder; update the link target so it reads
{{base_path}}/guides/authentication/configure-token-exchange/ (i.e., insert a
"/" immediately after {{base_path}} in the link URL) to correct the malformed
link.
- Line 93: The bullet string "**Define lookup attributes** : Specify up to two
attributes..." contains an extra space before the colon; update the text in
about-this-release.md (the line starting with "**Define lookup attributes** :")
to remove the space so it reads "**Define lookup attributes**: Specify up to two
attributes..." ensuring no other spacing changes.
- Line 73: In the sentence "WSO2 Identity Server now supports the Token Exchange
grant type for applications within organizations, enabling secure token exchange
across trusted token issuers defined at the organization level." remove the
extra space between "across" and "trusted" so it reads "across trusted token
issuers"; locate the exact string "enabling secure token exchange across
trusted token issuers" and collapse the double space to a single space.
- Line 58: Update the heading "Share users with Organizations through Console"
to sentence case and use lowercase for the common noun by changing it to "Share
users with organizations through console"; locate the heading text in the
document (the line containing the current heading) and replace it accordingly so
only the first word and proper nouns are capitalized.
- Line 109: The sentence in the paragraph starting "When a user operation such
as adding a user or creating a role triggers a configured workflow..." uses the
redundant phrase "final outcome"; edit that sentence to remove "final" so it
reads "...the initiator is notified of the outcome." Locate and update that
exact sentence in the document (about-this-release.md) replacing "final outcome"
with "outcome."
---
Nitpick comments:
In `@en/identity-server/next/docs/get-started/about-this-release.md`:
- Line 77: The bolding of configuration capability names (e.g., "**Trusted token
issuer support**" in the about-this-release content and the similar bolded
phrases at the other two occurrences) violates the style rule that bold is
reserved for UI labels/buttons/menu items; update those instances to use plain
text or convert them into proper subheadings (e.g., change "**Trusted token
issuer support**: Configure..." to "Trusted token issuer support: Configure..."
or to a heading like "### Trusted token issuer support") so the copy follows the
formatting guidelines.
- Around line 179-181: The two bullets use platform acronyms (ADM, MPNS, WNS,
FCM) without definition; update the about-this-release.md text around the push
notifications bullets to define each acronym on first use (e.g., "Amazon Device
Messaging (ADM)", "Microsoft Push Notification Service (MPNS)", "Windows
Notification Service (WNS)", "Firebase Cloud Messaging (FCM)") and then continue
using the acronyms (reference the existing bullet text containing "Amazon Fire
OS (ADM)", "Windows Phone (MPNS)", "Windows (WNS)", and any mention of "FCM") so
the document follows the guideline to define platform-specific acronyms on first
use.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: 90026111-bef6-4d97-a493-1abd60dd7056
📒 Files selected for processing (1)
en/identity-server/next/docs/get-started/about-this-release.md
| - Support for password and client credential grants alongside the authorization code grant and organization switch grant for B2B SaaS applications. | ||
|
|
||
| MCP servers can also be registered as protected resources, enabling granular access control over the servers and their associated tools. Organizations can define specific permissions for MCP tools and resources, authorize MCP client applications to access them, and grant user access through Role-Based Access Control (RBAC). | ||
| ### Share users with Organizations through Console |
Contributor
There was a problem hiding this comment.
Use lowercase for "organizations" in the heading.
"Organizations" is a common noun in this context, not a proper name. As per coding guidelines, use sentence case for headings, capitalizing only the first word and proper nouns.
📝 Proposed fix
-### Share users with Organizations through Console
+### Share users with organizations through Console📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| ### Share users with Organizations through Console | |
| ### Share users with organizations through Console |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 58,
Update the heading "Share users with Organizations through Console" to sentence
case and use lowercase for the common noun by changing it to "Share users with
organizations through console"; locate the heading text in the document (the
line containing the current heading) and replace it accordingly so only the
first word and proper nouns are capitalized.
