Docs: Improve oauth configuration documentation and examples (#7675)

### What problem does this PR solve?

Improve oauth configuration documentation and examples.

- Related pull requests: 
  - #7379
  - #7553
  - #7587
- Related issues:
  -  #3495
### Type of change

- [x] Documentation Update

api/apps/auth/README.md

@@ -17,16 +17,16 @@ oauth_config = {
     "type": "oauth2",
     "client_id": "your_client_id",
     "client_secret": "your_client_secret",
-    "authorization_url": "https://provider.com/oauth/authorize",
+    "authorization_url": "https://your-oauth-provider.com/oauth/authorize",
-    "token_url": "https://provider.com/oauth/token",
+    "token_url": "https://your-oauth-provider.com/oauth/token",
-    "userinfo_url": "https://provider.com/oauth/userinfo",
+    "userinfo_url": "https://your-oauth-provider.com/oauth/userinfo",
     "redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
 }
 
 # OIDC configuration
 oidc_config = {
     "type": "oidc",
-    "issuer": "https://provider.com/v1/oidc",
+    "issuer": "https://your-oauth-provider.com/oidc",
     "client_id": "your_client_id",
     "client_secret": "your_client_secret",
     "redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"

conf/service_conf.yaml

@@ -63,28 +63,28 @@ redis:
 #   api_key: 'sk-xxxxxxxxxxxxx'
 #   base_url: ''
 # oauth:
-#   github:
+#   oauth2:
-#     type: github
+#     display_name: "OAuth2"
-#     icon: github
+#     client_id: "your_client_id"
-#     display_name: "Github"
+#     client_secret: "your_client_secret"
-#     client_id: xxxxxxxxxxxxxxxxxxxxxxxxx
+#     authorization_url: "https://your-oauth-provider.com/oauth/authorize"
-#     client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
+#     token_url: "https://your-oauth-provider.com/oauth/token"
-#     redirect_uri: https://your-app.com/v1/user/oauth/callback/github
+#     userinfo_url: "https://your-oauth-provider.com/oauth/userinfo"
-#   feishu:
+#     redirect_uri: "https://your-app.com/v1/user/oauth/callback/oauth2"
-#     app_id: cli_xxxxxxxxxxxxxxxxxxx
+#   oidc:
-#     app_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
+#     display_name: "OIDC"
-#     app_access_token_url: https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal
+#     client_id: "your_client_id"
-#     user_access_token_url: https://open.feishu.cn/open-apis/authen/v1/oidc/access_token
+#     client_secret: "your_client_secret"
-#     grant_type: 'authorization_code'
+#     issuer: "https://your-oauth-provider.com/oidc"
-#   custom_channel:
-#     type: oidc
-#     icon: sso
-#     display_name: "Custom Channel"
-#     issuer: https://provider.com/v1/oidc
-#     client_id: xxxxxxxxxxxxxxxxxxxxxxxxx
-#     client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
 #     scope: "openid email profile"
-#     redirect_uri: https://your-app.com/v1/user/oauth/callback/custom_channel
+#     redirect_uri: "https://your-app.com/v1/user/oauth/callback/oidc"
+#   github:
+#     type: "github"
+#     icon: "github"
+#     display_name: "Github"
+#     client_id: "your_client_id"
+#     client_secret: "your_client_secret"
+#     redirect_uri: "https://your-app.com/v1/user/oauth/callback/github"
 # authentication:
 #   client:
 #     switch: false

docker/README.md

@@ -155,8 +155,19 @@ The [.env](./.env) file contains important environment variables for Docker.
   - `prefix_path`: Optional. A prefix path to prepend to file names in the S3 bucket, which can help organize files within the bucket.
 
