[TOO-193] Adding Figma Optimized Toolkit Docs #587
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
| 3. Configure the required scopes for your application: | ||
| - `files:read` - Read access to files | ||
| 3. Configure the required scopes for your application based on the tools you need: | ||
| - `file_content:read` - Read access to file content and structure |
There was a problem hiding this comment.
Is it necessary to mention the scopes in two different places? In the future, when this needs to be updated, we risk someone updates the first block of mentions and skip the second. Perhaps we can add a link here referring to the block listing the scopes?
| - `files:read` - Read access to files | ||
| - `file_comments:write` - Write access to file comments | ||
| ### File and Content Access | ||
| - `file_content:read` - Read access to file structure and content (required for most file operations) |
There was a problem hiding this comment.
Same as previous comment about duplicating the list of scopes.
|
|
||
| For a complete list of available scopes and their descriptions, refer to the [Figma API documentation](https://www.figma.com/developers/api#authentication). | ||
| <Callout type="warning"> | ||
| The `projects:read` scope is **only available in private Figma OAuth apps**. If you need to access team projects and files, you must create a private OAuth app through your Figma organization. |
There was a problem hiding this comment.
I think we should have this warning (or link to it) next to the list of scopes.
It'd also be good to have this warning where we document the tools which depend on this scope.
byrro
left a comment
byrro
left a comment
There was a problem hiding this comment.
Left a few suggestions for consideration, no red flags, pre-approving anyways.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| - `file_comments:write` - Write access to file comments | ||
| - Add other scopes as needed for your use case | ||
| - `current_user:read` - Read access to user profile | ||
| - `projects:read` - Read access to team projects (private apps only) |
There was a problem hiding this comment.
Bug: Duplicated scopes list creates maintenance risk (Bugbot Rules)
As noted in the PR discussion by @byrro, the OAuth scopes are listed in two separate locations in this documentation file. The first list appears in "Required scopes for the Figma MCP Server" (lines 27-33) and the second appears in "Set up OAuth configuration" (lines 78-86). If these scopes need to be updated in the future, there's a risk that only one location gets updated, leading to inconsistent documentation. Consider consolidating to a single authoritative list with cross-references.
Adding documentation for Figma's optimized MCP Server:
Closes TOO-193
Closes TOO-194
Note
Adds comprehensive docs and examples for the Figma MCP Server and updates the Figma OAuth provider configuration (scopes, PKCE, endpoints).
app/en/mcp-servers/development/figma/page.mdxdocumenting 15 tools (files, components, styles, comments, navigation, user context) with required scopes and behavior hints.figmainapp/en/mcp-servers/development/_meta.tsx.app/en/home/auth-providers/figma/page.mdx)mcp-servers/development/figma.file_content:read,library_*,team_library_*,current_user:read,projects:readwith private-app note).figma, token URLhttps://api.figma.com/v1/oauth/token, scope delimiter set to space, PKCE (S256) enabled, addedrefresh_request, request/response content types, and{{scopes}} {{existing_scopes}}.figmaand new scopes.public/examples/integrations/mcp-servers/figma/*demonstratingclient.tools.authorizeandexecuteusage.Written by Cursor Bugbot for commit 5e387fd. This will update automatically on new commits. Configure here.