Add client_credentials grant type docs for MCP auth

ai/model-context-protocol.mdx

@@ -38,7 +38,7 @@
 The MCP search tool supports optional parameters that AI applications use to control and refine search results.
 
 - **`pageSize`**: Number of results to return, between 1 and 50. Defaults to 10.
 - **`scoreThreshold`**: Minimum relevance score between 0 and 1. Only returns results at or above this threshold. Use this to filter out low-relevance matches.
 - **`version`**: Filter results to a specific documentation version. For example, `'v0.7'`. Only returns content tagged with the specified version or content available across all versions.
 - **`language`**: Filter results to a specific language code. For example, `'en'`, `'zh'`, or `'es'`. Only returns content in the specified language or content available across all languages.
 
@@ -104,6 +104,48 @@
   </Step>
 </Steps>
 
+### Machine-to-machine authentication
+
+For server-side applications, CI/CD pipelines, or automated tools that need to access your authenticated MCP server without user interaction, your MCP server supports the OAuth 2.0 `client_credentials` grant type.
+
+The `client_credentials` grant allows a registered client to authenticate directly with a client ID and client secret instead of going through the interactive Authorization Code flow. This is useful when:
+
+- A backend service needs to query your documentation programmatically.
+- An automated pipeline needs to retrieve documentation content.
+- A server-side application needs to access authenticated content without a browser-based login.
+
+To use the `client_credentials` grant, send a `POST` request to your MCP server's token endpoint with the client credentials. You can provide credentials either in the request body or using an `Authorization: Basic` header per [RFC 6749 Section 2.3.1](https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1).
+
+<CodeGroup>
+```bash Request body
+curl -X POST https://your-docs.com/authed/mcp/oauth/token \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "grant_type=client_credentials" \
+  -d "client_id=YOUR_CLIENT_ID" \
+  -d "client_secret=YOUR_CLIENT_SECRET"
+```
+
+```bash Authorization header
+curl -X POST https://your-docs.com/authed/mcp/oauth/token \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -H "Authorization: Basic $(echo -n 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' | base64)" \
+  -d "grant_type=client_credentials"
+```
+</CodeGroup>
+
+A successful response returns a Bearer token:
+
+```json
+{
+  "access_token": "eyJhbGciOiJS...",
+  "token_type": "Bearer",
+  "expires_in": 1209600,
+  "scope": "mcp:search"
+}
+```
+
+The token is valid for 14 days (`expires_in: 1209600` seconds) and has the `mcp:search` scope, which grants access to the search and get page tools. Tokens issued through `client_credentials` are subject to server-side revocation checks, so access can be revoked at any time without waiting for the token to expire.
+
 ### Rate limits
 
 To protect availability, Mintlify applies rate limits to MCP servers.