 - `oauth`
-  The OAuth configuration for signing up or signing in to RAGFlow using a third-party account.  It is disabled by default. To enable this feature, uncomment the corresponding lines in **service_conf.yaml.template**.
+  The OAuth configuration for signing up or signing in to RAGFlow using a third-party account.
-  - `github`: The GitHub authentication settings for your application. Visit the [Github Developer Settings page](https://github.com/settings/developers) to obtain your client_id and secret_key.
+  - `<channel>`: Custom channel ID.
+    - `type`: Authentication type, options include `oauth2`, `oidc`, `github`. Default is `oauth2`, when `issuer` parameter is provided, defaults to `oidc`.
+    - `icon`: Icon ID, options include `github`, `sso`, default is `sso`.
+    - `display_name`: Channel name, defaults to the Title Case format of the channel ID.
+    - `client_id`: Required, unique identifier assigned to the client application.
+    - `client_secret`: Required, secret key for the client application, used for communication with the authentication server.
+    - `authorization_url`: Base URL for obtaining user authorization.
+    - `token_url`: URL for exchanging authorization code and obtaining access token.
+    - `userinfo_url`: URL for obtaining user information (username, email, etc.).
+    - `issuer`: Base URL of the identity provider. OIDC clients can dynamically obtain the identity provider's metadata (`authorization_url`, `token_url`, `userinfo_url`) through `issuer`.
+    - `scope`: Requested permission scope, a space-separated string. For example, `openid profile email`.
+    - `redirect_uri`: Required, URI to which the authorization server redirects during the authentication flow to return results. Must match the callback URI registered with the authentication server. Format: `https://your-app.com/v1/user/oauth/callback/<channel>`. For local configuration, you can directly use `http://127.0.0.1:80/v1/user/oauth/callback/<channel>`.
 
 - `user_default_llm`  
   The default LLM to use for a new RAGFlow user. It is disabled by default. To enable this feature, uncomment the corresponding lines in **service_conf.yaml.template**.  

docker/service_conf.yaml.template

@@ -75,28 +75,28 @@ redis:
 #     asr_model: ''
 #     image2text_model: ''
 # oauth:
-#   github:
+#   oauth2:
-#     type: github
+#     display_name: "OAuth2"
-#     icon: github
+#     client_id: "your_client_id"
-#     display_name: "Github"
+#     client_secret: "your_client_secret"
-#     client_id: xxxxxxxxxxxxxxxxxxxxxxxxx
+#     authorization_url: "https://your-oauth-provider.com/oauth/authorize"
-#     client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
+#     token_url: "https://your-oauth-provider.com/oauth/token"
-#     redirect_uri: https://your-app.com/v1/user/oauth/callback/github
+#     userinfo_url: "https://your-oauth-provider.com/oauth/userinfo"
-#   feishu:
+#     redirect_uri: "https://your-app.com/v1/user/oauth/callback/oauth2"
-#     app_id: cli_xxxxxxxxxxxxxxxxxxx
+#   oidc:
-#     app_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
+#     display_name: "OIDC"
-#     app_access_token_url: https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal
+#     client_id: "your_client_id"
-#     user_access_token_url: https://open.feishu.cn/open-apis/authen/v1/oidc/access_token
+#     client_secret: "your_client_secret"
-#     grant_type: 'authorization_code'
+#     issuer: "https://your-oauth-provider.com/oidc"
-#   custom_channel:
-#     type: oidc
-#     icon: sso
-#     display_name: "Custom Channel"
-#     issuer: https://provider.com/v1/oidc
-#     client_id: xxxxxxxxxxxxxxxxxxxxxxxxx
-#     client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
 #     scope: "openid email profile"
-#     redirect_uri: https://your-app.com/v1/user/oauth/callback/custom_channel
+#     redirect_uri: "https://your-app.com/v1/user/oauth/callback/oidc"
+#   github:
+#     type: "github"
+#     icon: "github"
+#     display_name: "Github"
+#     client_id: "your_client_id"
+#     client_secret: "your_client_secret"
+#     redirect_uri: "https://your-app.com/v1/user/oauth/callback/github"
 # authentication:
 #   client:
 #     switch: false

docs/configurations.md

@@ -164,23 +164,52 @@ If you cannot download the RAGFlow Docker image, try the following mirrors.
 
