Merge pull request #290 from auth0/fix/documentation-grammar-and-style

Fix documentation grammar, punctuation, and style issues

Author: KarimTantawy5

auth4genai/mcp/get-started/authorization-for-your-mcp-server.mdx

@@ -12,4 +12,4 @@ import MCPGetStartedTestingInstructions from "/snippets/mcp/get-started/testing-
 
 ## Next steps
 
-* To set up first-party tool calling, complete the [Call Your APIs on User's Behalf](./call-your-apis-on-users-behalf) quickstart.
+* To set up first-party tool calling, complete the [Call Your APIs on a User's Behalf](./call-your-apis-on-users-behalf) quickstart.

auth4genai/mcp/get-started/call-your-apis-on-users-behalf.mdx

@@ -1,7 +1,7 @@
 ---
-title: Call Your API on User's Behalf
+title: Call Your API on a User's Behalf
 description: Learn how to call an Auth0-protected API from your MCP server.
-sidebarTitle: Call Your API on User's Behalf
+sidebarTitle: Call Your API on a User's Behalf
 ---
 
 import MCPGetStartedPrerequisites from "/snippets/mcp/get-started/pre-reqs/prerequisites.mdx";
@@ -55,7 +55,7 @@ auth0 api post clients --data '{
 
 The output of the command will be a JSON object with the `client_id` and `client_secret` of the newly created client, which will be used in the next steps to configure the MCP server environment.
 
-Next, we need to indicate Auth0 that the client can use Custom Token Exchange.
+Next, we need to indicate to Auth0 that the client can use Custom Token Exchange.
 
 ```shell
 CLIENT_ID=$(jq -r '.client_id' auth0-app-details.json) \
@@ -84,7 +84,7 @@ auth0 api post resource-servers --data '{
 }' | jq -r '"Audience: " + .identifier'
 ```
 
-Save the `Audience` from the command output, you'll need it on a later step.
+Save the `Audience` from the command output; you'll need it in a later step.
 
 
 <Tabs>
@@ -124,7 +124,7 @@ npm install
 
 ## Create your environment file
 
-In the `fastmcp-mcp-customtokenexchange-js` directory, run the following commnd to create a new `.env` file populated with all the required environment variables:
+In the `fastmcp-mcp-customtokenexchange-js` directory, run the following command to create a new `.env` file populated with all the required environment variables:
 
 ```shell wrap lines expandable
 CLIENT_ID=$(jq -r '.client_id' auth0-app-details.json) \
@@ -152,15 +152,15 @@ To get your Auth0 application’s `AUTH0_DOMAIN`, run the following command:
 auth0 tenants list
 ```
 
-Copy the domain under `TENANT` from the output and update the corresponding variable on the `.env`.
+Copy the domain under `TENANT` from the output and update the corresponding variable in the `.env` file.
 
-For `MCP_AUTH0_CLIENT_ID` and `MCP_AUTH0_CLIENT_SECRET` you will use the values obtained on the [Create an Application for your MCP server](./call-your-apis-on-users-behalf#create-an-application-for-your-mcp-server) step.
+For `MCP_AUTH0_CLIENT_ID` and `MCP_AUTH0_CLIENT_SECRET` you will use the values obtained from the [Create an Application for your MCP server](./call-your-apis-on-users-behalf#create-an-application-for-your-mcp-server) step.
 
 ## Use Custom Token Exchange Action
 
 This Action is the server-side logic Auth0 executes to perform the token exchange. It is necessary because the MCP server receives an access token from the client (with the MCP server as its audience) and must exchange it for a new token (with the upstream API as the audience). This Action validates the original token and mints the new one.
 
-The Custom Token Exchange Action, available as a part of Custom Token Exchange Early Access. Navigate to [the On-behalf-of token exchange for first-party apps template available here](https://manage.auth0.com/#/actions/library/templates/templates/daeda4e8-8da2-4abb-afb5-ac09df0ebb2a) and click on **Use This Template**.
+The Custom Token Exchange Action is available as part of Custom Token Exchange Early Access. Navigate to [the On-behalf-of token exchange for first-party apps template available here](https://manage.auth0.com/#/actions/library/templates/templates/daeda4e8-8da2-4abb-afb5-ac09df0ebb2a) and click on **Use This Template**.
 
 <Frame>
   <img
@@ -179,9 +179,9 @@ This will open a modal for you to name the action:
   />
 </Frame>
 
-Once the action is created you can **Deploy** it. When you deploy the Action, Auth0 assigns it an Action ID. You still need to add your custom logic to the Action, but first, get the Action ID to create the Custom Token Exchange Profile.
+Once the action is created, you can **Deploy** it. When you deploy the Action, Auth0 assigns it an Action ID. You still need to add your custom logic to the Action, but first, get the Action ID to create the Custom Token Exchange Profile.
 
