Added FAPI 2.0 configurations and the related settings

[himeshsiriwardana]

Purpose

IS 7.1 is updated with FAPI 2.0 compliance configurations. As we still support FAPI 1.0 Advanced, settings are now in a tabbed view.

Added a new page with an updated concept diagram for FAPI 2.0 and the related settings.

Documentation on FAPI-compliance in the Compliance section

Summary by CodeRabbit

• Documentation
  • Added FAPI 2.0 reference documentation covering authorization requirements, certificate-bound tokens, PAR/PKCE and configuration steps.
  • Expanded and reorganized Financial-grade API docs to separately cover FAPI 1.0 Advanced and FAPI 2.0, with updated navigation entries.
  • Updated guidance for registering FAPI-compliant applications with version-aware configuration and Console/DCR instructions.

[coderabbitai]

Walkthrough

Adds FAPI documentation and navigation entries for FAPI 1.0 Advanced and FAPI 2.0, inserts include-based content for FAPI deploy pages, expands the application registration guide with version-aware and product-specific configuration, and adds the acronym "FAPI" to the Vale lint exceptions.

Changes

Cohort / File(s)	Summary
Lint configuration \.vale/styles/Microsoft/Acronyms.yml	Adds FAPI to the acronyms exceptions list.
FAPI reference includes en/includes/references/financial-grade-api.md, en/includes/references/financial-grade-api-2.0.md	Rewrites intro link formatting for FAPI and adds a new FAPI 2.0 reference include describing requirements and configuration steps.
FAPI deploy include en/includes/deploy/compliance/fapi.md	Adds comprehensive FAPI compliance content with template conditionals for version-specific sections (FAPI 1.0 Advanced and conditional FAPI 2.0).
Application guide (version-aware) en/includes/guides/applications/register-a-fapi-compliant-app.md	Reworks intro, replaces prerequisites with "Configure ... for FAPI compliance", and adds version-specific and product-specific (Asgardeo vs others) configuration and DCR guidance.
Per-version docs (include injection) en/identity-server/*/docs/deploy/compliance/fapi.md en/identity-server/7.1.0/docs/references/financial-grade-api-2.0.md	Adds single-line include directives to inject shared FAPI deploy/reference content across versions (next, 7.0.0, 7.1.0, 7.2.0).
Compliance index updates en/identity-server/*/docs/deploy/compliance/index.md	Inserts a new "FAPI" link entry under Compliance (added after FIPS) across next, 7.0.0, 7.1.0, 7.2.0.
Navigation / mkdocs updates en/identity-server/*/mkdocs.yml	Adds a top-level Compliance navigation entry for FAPI and, in 7.1.0, restructures Financial-grade API into a nested group with "FAPI 1.0 Advanced" and "FAPI 2.0"; updates site_url in 7.2.0/mkdocs.yml.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Review attention:
  • en/includes/guides/applications/register-a-fapi-compliant-app.md: verify conditional templating, version checks, and product-specific branches (Asgardeo vs others).
  • Navigation changes in mkdocs.yml files: confirm nested entries render correctly and links resolve.
  • en/includes/deploy/compliance/fapi.md and en/includes/references/financial-grade-api-2.0.md: spot-check technical accuracy and consistency of FAPI-specific configuration examples.

Poem

🐰 I hopped through docs with nimble cheer,
FAPI now lives in pages near,
Two versions nested, included with care,
Acronym safe — lint won’t glare,
A rabbit's nibble: docs now fair.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is missing required template sections: Purpose lacks issue references, Related PRs, Test environment, and Security checks are all absent.	Add the missing required sections from the template: specify related issues/PRs, test environment details, and complete the security checks checklist.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding FAPI 2.0 configurations and related settings to the documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

en/includes/references/financial-grade-api-2.0.md (1)

18-28: Consider varying sentence structure in numbered list steps.

Lines 18–28 repeat "Under Allowed... " at the start of consecutive items. Per static analysis (ENGLISH_WORD_REPEAT_BEGINNING_RULE), this can reduce readability. Refactor for variety:

-3. Under **Allowed grant types**, select only the **code** grant type.
+3. Select only the **code** grant type under **Allowed grant types**.

-4. Under **Authorized redirect URLs**, add the redirect URLs allowed for the application.
+4. Add the redirect URLs allowed for the application under **Authorized redirect URLs**.