Comment on lines
72
to
+95
|
|
||
| ### Support for granular role sharing with B2B applications | ||
| WSO2 Identity Server now supports the Token Exchange grant type for applications within organizations, enabling secure token exchange across trusted token issuers defined at the organization level. | ||
|
|
||
| WSO2 Identity Server now lets admins control which roles are shared when delegating applications to organizations. Previously, application sharing automatically granted all associated roles, which could lead to over-permissive access. | ||
| Key capabilities include: | ||
|
|
||
| With this update, admins can choose from three role-sharing modes: | ||
| **Trusted token issuer support**: Configure and use trusted token issuers at the organization level to enable secure token exchange between systems. | ||
|
|
||
| - Share all roles with all organizations – The previous “everything shared” model. | ||
| **Enable implicit user account association**: Automatically link an incoming external token to an existing local user account for both root and child organizations. | ||
|
|
||
| - Share a common set of roles with all organizations – Select a single set of roles to be shared everywhere. | ||
| **Define lookup attributes**: Specify up to two attributes to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping. | ||
|
|
||
| - Share different roles with each organization – Customize role sharing for each organization for maximum flexibility. | ||
| Learn more about [token exchange]({{base_path}}/guides/authentication/configure-token-exchange/). | ||
|
|
||
| This feature is available for both Console and general applications. The “Shared Access” settings provide a tailored UI, integrating role selection directly into the sharing workflow. Admins can quickly see which roles are shared where and adjust them instantly while preserving the organizational hierarchy. | ||
| ### Token exchange for organization applications | ||
|
|
||
| This enhancement empowers administrators, B2B customers, and security teams to enforce least-privilege access, improve governance, and prevent unintended role propagation across complex organizational structures. | ||
| WSO2 Identity Server now supports the [Token Exchange](https://www.rfc-editor.org/rfc/rfc8693){:target="_blank"} grant type for applications created in organizations. Applications can exchange tokens issued by any trusted token issuer defined at the organization level. | ||
|
|
||
| Learn more about role sharing in the [sharing applications]({{base_path}}/guides/organization-management/share-applications/) documentation. | ||
| Administrators can configure trusted token issuers with the following enhancements: | ||
|
|
||
| ### Organizations inherit login and registration settings | ||
| - **Enable implicit user account association**: Automatically link an incoming external token to an existing local user account for both root and child organizations. | ||
|
|
||
| Organizations now inherit login and registration configurations from their parent organization. Customizations at the top of the hierarchy cascade down to all organizations, while system defaults apply if no customizations exist. | ||
| - **Define lookup attributes** : Specify up to two attributes in the **Advanced** tab to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping. | ||
|
|
||
| Organizations can override inherited values and revert them at any time. | ||
| Learn more about [token exchange]({{base_path}}guides/authentication/configure-token-exchange/). |
Contributor
There was a problem hiding this comment.
Duplicate feature sections detected.
Lines 72-83 ("Selectable token issuer for organization applications") and lines 85-95 ("Token exchange for organization applications") describe the same feature with overlapping content. Both sections discuss the Token Exchange grant type, trusted token issuers, implicit user account association, and lookup attributes, and link to the same documentation.
Remove one of these duplicate sections to avoid confusion.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/identity-server/next/docs/get-started/about-this-release.md` around lines
72 - 95, Remove the duplicated section describing Token Exchange: keep only one
of the two blocks (either the "Selectable token issuer for organization
applications" paragraph or the "Token exchange for organization applications"
section) and delete the other; ensure the retained block includes the trusted
token issuer, implicit user account association, lookup attributes points, and a
single correct documentation link (use the same
{{base_path}}/guides/authentication/configure-token-exchange/ format).
| ### Selectable token issuer for organization applications | ||
|
|
||
| ### Support for granular role sharing with B2B applications | ||
| WSO2 Identity Server now supports the Token Exchange grant type for applications within organizations, enabling secure token exchange across trusted token issuers defined at the organization level. |
Contributor
There was a problem hiding this comment.
Remove the extra space.
There are two spaces after "across" where only one is needed.
📝 Proposed fix
-WSO2 Identity Server now supports the Token Exchange grant type for applications within organizations, enabling secure token exchange across trusted token issuers defined at the organization level.
+WSO2 Identity Server now supports the Token Exchange grant type for applications within organizations, enabling secure token exchange across trusted token issuers defined at the organization level.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| WSO2 Identity Server now supports the Token Exchange grant type for applications within organizations, enabling secure token exchange across trusted token issuers defined at the organization level. | |
| WSO2 Identity Server now supports the Token Exchange grant type for applications within organizations, enabling secure token exchange across trusted token issuers defined at the organization level. |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 73,
In the sentence "WSO2 Identity Server now supports the Token Exchange grant type
for applications within organizations, enabling secure token exchange across
trusted token issuers defined at the organization level." remove the extra space
between "across" and "trusted" so it reads "across trusted token issuers";
locate the exact string "enabling secure token exchange across trusted token
issuers" and collapse the double space to a single space.
| - **Enable implicit user account association**: Automatically link an incoming external token to an existing local user account for both root and child organizations. | ||
|
|
||
| Organizations now inherit login and registration configurations from their parent organization. Customizations at the top of the hierarchy cascade down to all organizations, while system defaults apply if no customizations exist. | ||
| - **Define lookup attributes** : Specify up to two attributes in the **Advanced** tab to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping. |
Contributor
There was a problem hiding this comment.
