[7.2] Add non-persistent AT docs

[shashimalcse]

Purpose

$subject

Issue: wso2/product-is#24066

Related PRs

Test environment

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines?
• Ran FindSecurityBugs plugin and verified report?
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets?

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates the token persistence documentation to add guidance on recovery flows for token constraint violations and introduces comprehensive documentation for a new JWT access token persistence optimization feature, including configuration, behavior, and cleanup procedures.

Changes

Token Persistence Documentation & Recovery

Layer / File(s)	Summary
Recovery Flow Documentation en/identity-server/7.2.0/docs/deploy/token-persistence.md	Added "Synchronous token persistence recovery" subsection to document handling of CON_APP_KEY constraint violations for identical token requests across nodes.
Non-Persistent JWT Access Tokens Feature en/identity-server/7.2.0/docs/deploy/token-persistence.md	Added "Optimizing JWT access token persistence" section explaining non-persistent JWT access tokens, operational differences from persistent flows, feature limitations, constraints, and a table of internal JWT claims available in non-persistent mode.
Configuration & Deployment en/identity-server/7.2.0/docs/deploy/token-persistence.md	Added instructions to enable JWT access token persistence optimization, including guidance for custom JWT token issuers and deployment.toml configuration examples for non-persistent access tokens, optional refresh-token persistence, and revoked-token retention toggling.
Operations & Cleanup en/identity-server/7.2.0/docs/deploy/token-persistence.md	Added cleanup section detailing stored-procedure-based removal of unused refresh tokens and revoke entries when non-persistent access tokens are enabled, including server-configured cleanup triggers and manual cleanup warnings for specific audit/revoke tables.

Suggested labels

Team/API Access Mgt & Authorization

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description uses a template placeholder ($subject) instead of providing a meaningful purpose statement, and critical sections like test environment are incomplete with only placeholders.	Replace the $subject placeholder with a concrete description of the documentation changes, and fill in the test environment section with relevant details or mark as N/A for documentation-only changes.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding documentation for non-persistent access tokens in version 7.2.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

en/identity-server/7.2.0/docs/deploy/token-persistence.md (1)

49-60: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use one canonical constraint name in this recovery section.

This section references CON_APP_KEY, while earlier parts of the same document use CONN_APP_KEY. Please standardize to the exact constraint name used by the product to avoid troubleshooting confusion.

As per coding guidelines, use one term per concept and do not switch terminology mid-document.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/7.2.0/docs/deploy/token-persistence.md` around lines 49 -
60, The recovery section uses a different constraint name (CON_APP_KEY) than
earlier in the document (CONN_APP_KEY); standardize by replacing the incorrect
occurrences in the recovery flow with the canonical product constraint name
CONN_APP_KEY so the whole document consistently uses CONN_APP_KEY (search for
"CON_APP_KEY" in the token-persistence.md recovery paragraphs and update those
references to "CONN_APP_KEY").

🧹 Nitpick comments (1)

en/identity-server/7.2.0/docs/deploy/token-persistence.md (1)

180-187: ⚡ Quick win

Add defaults and valid values for oauth.token_persistence properties.

This example is helpful, but it should also state each property’s default and allowed values (true/false) so users can apply the change safely.

As per coding guidelines, “When documenting configuration, describe what the setting controls, state the default value, state constraints (type, valid range, allowed values), provide a minimal example, and explain when the user should change it.”

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/7.2.0/docs/deploy/token-persistence.md` around lines 180 -
187, The example configuration for oauth.token_persistence lacks default values,
allowed values and short descriptions for each property; update the
token-persistence.md section to document each property (persist_access_token,
retain_revoked_token, persist_refresh_token) by stating what it controls, its
default (true/false), its type/constraints (boolean; allowed values:
true/false), and when to change it, then keep the minimal toml example shown;
ensure the property names and their defaults are clearly called out next to the
example so readers can apply the change safely.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@en/identity-server/7.2.0/docs/deploy/token-persistence.md`:
- Line 88: Fix the spacing in the unsupported-features list item: update the
sentence containing "**Token binding**, **Retrieving authorized apps for
user**,**Rich Authorization Details**,  and **OIDC Request Object**" so there is
a space after the comma between "**Retrieving authorized apps for user**,**Rich
Authorization Details**" (i.e., change to "**Retrieving authorized apps for
user**, **Rich Authorization Details**") and ensure consistent single spaces
after all commas in that list.

---

Outside diff comments:
In `@en/identity-server/7.2.0/docs/deploy/token-persistence.md`:
- Around line 49-60: The recovery section uses a different constraint name
(CON_APP_KEY) than earlier in the document (CONN_APP_KEY); standardize by
replacing the incorrect occurrences in the recovery flow with the canonical
product constraint name CONN_APP_KEY so the whole document consistently uses
CONN_APP_KEY (search for "CON_APP_KEY" in the token-persistence.md recovery
paragraphs and update those references to "CONN_APP_KEY").

---

Nitpick comments:
In `@en/identity-server/7.2.0/docs/deploy/token-persistence.md`:
- Around line 180-187: The example configuration for oauth.token_persistence
lacks default values, allowed values and short descriptions for each property;
update the token-persistence.md section to document each property
(persist_access_token, retain_revoked_token, persist_refresh_token) by stating
what it controls, its default (true/false), its type/constraints (boolean;
allowed values: true/false), and when to change it, then keep the minimal toml
example shown; ensure the property names and their defaults are clearly called
out next to the example so readers can apply the change safely.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 420e3b22-5340-41fa-8ab2-aa73708d6320

📥 Commits

Reviewing files that changed from the base of the PR and between 49f8912 and 087adc4.

📒 Files selected for processing (1)

• en/identity-server/7.2.0/docs/deploy/token-persistence.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix spacing in the unsupported-features list item.

There is a missing space after the comma in **,**Rich Authorization Details**, which hurts readability.

As per coding guidelines, use plain language and keep list content clear and easy to scan.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@en/identity-server/7.2.0/docs/deploy/token-persistence.md` at line 88, Fix
the spacing in the unsupported-features list item: update the sentence
containing "**Token binding**, **Retrieving authorized apps for user**,**Rich
Authorization Details**,  and **OIDC Request Object**" so there is a space after
the comma between "**Retrieving authorized apps for user**,**Rich Authorization
Details**" (i.e., change to "**Retrieving authorized apps for user**, **Rich
Authorization Details**") and ensure consistent single spaces after all commas
in that list.