-5. Under **Allowed origins**, add the allowed origins for the application.
+5. Add the allowed origins for the application under **Allowed origins**.

en/includes/guides/applications/register-a-fapi-compliant-app.md (1)

23-42: Optional: Vary "Specify" repetition for readability. Lines 23, 30, and 37 each begin with "Specify a..." Per static analysis (ENGLISH_WORD_REPEAT_BEGINNING_RULE), introducing variety would improve readability without affecting clarity:

-23. Specify a FAPI-compliant signing algorithm for ID tokens (PS256, ES256).
+23. To ensure FAPI compliance, select a FAPI-compliant signing algorithm for ID tokens (PS256, ES256).

-30. Specify a signing algorithm for tokens issued at the token endpoint.
+30. Configure the signing algorithm for tokens issued at the token endpoint.

-37. Specify a signing algorithm for the userinfo response.
+37. Set the signing algorithm for the userinfo response.

This is a minor polish; current phrasing is acceptable for technical documentation.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d763c09 and b8993bc.

⛔ Files ignored due to path filters (1)

• en/identity-server/7.1.0/docs/assets/img/guides/applications/fapi-compliant-apps/fapi-2.0-compliant-application.png is excluded by !**/*.png

📒 Files selected for processing (6)

• .vale/styles/Microsoft/Acronyms.yml (1 hunks)
• en/identity-server/7.1.0/docs/references/financial-grade-api-2.0.md (1 hunks)
• en/identity-server/7.1.0/mkdocs.yml (1 hunks)
• en/includes/guides/applications/register-a-fapi-compliant-app.md (1 hunks)
• en/includes/references/financial-grade-api-2.0.md (1 hunks)
• en/includes/references/financial-grade-api.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

en/includes/references/financial-grade-api-2.0.md

[style] ~26-~26: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...t URLs allowed for the application. 5. Under Allowed origins, add the allowed or...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[style] ~115-~115: Using many exclamation marks might seem excessive (in this case: 15 exclamation marks for a text that’s 5818 characters long)
Context: ...icate in a FAPI-compliant application. !!! note Refer to [OIDC Configurations]...

(EN_EXCESSIVE_EXCLAMATION)

en/includes/guides/applications/register-a-fapi-compliant-app.md

[style] ~37-~37: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...algorithms=["PS256","ES256"] ``` - Specify a signing algorithm for the userinfo re...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

🔇 Additional comments (10)

.vale/styles/Microsoft/Acronyms.yml (1)

72-72: Acronym addition looks correct. FAPI is now properly registered as an exception to the rule requiring first/second occurrence pattern, aligning with its usage throughout the new FAPI 2.0 documentation.

en/includes/references/financial-grade-api-2.0.md (1)

1-116: Comprehensive FAPI 2.0 configuration documentation.

The content is well-structured with clear sections, hyperlinked guidance, embedded diagrams, and step-by-step configurations. All sections (Authorization code grant, PKCE, Client authentication, PAR, Request object, Certificate-bound tokens) are thorough and actionable. Screenshots are referenced appropriately. The integration with includes/references/financial-grade-api.md and the wrapper at 7.1.0/docs/references/financial-grade-api-2.0.md enables proper content reuse.

en/identity-server/7.1.0/docs/references/financial-grade-api-2.0.md (1)

1-1: Wrapper include directive is properly formed. The relative path ../../../../includes/references/financial-grade-api-2.0.md correctly references the shared FAPI 2.0 documentation, enabling centralized content maintenance across multiple documentation versions.

en/includes/references/financial-grade-api.md (1)

3-3: UX improvement with hyperlinked definition. Adding a direct link to the official FAPI specification at the start of the intro paragraph enhances discoverability and provides readers immediate access to normative requirements.

en/identity-server/7.1.0/mkdocs.yml (1)

1169-1171: Navigation restructure properly nests FAPI versions. Converting the flat "Financial-grade API" entry into a parent with "FAPI 1.0 Advanced" and "FAPI 2.0" children improves discoverability and aligns navigation with the dual-version support strategy. File references are correct.

Verify that the documentation site navigation renders correctly and no old URL redirects are needed for existing "Financial-grade API" links.

en/includes/guides/applications/register-a-fapi-compliant-app.md (5)

3-3: Template variable usage requires verification. Line 3 uses is_version == "7.1.0" and line 14 uses is_version != "7.1.0" for version-aware conditional rendering. Confirm that this variable is properly defined in the template context across all documentation build versions to ensure correct content display.

