Conversation
Updates the MCP server documentation to include ChatGPT as a supported client and adds comprehensive setup instructions for the Authorization Code OAuth flow. Restructures authentication section to clearly distinguish between Authorization Code flow (for ChatGPT and Claude Code) and Client Credentials flow (for VS Code and Claude Code). Key changes: - Add ChatGPT setup instructions with UI-based OAuth client creation - Add Authorization Code flow setup for Claude Code - Update status from "Closed Preview" to "Private Preview" - Reorganize authentication section with comparison table - Use AuthorizationCodeClient terminology to match UI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kimsauce
requested review from
JV0812,
amee-sumo,
jpipkin1 and
mafsumo
as code owners
kimsauce
changed the title
Add prominent note callout before Step 3 curl examples to make deployment URL requirements clearer for Preview customers reading top-to-bottom. Addresses feedback that deployment info wasn't immediately obvious. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update OAuth doc title to "OAuth Client Setup" - Restructure MCP authentication sections to be client-specific - Add deployment endpoint clarifications throughout both docs - Add tip about discovering token endpoint programmatically - Consolidate redundant content in OAuth intro Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kimsauce
changed the title
kimsauce
changed the title
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kimsauce
changed the title
kimsauce
added
doc:update
Implements feedback from auth-code-flow-docs-update-review.pdf: OAuth documentation changes: - Remove MCP server parenthetical reference from intro - Change "your application" to "an external application" in Authorization Code flow intro for clarity - Update token expiration to reference expires_in property instead of hardcoded "1 hour" - Update refresh token rotation language (always rotates, not configurable) - Remove personal access key prerequisite (OAuth clients now created via UI) - Add UI-first approach for service account ID retrieval with API as alternative - Replace curl-based OAuth client creation with UI steps for Client Credentials flow - Preserve API examples in collapsible sections for advanced users - Fix highlighted field in service account JSON response (id not modifiedAt) MCP server documentation changes: - Change "external copilots and proprietary models" to "MCP clients (external AI models)" - Remove em dashes and improve sentence structure per style guide Style fixes: - Remove all em dashes per Sumo Logic style guide - Fix hyphenation (MCP-clients → MCP clients) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
kimsauce
changed the title
ganano
reviewed
May 5, 2026
Collaborator
Author
|
Hi @ganano , thanks for the thorough review! Here's what I addressed based on your feedback: docs/api/mcp-server.md
docs/manage/security/oauth.md
One thing I wasn't sure about, your line 49 comment mentioned adding a tip about how permissions are calculated specifically for Auth Code. I added that as a |
…docs - mcp-server.md: remove Client Credentials sections from Claude Code CLI setup (Auth Code flow only); add --scope user/project options to claude mcp add command; add deployment domain tips to ChatGPT and Claude sections - oauth.md: simplify Auth Code flow (replace curl steps with OAuth 2.1 spec pointer and permissions intersection tip); fix API call domains to api.sumologic.com; update security practices, revoke FAQ, and add user roles change FAQ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ganano
approved these changes
May 6, 2026
ganano
left a comment
ganano
left a comment
There was a problem hiding this comment.
Couple of minor comments, but otherwise lgtm.
Approving to remove myself from the review cycle.
|
|
||
| This flow uses interactive browser-based authentication. Users authorize an external application to access Sumo Logic on their behalf, and the application receives an access token to make API requests. | ||
|
|
||
| ### Create an OAuth client |
There was a problem hiding this comment.
I noticed that for the Client Credentials it lists the prerequisite of being an Administrator. That is true for the Authorization Code scenario as well.
| * The scopes assigned to the OAuth client. | ||
| * The scopes requested in the authorization request. | ||
|
|
||
| If a user's roles are restricted, their effective OAuth permissions are reduced at the next token refresh. If roles are expanded, the new permissions become available at the next token refresh. |
There was a problem hiding this comment.
Probably worth noting about if the permissions are expanded the the new permissions will become available on the next token refresh only with the permissions that have previously been "consented" to. If the permissions expand beyond the "consented", then to get a token with those permissions will require re-authenticating to the authorization server.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose of this pull request
This pull request improves the MCP server doc (currently in preview) and introduces the OAuth doc. Checked structure, clarity, and deployment endpoint guidance. Key changes include:
MCP documentation (mcp-server.md):
OAuth documentation (oauth.md):
Select the type of change
Ticket (if applicable)
https://sumologic.atlassian.net/browse/DOCS-1534