Remove the extra space before the colon.
There's an unnecessary space between the text and the colon.
📝 Proposed fix
-- **Define lookup attributes** : Specify up to two attributes in the **Advanced** tab to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping.
+- **Define lookup attributes**: Specify up to two attributes in the **Advanced** tab to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - **Define lookup attributes** : Specify up to two attributes in the **Advanced** tab to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping. | |
| - **Define lookup attributes**: Specify up to two attributes in the **Advanced** tab to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping. |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 93,
The bullet string "**Define lookup attributes** : Specify up to two
attributes..." contains an extra space before the colon; update the text in
about-this-release.md (the line starting with "**Define lookup attributes** :")
to remove the space so it reads "**Define lookup attributes**: Specify up to two
attributes..." ensuring no other spacing changes.
| - **Define lookup attributes** : Specify up to two attributes in the **Advanced** tab to identify the corresponding local user during token exchange. These attributes must be configured as unique across user stores to ensure accurate user mapping. | ||
|
|
||
| Organizations can override inherited values and revert them at any time. | ||
| Learn more about [token exchange]({{base_path}}guides/authentication/configure-token-exchange/). |
Contributor
There was a problem hiding this comment.
Fix the malformed link syntax.
The link is missing a forward slash after {{base_path}}.
🔧 Proposed fix
-Learn more about [token exchange]({{base_path}}guides/authentication/configure-token-exchange/).
+Learn more about [token exchange]({{base_path}}/guides/authentication/configure-token-exchange/).📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| Learn more about [token exchange]({{base_path}}guides/authentication/configure-token-exchange/). | |
| Learn more about [token exchange]({{base_path}}/guides/authentication/configure-token-exchange/). |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 95,
The markdown link to "token exchange" is missing a slash after the {{base_path}}
placeholder; update the link target so it reads
{{base_path}}/guides/authentication/configure-token-exchange/ (i.e., insert a
"/" immediately after {{base_path}} in the link URL) to correct the malformed
link.
| WSO2 Identity Server now sends SMS and email notifications to both approvers and initiators when a workflow request is created or resolved. | ||
|
|
||
| Naming conventions for root and organizations are now unified, delivering consistency and stronger branding across B2B applications. | ||
| When a user operation such as adding a user or creating a role triggers a configured workflow, the designated approver receives a notification through the configured channel. After the approver acts, if additional approval steps exist, the next approver receives a notification. If no further steps remain, the initiator is notified of the final outcome. |
Contributor
There was a problem hiding this comment.
Remove the redundant word "final".
"Final outcome" is redundant; "outcome" alone conveys the meaning.
📝 Proposed fix
-After the approver acts, if additional approval steps exist, the next approver receives a notification. If no further steps remain, the initiator is notified of the final outcome.
+After the approver acts, if additional approval steps exist, the next approver receives a notification. If no further steps remain, the initiator is notified of the outcome.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| When a user operation such as adding a user or creating a role triggers a configured workflow, the designated approver receives a notification through the configured channel. After the approver acts, if additional approval steps exist, the next approver receives a notification. If no further steps remain, the initiator is notified of the final outcome. | |
| When a user operation such as adding a user or creating a role triggers a configured workflow, the designated approver receives a notification through the configured channel. After the approver acts, if additional approval steps exist, the next approver receives a notification. If no further steps remain, the initiator is notified of the outcome. |
🧰 Tools
🪛 LanguageTool
[style] ~109-~109: This phrase is redundant. Consider writing “outcome”.
Context: ...emain, the initiator is notified of the final outcome. Administrators can define the notific...
(FINAL_END)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@en/identity-server/next/docs/get-started/about-this-release.md` at line 109,
The sentence in the paragraph starting "When a user operation such as adding a
user or creating a role triggers a configured workflow..." uses the redundant
phrase "final outcome"; edit that sentence to remove "final" so it reads "...the
initiator is notified of the outcome." Locate and update that exact sentence in
the document (about-this-release.md) replacing "final outcome" with "outcome."
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
$subject