Can you verify that the is_version template variable is properly set in the build context for all IS versions? Also confirm whether this variable follows the naming convention used elsewhere in the codebase (e.g., is_version vs. other patterns).

---

7-12: New FAPI compliance configuration section is well-organized. The new "Configure {{product_name}} for FAPI compliance" section properly introduces deployment.toml-based configuration before guiding users through application registration. Version-aware conditional blocks (lines 14–150) enable appropriate guidance for FAPI 2.0 (7.1.0+) vs. FAPI 1.0 Advanced (earlier versions), with clear cipher suite restrictions and signing algorithm specifications tailored to each FAPI version.

---

52-112: FAPI 2.0 configuration tab is comprehensive and correct. Cipher suites are appropriately restricted to ECDHE (no DHE), FAPI version is specified as "2", and FAPI 2.0–specific requirements (authorization code validity of 50 seconds, well-known endpoint configuration) are included. Indentation and MkDocs tab syntax are properly formatted.

---

113-149: FAPI 1.0 Advanced configuration tab maintains backward compatibility. Cipher suites appropriately include both DHE and ECDHE options (more permissive than FAPI 2.0), and configurations align with the reference documentation. Tabbed format is consistent with FAPI 2.0 section.

---

182-217: Product-specific DCR guidance is appropriate. Conditional block at line 182 branches for Asgardeo vs. other products (WSO2 IS), providing tailored instructions for each. Asgardeo path includes SSA validation and enforcement UI steps; WSO2 IS path directs to deployment.toml configuration. Both reference the DCR API docs correctly. Formatting and structure are sound.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8993bc and 04e30bb.

📒 Files selected for processing (14)

• en/identity-server/7.0.0/docs/deploy/compliance/fapi.md (1 hunks)
• en/identity-server/7.0.0/docs/deploy/compliance/index.md (1 hunks)
• en/identity-server/7.0.0/mkdocs.yml (1 hunks)
• en/identity-server/7.1.0/docs/deploy/compliance/fapi.md (1 hunks)
• en/identity-server/7.1.0/docs/deploy/compliance/index.md (1 hunks)
• en/identity-server/7.1.0/mkdocs.yml (2 hunks)
• en/identity-server/7.2.0/docs/deploy/compliance/fapi.md (1 hunks)
• en/identity-server/7.2.0/docs/deploy/compliance/index.md (1 hunks)
• en/identity-server/7.2.0/mkdocs.yml (2 hunks)
• en/identity-server/next/docs/deploy/compliance/fapi.md (1 hunks)
• en/identity-server/next/docs/deploy/compliance/index.md (1 hunks)
• en/identity-server/next/mkdocs.yml (1 hunks)
• en/includes/deploy/compliance/fapi.md (1 hunks)
• en/includes/guides/applications/register-a-fapi-compliant-app.md (1 hunks)

✅ Files skipped from review due to trivial changes (4)

• en/identity-server/7.0.0/docs/deploy/compliance/fapi.md
• en/identity-server/7.1.0/docs/deploy/compliance/fapi.md
• en/identity-server/7.2.0/docs/deploy/compliance/fapi.md
• en/identity-server/next/docs/deploy/compliance/fapi.md

🚧 Files skipped from review as they are similar to previous changes (1)

• en/identity-server/7.1.0/mkdocs.yml

🧰 Additional context used

🪛 LanguageTool

en/includes/guides/applications/register-a-fapi-compliant-app.md

[style] ~37-~37: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...algorithms=["PS256","ES256"] ``` - Specify a signing algorithm for the userinfo re...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

en/includes/deploy/compliance/fapi.md

[grammar] ~7-~7: Use a hyphen to join words.
Context: ...-compliant API access. To create a FAPI compliant application, refer to the guid...

(QB_NEW_EN_HYPHEN)

🔇 Additional comments (12)

en/identity-server/next/mkdocs.yml (1)

950-950: FAPI navigation entry correctly positioned.

The navigation addition places FAPI between FIPS and Accessibility Compliance entries, maintaining consistent ordering across all version configurations.

en/identity-server/7.0.0/docs/deploy/compliance/index.md (1)

13-14: FAPI compliance entry correctly formatted.

