Merge pull request #6140 from UdeshAthukorala/improve-action-docs

UdeshAthukorala · web-flow · commit 85d5777de147 · 2026-05-15T13:16:46.000+05:30
Improve Documentation on OAuth2 client credentials and password grant based authentication support for actions
diff --git a/en/includes/guides/service-extensions/pre-flow-extensions/action-versions/pre-issue-id-token-action-v1.x.md b/en/includes/guides/service-extensions/pre-flow-extensions/action-versions/pre-issue-id-token-action-v1.x.md
@@ -565,7 +565,7 @@ Configure the authentication scheme when registering the action in {{product_nam
 - **OAuth 2.0 Password Grant**: {{product_name}} retrieves an access token from the configured token endpoint using the OAuth 2.0 resource owner password credentials grant and uses it as a bearer token when invoking the action endpoint.
 
 !!! warning
-    If you use your own {{product_name}} organization as the authorization server (that is, the configured token endpoint belongs to the same organization and the OAuth 2.0 application used to obtain the access token resides in the same organization), exclude that application from this **Pre-Issue ID Token** action (and the **Pre-Issue Access Token** action) by configuring a rule. Otherwise the token issuance flow will fall into a cyclic dependency, since the action invocation triggers a token request, which in turn triggers the same action again. As a result, the ID token and access token issuance will break.
+    If you use the same {{product_name}} organization as the authorization server, you must exclude the application used to get the access token in action authorization from this **Pre-Issue ID Token** action (and the **Pre-Issue Access Token** action) by configuring a rule. Otherwise, ID token and access token issuance will break.
 {% endif %}
 
 ## Conditional invocation of pre-issue id token action
diff --git a/en/includes/guides/service-extensions/pre-flow-extensions/setting-up-actions.md b/en/includes/guides/service-extensions/pre-flow-extensions/setting-up-actions.md
@@ -57,7 +57,7 @@ Follow the steps below to configure an action.
         - OAuth 2.0 Password Grant - Provide the token endpoint, client ID, client secret, username, password, and optionally a space-separated list of scopes. {{product_name}} retrieves a fresh access token from the configured token endpoint using the OAuth 2.0 resource owner password credentials grant and uses it as a bearer token when invoking the action endpoint.
 
             !!! warning
-                If you use your own {{product_name}} organization as the authorization server (that is, the configured token endpoint belongs to the same organization and the OAuth 2.0 application used to obtain the access token resides in the same organization), you must exclude that application from the **Pre-Issue Access Token** and **Pre-Issue ID Token** actions by configuring a rule. Otherwise the token issuance flow will fall into a cyclic dependency, since the action invocation triggers a token request, which in turn triggers the same action again. As a result, the access token and ID token issuance will break.
+                If you use the same {{product_name}} organization as the authorization server, you must exclude the application used to get the access token in action authorization from the **Pre-Issue Access Token** and **Pre-Issue ID Token** actions by configuring a rule. Otherwise, access token and ID token issuance will break.
         {% endif %}
         - No Authentication - No authentication (recommended only for testing purposes).
 