-## Setup the token exchange profile
+## Set up the token exchange profile
 
 <CreateProfile />
 

auth4genai/mcp/get-started/overview.mdx

@@ -7,7 +7,7 @@ mode: "wide"
 
 ## Quickstarts
 
-Secure your MCP servers, enable API access, and implement standards-based client registration
+Secure your MCP servers, enable API access, and implement standards-based client registration.
 
 <Columns cols={2}>
 

auth4genai/mcp/guides/registering-your-mcp-client-application.mdx

@@ -17,7 +17,7 @@ You can register your client in two ways: statically or dynamically. For most sc
 This method is recommended because it offers several key advantages:
 
 * **Enhanced Security**: You explicitly approve every client, preventing unauthorized or malicious applications from registering themselves and accessing your system.
-* **Predictable Configuration**: The client_id and other settings are known in advance, simplifying deployment and configuration management.
+* **Predictable Configuration**: The `client_id` and other settings are known in advance, simplifying deployment and configuration management.
 * **Clear Auditing**: There is a clear, auditable trail for every client created, linking it to a specific developer or team.
 * **Principle of Least Privilege**: You can precisely configure the exact permissions (scopes) and settings for each client from the outset.
 
@@ -113,7 +113,7 @@ For a client to interact with your server, the MCP specification requires you to
 
 1. **Use the `WWW-Authenticate` Header for 401 Errors**
 
-   When a client makes a request without a valid token, your server must return a `401 Unauthorized` status. Crucially, this response must include the `WWW-Authenticate` header, pointing to the metadata URL you configured above. This signals to the client that authentication is required and tells it exactly.
+   When a client makes a request without a valid token, your server must return a `401 Unauthorized` status. Crucially, this response must include the `WWW-Authenticate` header, pointing to the metadata URL you configured above. This signals to the client that authentication is required and tells it exactly where to obtain the authorization metadata.
 
 2. **Announce Your Auth Server with Protected Resource Metadata ([RFC 9728](https://datatracker.ietf.org/doc/html/rfc9728))**
 

auth4genai/mcp/guides/resource-param-compatibility-profile.mdx

@@ -44,9 +44,9 @@ Once the **Resource Parameter Compatibility Profile** is enabled, Auth0 will use
   />
 </Frame>
 
-If both the `resource` and `audience` are available, the `audience` will still be used. Auth0 will not forward the `resource` to upstream Identity Providers (IdPs), [learn more](./resource-param-compatibility-profile#resource-parameter-forwarding-to-upstream-identity-provider-idp).
+If both the `resource` and `audience` are available, the `audience` will still be used. Auth0 will not forward the `resource` to upstream Identity Providers (IdPs). [Learn more](./resource-param-compatibility-profile#resource-parameter-forwarding-to-upstream-identity-provider-idp).
 
-*RFC 8707 requires the `resource` parameter to [be an absolute URI](https://www.rfc-editor.org/rfc/rfc8707.html#name-resource-parameter), to conform with RFC 8707 we recommend defining your resource server identifiers (API identifiers) in [URI format](https://datatracker.ietf.org/doc/html/rfc3986). Using an absolute URI as the identifier of your MCP Server is also a requirement from the MCP Authorization specification.*
+*RFC 8707 requires the `resource` parameter to [be an absolute URI](https://www.rfc-editor.org/rfc/rfc8707.html#name-resource-parameter), to conform with RFC 8707, we recommend defining your resource server identifiers (API identifiers) in [URI format](https://datatracker.ietf.org/doc/html/rfc3986). Using an absolute URI as the identifier of your MCP Server is also a requirement from the MCP Authorization specification.*
 
 ## Supported flows
 
@@ -62,11 +62,11 @@ The `resource` parameter is supported in the following flows:
 
 When federating to an upstream IdP, Auth0 provides a way for initiating clients to [forward parameters](https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps). In the documentation, notice that `resource` is one of the parameters [available for forwarding to upstream IdPs](https://auth0.com/docs/authenticate/identity-providers/pass-parameters-to-idps#available-fields).
 
-To avoid leaking access token details, Auth0 will not forward the resource parameter to upstream IdPs while the Resource Parameter Compatibility Profile is enabled.
+RFC 8707 requires the `resource` parameter to be an absolute URI. To conform with RFC 8707, we recommend defining your resource server identifiers (API identifiers) in URI format. To avoid leaking access token details, Auth0 will not forward the resource parameter to upstream IdPs while the Resource Parameter Compatibility Profile is enabled.
 
 * Resource Parameter Compatibility **disabled** (default behavior):
   * `resource` is available as an upstream IdP parameter.
 * Resource Parameter Compatibility **enabled**:
   * `resource` is not available as an upstream IdP parameter, and will not be forwarded.
 
