Add Asgardeo for the tutorials

docs/tutorials/todo-manager/README.mdx

@@ -88,6 +88,45 @@ To implement [role-based access control (RBAC)](https://auth.wiki/rbac) in your
 
 The scopes will be included in the JWT access token's `scope` claim as a space-separated string.
 
+</TabItem>
+<TabItem value="asgardeo" label="Asgardeo">
+    [Asgardeo](https://wso2.com/asgardeo)  supports Role-Based Access Control (RBAC) and fine-grained authorization using API resources and scopes. Here's how to configure it:
+
+    1. Sign in to the [Asgardeo Console](https://console.asgardeo.io)
+
+    2. Define your API resource and scopes:
+        - Go to **API Resources**
+        - Click **"New API Resource"**
+        - Set the **Identifier** to `https://todo.mcp-server.app` (or your desired URL)
+        - Let the Display Name be `Todo Manager`
+        - Add the following scopes:
+            - `create:todos` : "Create new todo items"
+            - `read:todos` : "Read all todo items"
+            - `delete:todos` : "Delete any todo item"
+        - Create the resource
+
+    3. Create roles:
+        - Use the **User Management > Roles** to create roles and assign scopes directly.
+        - Click **New Role**
+        - Provide the role name (e.g., `Admin` or `User`) in **Basic Details** section
+        - Let the role audience be `Application` and select the `MCP Inspector Application` as the **Assigned Application**
+        - In **Permission Selection** section, choose the API resource you created earlier (e.g., `Todo Manager`)
+        - Select the scopes you want to assign to this role (e.g., `create:todos`, `read:todos`, `delete:todos`)
+        - Click **Finish** to create the role
+
+    If you have already created the application
+        - Navigate to **Application > MCP Inspector Application > Roles tab**
+        - Select **Application Role** as the audience type, then click **New Role**
+        - Create an `Admin` role and attach all three scopes
+        - Create a `User` role and attach only the `create:todos` scope
+
+    4. Assign roles to users:
+        - Go to **User Management > Roles**
+        - Select the role you created (e.g., `Admin` or `User`) and move to **Users** tab
+        - Select **Assign User** and choose the users you want to assign this role to and save.
+
+    The scopes will be included in the JWT access token's `scope` claim as a space-separated string.
+
 </TabItem>
 <TabItem value="oauth-oidc" label="OAuth 2.0 / OIDC">
 
@@ -267,6 +306,58 @@ In [Keycloak](https://www.keycloak.org), you can set up the required permissions
 
 Keycloak will include the granted scopes in the access token's `scope` claim.
 
+</TabItem>
+<TabItem value="asgardeo" label="Asgardeo">
+
+[Asgardeo](https://wso2.com/asgardeo)  supports Role-Based Access Control (RBAC) and fine-grained authorization using API resources and scopes. Here's how to configure it:
+
+1. Sign in to the [Asgardeo Console](https://console.asgardeo.io)
+
+2. Define your API resource and scopes:
+    - Go to **API Resources**
+    - Click **"New API Resource"**
+    - Set the **Identifier** to `https://todo.mcp-server.app` (or your desired URL)
+    - Let the Display Name be `Todo Manager`
+    - Add the following scopes:
+        - `create:todos` : "Create new todo items"
+        - `read:todos` : "Read all todo items"
+        - `delete:todos` : "Delete any todo item"
+    - Create the resource
+
+3. Create roles:
+    - Use the **User Management > Roles** to create roles and assign scopes directly.
+    - Click **New Role**
+    - Provide the role name (e.g., `Admin` or `User`) in **Basic Details** section
+    - Let the role audience be `Application` and select the `MCP Inspector Application` as the **Assigned Application**
+    - In **Permission Selection** section, choose the API resource you created earlier (e.g., `Todo Manager`)
+    - Select the scopes you want to assign to this role (e.g., `create:todos`, `read:todos`, `delete:todos`)
+    - Click **Finish** to create the role
+
+    If you have already created the application
+    - Navigate to **Application > MCP Inspector Application > Roles tab**
+    - Select **Application Role** as the audience type, then click **New Role**
+    - Create an `Admin` role and attach all three scopes
+    - Create a `User` role and attach only the `create:todos` scope
+
+4. Assign roles to users:
+    - Go to **User Management > Roles**
+    - Select the role you created (e.g., `Admin` or `User`) and move to **Users** tab
+    - Select **Assign User** and choose the users you want to assign this role to and save.
+
+5. Update the Auth configuration
+    - Go to **MCP Inspector Application > OAuth Configurations**
+    - Enter the value {"scope": "openid profile create:todos read:todos delete:todos"} in the Auth Params field.
+
+The scopes will be included in the JWT access token's `scope` claim as a space-separated string.
+After configuring your authorization server, users will receive access tokens containing their granted scopes. The MCP server will use these scopes to determine:
+
+Whether a user can create new todos (create:todos)
+Whether a user can view all todos (read:todos) or only their own
+Whether a user can delete any todo (delete:todos) or only their own
+
+For more details on configuring Asgardeo, refer to the following resources:
+- [API Resources Guide](https://wso2.com/asgardeo/docs/guides/authorization/api-authorization)
+- [Role Management](https://wso2.com/asgardeo/docs/guides/users/manage-roles)
 </TabItem>
 <TabItem value="oauth-or-oidc" label="OAuth 2 / OIDC">
 

