docs (#968)

2025-08-17 11:21:07 +02:00 · 2025-08-04 15:47:28 -04:00
parent 390dc8b47d
commit 0f74b27f6e
4 changed files with 250 additions and 131 deletions
--- a/docs/guides/self-hosting/oauth/integrations/github.md
+++ b/docs/guides/self-hosting/oauth/integrations/github.md
@ -1 +1,45 @@
-# Github
+---
+sidebar_position: 20
+---
+
+# GitHub OAuth Setup
+
+This guide covers setting up GitHub OAuth for your zrok public frontend.
+
+## Register OAuth Application
+
+Navigate to your GitHub account settings: **Settings > Developer Settings > OAuth Apps > Register a new application**
+
+![](../images/github_create_oauth_application_1.png)
+
+![](../images/github_create_oauth_application_2.png)
+
+Configure the **Authorization callback URL** to match your OAuth frontend address with `/github/oauth` appended:
+
+![](../images/github_create_oauth_application_3.png)
+
+Create a new client secret:
+
+![](../images/github_create_oauth_application_4.png)
+
+Save the client ID and client secret for your frontend configuration.
+
+## Frontend Configuration
+
+Add the GitHub provider to your `frontend.yml`:
+
+```yaml
+oauth:
+  providers:
+    - name: "github"
+      type: "github"
+      client_id: "<your-github-client-id>"
+      client_secret: "<your-github-client-secret>"
+```
+
+## Redirect URL Format
+
+For GitHub OAuth, the redirect URL should be:
+```
+https://your-oauth-frontend-domain:port/github/oauth
+```
--- a/docs/guides/self-hosting/oauth/integrations/google.md
+++ b/docs/guides/self-hosting/oauth/integrations/google.md
@ -1 +1,69 @@
-# Google
+---
+sidebar_position: 10
+---
+
+# Google OAuth Setup
+
+This guide covers setting up Google OAuth for your zrok public frontend.
+
+## OAuth Consent Screen
+
+Before configuring an OAuth Client ID, you must configure the "OAuth consent screen" in the Google Cloud Console.
+
+Navigate to: **APIs & Services > Credentials > OAuth consent screen**
+
+![](../images/google_oauth_content_screen_2.png)
+
+Configure your zrok public frontend's identity and branding:
+
+![](../images/google_oauth_content_screen_3.png)
+
+Add authorized domains and contact information:
+
+![](../images/google_oauth_content_screen_4.png)
+
+Add the `../auth/userinfo.email` scope (required for zrok to receive user email addresses):
+
+![](../images/google_oauth_content_screen_5.png)
+
+![](../images/google_oauth_content_screen_6.png)
+
+## Create OAuth 2.0 Client ID
+
+Navigate to: **APIs & Services > Credentials > + Create Credentials**
+
+![](../images/google_create_credentials_1.png)
+
+Select **OAuth client ID**:
+
+![](../images/google_create_credentials_2.png)
+
+Choose **Web Application**:
+
+![](../images/google_create_credentials_3.png)
+
+Configure the **Authorized redirect URIs** to match your OAuth frontend address with `/google/oauth` appended:
+
+![](../images/google_create_credentials_4.png)
+
+Save the client ID and client secret for your frontend configuration.
+
+## Frontend Configuration
+
+Add the Google provider to your `frontend.yml`:
+
+```yaml
+oauth:
+  providers:
+    - name: "google"
+      type: "google"
+      client_id: "<your-google-client-id>"
+      client_secret: "<your-google-client-secret>"
+```
+
+## Redirect URL Format
+
+For Google OAuth, the redirect URL should be:
+```
+https://your-oauth-frontend-domain:port/google/oauth
+```
--- a/docs/guides/self-hosting/oauth/integrations/oidc.md
+++ b/docs/guides/self-hosting/oauth/integrations/oidc.md
@ -1 +1,76 @@
-# Generic OIDC
+---
+sidebar_position: 30
+---
+
+# Generic OIDC Setup
+
+This guide covers setting up OpenID Connect (OIDC) providers for your zrok public frontend. OIDC is supported by many identity providers including Keycloak, Auth0, Okta, Azure AD, and others.
+
+## Provider Requirements
+
+Your OIDC provider must support:
+- Authorization Code flow
+- Discovery endpoint (optional but recommended)
+- PKCE (Proof Key for Code Exchange) - optional but recommended for security
+
+## Configure OIDC Provider
+
+1. Create a new OAuth/OIDC client in your provider's admin interface
+2. Set the **redirect URI** to: `https://your-oauth-frontend-domain:port/oidc/oauth`
+3. Configure required scopes: `openid`, `email`, `profile`
+4. Note the **client ID**, **client secret**, and **issuer URL**
+
+## Frontend Configuration
+
+Add the OIDC provider to your `frontend.yml`:
+
+```yaml
+oauth:
+  providers:
+    - name: "my-oidc-provider"
+      type: "oidc"
+      client_id: "<your-oidc-client-id>"
+      client_secret: "<your-oidc-client-secret>"
+      scopes: ["openid", "email", "profile"]
+      issuer: "https://your-oidc-provider.com"
+      supports_pkce: true  # recommended for security
+```
+
+### Configuration Options
+
+- **`name`**: Unique identifier for this provider (used in share commands)
+- **`type`**: Must be `"oidc"` for OpenID Connect providers
+- **`client_id`** and **`client_secret`**: OAuth client credentials from your provider
+- **`scopes`**: OAuth scopes to request (typically `["openid", "email", "profile"]`)
+- **`issuer`**: The OIDC issuer URL (used for auto-discovery)
+- **`discovery_url`**: Optional explicit discovery endpoint URL (if not using issuer auto-discovery)
+- **`supports_pkce`**: Whether the provider supports PKCE (recommended: `true`)
+
+## Common OIDC Providers
+
+### Keycloak
+```yaml
+issuer: "https://your-keycloak.com/realms/your-realm"
+```
+
+### Auth0
+```yaml
+issuer: "https://your-domain.auth0.com/"
+```
+
+### Azure AD
+```yaml
+issuer: "https://login.microsoftonline.com/<tenant-id>/v2.0"
+```
+
+### Okta
+```yaml
+issuer: "https://your-domain.okta.com/oauth2/default"
+```
+
+## Redirect URL Format
+
+For OIDC providers, the redirect URL should be:
+```
+https://your-oauth-frontend-domain:port/oidc/oauth
+```