update documentation for allowed_domains in oauth and oidc (#416)

docs/documentation/configuration/examples.md

@@ -72,7 +72,8 @@ auth:
 
 auth:
   oidc:
-    # a sample Entra ID provider with environment variable substitution
+    # A sample Entra ID provider with environment variable substitution.
+    # Only users with an @outlook.com email address are allowed to register or login.
     - id: azure
       provider_name: azure
       display_name: Login with</br>Entra ID
@@ -80,6 +81,8 @@ auth:
       base_url: "https://login.microsoftonline.com/${AZURE_TENANT_ID}/v2.0"
       client_id: "${AZURE_CLIENT_ID}"
       client_secret: "${AZURE_CLIENT_SECRET}"
+      allowed_domains:
+        - "outlook.com"
       extra_scopes:
         - profile
         - email

docs/documentation/configuration/overview.md

@@ -368,6 +368,10 @@ Below are the properties for each OIDC provider entry inside `auth.oidc`:
 - **Default:** *(empty)*
 - **Description:** A list of additional OIDC scopes (e.g., `profile`, `email`).
 
+#### `allowed_domains`
+- **Default:** *(empty)*
+- **Description:** A list of allowlisted domains. Only users with email addresses in these domains can log in or register. This is useful for restricting access to specific organizations or groups.
+
 #### `field_map`
 - **Default:** *(empty)*
 - **Description:** Maps OIDC claims to WireGuard Portal user fields. 
@@ -437,6 +441,10 @@ Below are the properties for each OAuth provider entry inside `auth.oauth`:
 - **Default:** *(empty)*
 - **Description:** A list of OAuth scopes.
 
+#### `allowed_domains`
+- **Default:** *(empty)*
+- **Description:** A list of allowlisted domains. Only users with email addresses in these domains can log in or register. This is useful for restricting access to specific organizations or groups.
+
 #### `field_map`
 - **Default:** *(empty)*
 - **Description:** Maps OAuth attributes to WireGuard Portal fields.