-  <Note>If passing the resource parameter to an upstream IdP, Resource Parameter Compatibility Profile should not be enabled.</Note>
+  <Note>If passing the resource parameter to an upstream IdP, the Resource Parameter Compatibility Profile should not be enabled.</Note>

auth4genai/mcp/guides/test-your-mcp-server-with-mcp-inspector.mdx

@@ -18,7 +18,7 @@ First, make sure your MCP server is running in a separate terminal. Then, open a
 npx @modelcontextprotocol/inspector@latest
 ```
 
-This will open the MCP Inspector interface on your default browser.
+This will open the MCP Inspector interface in your default browser.
 
 <Frame>
   <img
@@ -34,15 +34,15 @@ Once the Inspector is open, you need to configure it to connect to your local MC
 1. Set the **Transport Type** to `Streamable HTTP`.
 2. Enter your server's URL, which is typically `http://localhost:3001/mcp`.
 
-In order for the MCP Inspector connect to your MCP server you can either do static client registration (recommended) or Dynamic Client Registration (DCR). Pick your preferred method below and follow the instructions.
+In order for the MCP Inspector to connect to your MCP server you can either do static client registration (recommended) or Dynamic Client Registration (DCR). Pick your preferred method below and follow the instructions.
 
 <StaticClientRegOrDCR />
 
 3. Click **Connect**.
 
 You'll be redirected to a login and consent screen. Sign in with a user account that has been granted the necessary permissions for the tools.
 
-When you connect to the server for the first time you will be guided through the authentication process using the [Auth0 Universal Login](https://auth0.com/features/universal-login). You’ll see the consent screen where you can check the tools you have access:
+When you connect to the server for the first time, you will be guided through the authentication process using the [Auth0 Universal Login](https://auth0.com/features/universal-login). You'll see the consent screen where you can check the tools you have access to:
 
 <Frame>
   <img
@@ -68,7 +68,7 @@ After authenticating, you can run the tools the MCP server exposes for your user
 <Frame caption="List of tools available in the MCP Server">
   <img
     src="/img/mcp/tools_list_tool_administrator_role.png"
-    alt="List of tools for an user with the Tool Administrator role"
+    alt="List of tools for a user with the Tool Administrator role"
   />
 </Frame>
 
@@ -99,7 +99,7 @@ If you run into problems, here are a few things to check first:
 
 * This usually means the user you logged in with doesn't have the required roles or permissions.
 * Check your authentication provider to ensure the user has been assigned the correct roles (e.g., "Tool User" or "Tool Administrator").
-* Confirm that the scopes defined in your server's oauth configuration match the permissions required by the tools.
+* Confirm that the scopes defined in your server's OAuth configuration match the permissions required by the tools.
 
 ## Conclusion
 

auth4genai/mcp/intro/overview.mdx

@@ -52,20 +52,20 @@ Register MCP clients and servers using standards-aligned discovery and registrat
   horizontal
   iconType="solid" />
 
-### Call your APIs on user’s behalf
+### Call your APIs on a user's behalf
 
 When an **AI agent** connects to your **MCP server**, the server may need to call your internal APIs to read data or trigger workflows. Those APIs need tokens that reflect who the user is and what the server is allowed to do.
 
 **Auth0 Custom Token Exchange** enables that delegation. The MCP server exchanges the token it received from the client for a new, short-lived access token scoped to the internal API. This lets **MCP servers** call internal APIs on behalf of users while **Auth0** issues and governs access centrally.
 
 <Card
-  title="Use this quickstart to call your APIs on user's behalf from your MCP server"
+  title="Use this quickstart to call your APIs on a user's behalf from your MCP server"
   href="/mcp/get-started/call-your-apis-on-users-behalf"
   icon="book"
   horizontal
   iconType="solid" />
 
-### Call third-party APIs on user’s behalf
+### Call third-party APIs on a user's behalf
 
 MCP Servers often connect AI Agents to third-party services such as Google, Microsoft, Jira, or Notion. Auth0’s **Token Vault** handles these integrations by managing token issuance, storage, rotation, and revocation for external APIs. Token Vault eliminates manual credential handling and makes it easy to extend MCP connectivity across the modern SaaS ecosystem.
 
@@ -85,7 +85,7 @@ To begin using Auth for MCP in your MCP server, refer to the following resources
   />
 
   <Card
-    title="Call your APIs on User's Behalf"
+    title="Call your APIs on a User's Behalf"
     href="/mcp/get-started/call-your-apis-on-users-behalf"
     icon="shapes"
     horizontal
@@ -110,7 +110,7 @@ To begin using Auth for MCP in your MCP server, refer to the following resources
   />
 
   <Card
-    title="Test you MCP Server with MCP Inspector"
+    title="Test your MCP Server with MCP Inspector"
     href="/mcp/guides/test-your-mcp-server-with-mcp-inspector"
     icon="book"
     horizontal
@@ -183,5 +183,5 @@ Auth for MCP delivers a more secure and scalable authentication and authorizatio
   cta="Request to join the Early Access Program"
   vertical>
 
-Auth for MCP is currently available in Early Access. To join the Early Access program, please complete this form and we'll reach out to you when your request is processed.
+Auth for MCP is currently available in Early Access. To join the Early Access program, please complete this form, and we'll reach out to you when your request is processed.
 </Card>