Revert "feat(ID token support): Add ID token support for authenticating to MC…" (#12162)

docs/tools/mcp-server.md

@@ -150,11 +150,6 @@ Each server configuration supports the following properties:
   server. Tools listed here will not be available to the model, even if they are
   exposed by the server. **Note:** `excludeTools` takes precedence over
   `includeTools` - if a tool is in both lists, it will be excluded.
-- **`allow_unscoped_id_tokens_cloud_run`** (boolean): When `true` and the MCP
-  server host is a Cloud Run service (`*.run.app`), the CLI will use Google
-  Application Default Credentials (ADC) to generate an unscoped ID token and
-  send it as `Authorization: Bearer <token>`. When using this flag, do not set
-  OAuth scopes; they are not needed.
 - **`targetAudience`** (string): The OAuth Client ID allowlisted on the
   IAP-protected application you are trying to access. Used with
   `authProviderType: 'service_account_impersonation'`.
@@ -286,26 +281,6 @@ property:
 }
 ```
 
-#### Google Credential with Cloud Run ID tokens
-
-When connecting to a Cloud Run service endpoint (`*.run.app`), you must opt into
-ID token based authentication using ADC. Note that the generated ID token is
-unscoped.
-
-```json
-{
-  "mcpServers": {
-    "googleCloudServer": {
-      "url": "https://my-gcp-service.run.app/sse",
-      "authProviderType": "google_credentials",
-      "allow_unscoped_id_tokens_cloud_run": true
-    }
-  }
-}
-```
-
-Note: Only `*.run.app` hosts are supported for this flag.
-
 #### Service Account Impersonation
 
 To authenticate with a server using Service Account Impersonation, you must set