docs/tutorials/whoami/README.mdx

@@ -67,6 +67,17 @@ To fetch an access token that can be used to access the userinfo endpoint, at le
 
 To fetch an access token that can be used to access the userinfo endpoint, at least two scopes are required: `openid` and `profile`. You can continue reading as we'll cover the scope configuration later.
 
+</TabItem>
+
+<TabItem value="asgardeo" label="Asgardeo">
+
+[Asgardeo](https://wso2.com/asgardeo) is a cloud-native identity as a service (IDaaS) platform that supports OAuth 2.0 and OpenID Connect (OIDC), providing robust identity and access management for modern applications.
+
+User information is encoded inside the ID token returned along with the access token. But as an OIDC provider, Asgardeo exposes a [UserInfo endpoint](https://wso2.com/asgardeo/docs/guides/authentication/oidc/request-user-info/) that allows applications to retrieve claims about the authenticated user in the payload.
+
+You can also discover this endpoint dynamically via the [OIDC discovery endpoint](https://wso2.com/asgardeo/docs/guides/authentication/oidc/discover-oidc-configs) or by navigating to the application's 'Info' tab in the Asgardeo Console.
+
+To fetch an access token that can be used to access the userinfo endpoint, at least two scopes are required: `openid` and `profile`.
 </TabItem>
 <TabItem value="oidc" label="OIDC">
 
@@ -408,7 +419,43 @@ docker run -p 8080:8080 -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADM
 { "scope": "openid profile email" }
 ```
 
-</TabItem>
+ </TabItem>
+<TabItem value="asgardeo" label="Asgardeo">
+
+[Asgardeo](https://wso2.com/asgardeo) is a cloud-native identity as a service (IDaaS) platform that supports OAuth 2.0 and OpenID Connect (OIDC), enabling secure identity and access management for your applications.
+
+While Asgardeo supports dynamic client registration via a standard API, the endpoint is protected and requires an access token with the necessary permissions. In this tutorial, we’ll register the client manually through the Asgardeo Console.
+
+:::note
+If you don’t have an Asgardeo account, you can [sign up for free](https://asgardeo.io).
+:::
+
+Follow these steps to configure Asgardeo for MCP Inspector:
+
+1. Log in to the [Asgardeo Console](https://console.asgardeo.io) and select your organization.
+
+2. Create a new application:
+    - Go to **Applications** → **New Application**
+    - Choose **Single-Page Application**
+    - Enter an application name like `MCP Inspector`
+    - In the **Authorized Redirect URLs** field, paste the **Redirect URL** copied from MCP Inspector client application (e.g.: `http://localhost:6274/oauth/callback`)
+    - Click **Create**
+
+3. Configure the protocol settings:
+    - Under the **Protocol** tab:
+    - Copy the **Client ID** that was auto generated.
+    - Ensure switching to `JWT` for the `Token Type` in **Access Token** section
+    - Click **Update**
+
+4. In MCP Inspector client application:
+    - Open the **OAuth Configuration** section
+    - Paste the copied **Client ID**
+    - Enter the following in the **Auth Params** field to request the necessary scopes:
+
+```json
+{ "scope": "openid profile email" }
+```
+ </TabItem>
 <TabItem value="oidc" label="OIDC">
 
 :::note
@@ -502,6 +549,15 @@ The issuer URL can be found in your Keycloak Admin Console. In your 'mcp-realm',
 
 </TabItem>
 
+<TabItem value="asgardeo" label="Asgardeo">
+
+    You can find the issuer URL in the Asgardeo Console. Navigate to the created application, and open the **Info** tab. The **Issuer** field will be displayed there and should look like:
+    https://api.asgardeo.io/t/&lt;your-organization-name&gt;/oauth2/token
+
+    <SetupOidc />
+
+</TabItem>
+
 <TabItem value="oidc" label="OIDC">
 
 The following code also assumes that the authorization server supports the [userinfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) to retrieve user identity information. If your provider does not support this endpoint, you will need to check your provider's documentation for the specific endpoint and replace the userinfo endpoint variable with the correct URL.