The entry follows the established pattern for compliance documentation links and maintains alphabetical/logical ordering.

en/identity-server/7.1.0/docs/deploy/compliance/index.md (1)

13-14: FAPI compliance entry consistent across versions.

Entry matches the pattern established in all version indices, ensuring uniform documentation structure.

en/identity-server/7.0.0/mkdocs.yml (1)

812-812: FAPI navigation entry correctly integrated.

The entry is properly positioned within the Compliance section and maintains consistency with other version configurations.

en/identity-server/next/docs/deploy/compliance/index.md (1)

13-14: FAPI compliance entry maintains consistency.

The entry follows the established pattern across all versions.

en/includes/deploy/compliance/fapi.md (1)

1-45: FAPI documentation uses version-aware content effectively.

The documentation correctly uses Liquid conditionals to render FAPI 2.0 content only for version 7.1.0+, while maintaining FAPI 1.0 Advanced guidance across all versions. The structure is clear and the feature matrix is well-organized by FAPI version.

en/includes/guides/applications/register-a-fapi-compliant-app.md (3)

3-5: Version-aware introduction effectively communicates FAPI support.

The introduction correctly states that 7.1.0+ supports both FAPI 1.0 Advanced and FAPI 2.0, while earlier versions support only FAPI 1.0 Advanced. This sets appropriate expectations for users.

---

8-150: Configuration section properly structures FAPI setup by version.

The configuration guide correctly separates settings:

• Non-7.1.0 versions (lines 14-50): Single configuration block for FAPI 1.0 Advanced
• 7.1.0+ versions (lines 51-150): Tabbed interface with distinct FAPI 2.0 and FAPI 1.0 Advanced configurations

The TOML syntax is correct, and cipher suites are appropriately tightened for FAPI 2.0 (lines 56-57) compared to FAPI 1.0 (lines 118-120).

---

182-217: DCR configuration correctly branches by product.

The DCR section appropriately handles:

• Asgardeo (lines 182-200): UI-based configuration with SSA validation and FAPI enforcement options
• WSO2 Identity Server (lines 202-217): TOML-based configuration with enable_fapi_enforcement setting

Both paths correctly reference the DCR API documentation. Branching logic is clear and maintainable.

en/identity-server/7.2.0/docs/deploy/compliance/index.md (1)

13-14: FAPI compliance entry maintains version consistency.

The entry follows the established pattern and ensures all documented versions include FAPI compliance documentation.

en/identity-server/7.2.0/mkdocs.yml (2)

20-20: Version-specific site_url update is correct.

The site URL correctly reflects the 7.2.0 version, moving from the next placeholder to a pinned release version. This ensures that all documentation links and references are properly scoped to this version.

---

950-950: FAPI navigation entry is properly placed and structured.

The new FAPI compliance documentation link is correctly positioned in alphabetical order within the Compliance section, following the same format as other compliance entries (GDPR, eIDAS, CCPA, FIPS). This aligns with the PR objective to add FAPI 2.0 compliance documentation.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix hyphenation in FAPI compliance introduction.

Line 7 should use "FAPI-compliant" (hyphenated) as a compound adjective modifying "application," not "FAPI compliant" (two words).

Apply this fix:

-To create a FAPI compliant application, refer to the guide on [registering a FAPI-compliant application]({{base_path}}/guides/applications/register-a-fapi-compliant-app/).
+To create a FAPI-compliant application, refer to the guide on [registering a FAPI-compliant application]({{base_path}}/guides/applications/register-a-fapi-compliant-app/).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	To create a FAPI compliant application, refer to the guide on [registering a FAPI-compliant application]({{base_path}}/guides/applications/register-a-fapi-compliant-app/).
	To create a FAPI-compliant application, refer to the guide on [registering a FAPI-compliant application]({{base_path}}/guides/applications/register-a-fapi-compliant-app/).

🧰 Tools

🪛 LanguageTool

[grammar] ~7-~7: Use a hyphen to join words.
Context: ...-compliant API access. To create a FAPI compliant application, refer to the guid...

(QB_NEW_EN_HYPHEN)

🤖 Prompt for AI Agents

In en/includes/deploy/compliance/fapi.md around line 7, the phrase "FAPI
compliant application" should be corrected to the compound adjective
"FAPI-compliant application"; update the text to insert a hyphen between "FAPI"
and "compliant" so it reads "FAPI-compliant application" to properly modify
"application."