Add documentation on OAuth Providers and OAuth Agent Authentication

[AnoshanJ]

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Add documentation on OAuth Providers and OAuth Agent Authentication

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter �N/A� plus brief explanation of why there�s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type �Sent� when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type �N/A� and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• Documentation
  • Added tutorials for configuring identity providers and securing agent endpoints with OAuth
  • Enhanced API documentation with operational guidance on identity provider behavior
  • Reorganized tutorial sidebar ordering

[coderabbitai]

📝 Walkthrough

Walkthrough

Two new user-facing tutorial pages are added for configuring OAuth identity providers and securing agent endpoints with OAuth. Existing tutorial sidebar positions are reordered to accommodate them. Controller comments, the OpenAPI YAML, and the generated Go spec are all updated with "sharp edge" warnings about AMS mirror vs. gateway runtime divergence on upsert/delete operations.

Changes

Identity Provider API Warnings and Tutorial Documentation

Layer / File(s)	Summary
Mirror/runtime divergence warnings in controller, OpenAPI YAML, and generated spec agent-manager-service/controllers/gateway_identity_provider_controller.go, agent-manager-service/docs/api_v1_openapi.yaml, agent-manager-service/spec/api_gateway_identity_providers.go	Expanded comments for UpsertGatewayIdentityProvider and DeleteGatewayIdentityProvider across all three files to warn that writes/deletes affect only the AMS mirror and not the gateway runtime, and that manage-identity-provider.sh must be used to keep both in sync.
New configure-identity-providers tutorial documentation/docs/tutorials/configure-identity-providers.mdx	New tutorial covering System vs. Custom provider types, prerequisites, a four-step workflow (open page → add provider → run console-rendered curl command → remove provider), and cautions against direct API calls that cause mirror/runtime drift.
New secure-agent-endpoints-with-oauth tutorial documentation/docs/tutorials/secure-agent-endpoints-with-oauth.mdx	New tutorial describing how to enable gateway-level OAuth on platform-hosted API agents, configure identity providers, audiences, header options, and token forwarding, invoke the secured endpoint, and notes on console limitations and mutual exclusivity with API key security.
Sidebar registration and position reordering documentation/sidebars.ts, documentation/docs/tutorials/configure-cors-for-agent-endpoints.mdx, documentation/docs/tutorials/configure-agent-llm-configuration.mdx, documentation/docs/tutorials/configure-agent-mcp-proxies.mdx	Two new tutorial slugs registered in the Docusaurus sidebar; existing CORS, LLM, and MCP proxy tutorial sidebar_position values incremented to make room for the new entries.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• RAVEENSR

Poem

🐇 Hop, hop — new docs appear today,
With "sharp edge" warnings on the gateway way!
The mirror and runtime must stay in sync,
Or tokens may fail at the OAuth brink.
The sidebar shifts to make room for more,
Two new tutorials walk through the door! 🗝️

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description contains only the template structure with minimal information filled in; the Purpose section mentions adding OAuth documentation but most other required sections are empty or contain placeholder text.	Complete the description by filling in Goals, Approach, User Stories, Release Notes, Documentation links, and other required sections with specific details about the changes made.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title accurately reflects the main changes: two new documentation tutorials on configuring OAuth identity providers and securing agent endpoints with OAuth.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}