Add guides for common OIDC providers

This is a first revision of this guide and likely subject to
extension/improvement going forward but it'll definitely help setting
up Weave GitOps as an OIDC client properly.

Signed-off-by: Max Jonas Werner <mail@makk.es>

website/docs/guides/oidc.mdx

@@ -0,0 +1,71 @@
+---
+title: Common OIDC provider configurations
+---
+
+This page provides guides for configuring Weave GitOps with the most common OIDC providers.
+
+## Google
+
+1. Obtain the client ID and secret by following the [official guide](https://developers.google.com/identity/openid-connect/openid-connect)
+   from Google.
+1. Configure Weave GitOps:
+
+   ```yaml
+   apiVersion: v1
+   kind: Secret
+   metadata:
+       name: oidc-auth
+       namespace: WEAVE_GITOPS_NAMESPACE
+   stringData:
+       clientID: CLIENT_ID_FROM_STEP_1
+       clientSecret: CLIENT_SECRET_FROM_STEP_1
+       issuerURL: https://accounts.google.com
+       redirectURL: http://YOUR_WEAVE_GITOPS_DOMAIN/oauth2/callback
+       customScopes: openid,email
+   ```
+
+## Azure AD
+
+1. Obtain the client ID and secret by following the [official guide](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app)
+   from Microsoft.
+1. Configure Weave GitOps:
+
+   ```yaml
+   apiVersion: v1
+   kind: Secret
+   metadata:
+       name: oidc-auth
+       namespace: WEAVE_GITOPS_NAMESPACE
+   stringData:
+       clientID: CLIENT_ID_FROM_STEP_1
+       clientSecret: CLIENT_SECRET_FROM_STEP_1
+       issuerURL: https://login.microsoftonline.com/TENANT_ID/v2.0
+       redirectURL: http://YOUR_WEAVE_GITOPS_DOMAIN/oauth2/callback
+       customScopes: openid
+       claimUsername: sub
+   ```
+
+## Keycloak
+
+Keycloak is highly customizable so the steps to obtain client ID and secret will vary depending on your setup. The
+general steps are very similar and the following steps point to the appropiate pages in the official Keycloak
+documentation:
+
+1. Log in to the Keycloak admin console and [create a realm](https://www.keycloak.org/docs/latest/server_admin/#configuring-realms).
+1. [Create a client application](https://www.keycloak.org/docs/latest/authorization_services/index.html#_resource_server_create_client)
+   and choose "OpenID Connect" as the client type.
+1. Make sure to set the "Client Authenticator" on the "Credentials" tab to "Client Id and Secret" and generate a secret.
+1. Configure Weave GitOps:
+
+   ```yaml
+   apiVersion: v1
+   kind: Secret
+   metadata:
+       name: oidc-auth
+       namespace: WEAVE_GITOPS_NAMESPACE
+   stringData:
+       clientID: CLIENT_ID_FROM_STEP_2
+       clientSecret: CLIENT_SECRET_FROM_STEP_3
+       issuerURL: https://KEYCLOAK_DOMAIN/realms/KEYCLOAK_REALM
+       redirectURL: https://YOUR_WEAVE_GITOPS_DOMAIN/oauth2/callback
+   ```

website/sidebars.js

@@ -114,6 +114,7 @@
       type: 'category',
       label: 'Guides',
       items: [
+        'guides/oidc',
         'guides/displaying-custom-metadata',
         'guides/fluxga-upgrade',
       ],