 ### `oauth`  
 
-The OAuth configuration for signing up or signing in to RAGFlow using a third-party account.  It is disabled by default. To enable this feature, uncomment the corresponding lines in **service_conf.yaml.template**.
+The OAuth configuration for signing up or signing in to RAGFlow using a third-party account.
 
-- `github`: The GitHub authentication settings for your application. Visit the [GitHub Developer Settings](https://github.com/settings/developers) page to obtain your client_id and secret_key.
+- `<channel>`: Custom channel ID.
+  - `type`: Authentication type, options include `oauth2`, `oidc`, `github`. Default is `oauth2`, when `issuer` parameter is provided, defaults to `oidc`.
+  - `icon`: Icon ID, options include `github`, `sso`, default is `sso`.
+  - `display_name`: Channel name, defaults to the Title Case format of the channel ID.
+  - `client_id`: Required, unique identifier assigned to the client application.
+  - `client_secret`: Required, secret key for the client application, used for communication with the authentication server.
+  - `authorization_url`: Base URL for obtaining user authorization.
+  - `token_url`: URL for exchanging authorization code and obtaining access token.
+  - `userinfo_url`: URL for obtaining user information (username, email, etc.).
+  - `issuer`: Base URL of the identity provider. OIDC clients can dynamically obtain the identity provider's metadata (`authorization_url`, `token_url`, `userinfo_url`) through `issuer`.
+  - `scope`: Requested permission scope, a space-separated string. For example, `openid profile email`.
+  - `redirect_uri`: Required, URI to which the authorization server redirects during the authentication flow to return results. Must match the callback URI registered with the authentication server. Format: `https://your-app.com/v1/user/oauth/callback/<channel>`. For local configuration, you can directly use `http://127.0.0.1:80/v1/user/oauth/callback/<channel>`.
 
-#### OAuth/OIDC
+:::tip NOTE 
+The following are best practices for configuring various third-party authentication methods. You can configure one or multiple third-party authentication methods for Ragflow:
+```yaml
+oauth:
+  oauth2:
+    display_name: "OAuth2"
+    client_id: "your_client_id"
+    client_secret: "your_client_secret"
+    authorization_url: "https://your-oauth-provider.com/oauth/authorize"
+    token_url: "https://your-oauth-provider.com/oauth/token"
+    userinfo_url: "https://your-oauth-provider.com/oauth/userinfo"
+    redirect_uri: "https://your-app.com/v1/user/oauth/callback/oauth2"
 
-RAGFlow supports OAuth/OIDC authentication through the following routes:
+  oidc:
+    display_name: "OIDC"
+    client_id: "your_client_id"
+    client_secret: "your_client_secret"
+    issuer: "https://your-oauth-provider.com/oidc"
+    scope: "openid email profile"
+    redirect_uri: "https://your-app.com/v1/user/oauth/callback/oidc"
 
-- `/login/<channel>`: Initiates the OAuth flow for the specified channel
+  github:
-- `/oauth/callback/<channel>`: Handles the OAuth callback after successful authentication
+    # https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app
-
+    type: "github"
-The callback URL should be configured in your OAuth provider as:
+    icon: "github"
+    display_name: "Github"
+    client_id: "your_client_id"
+    client_secret: "your_client_secret"
+    redirect_uri: "https://your-app.com/v1/user/oauth/callback/github"
 ```
-https://your-app.com/oauth/callback/<channel>
+:::
-```
-
-For detailed instructions on configuring **service_conf.yaml.template**, please refer to [Usage](https://github.com/infiniflow/ragflow/blob/main/api/apps/auth/README.md#usage).
 
 ### `user_default_llm`