From de2f7c6835b9fe7eaef98a8a74f0a51caaf5fc16 Mon Sep 17 00:00:00 2001
From: Christoph Haas <christoph.h@sprinternet.at>
Date: Fri, 5 Jun 2026 20:34:25 +0200
Subject: [PATCH] doc: add section that describes how to configure OAuth2
 callback URL

---
 docs/documentation/configuration/overview.md | 2 ++
 docs/documentation/usage/authentication.md   | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/docs/documentation/configuration/overview.md b/docs/documentation/configuration/overview.md
index 10ec936..717831a 100644
--- a/docs/documentation/configuration/overview.md
+++ b/docs/documentation/configuration/overview.md
@@ -552,6 +552,7 @@ Below are the properties for each OIDC provider entry inside `auth.oidc`:
 #### `provider_name`
 - **Default:** *(empty)*
 - **Description:** A **unique** name for this provider. Must not conflict with other providers.
+  This name is used to derive the callback URL for the OIDC provider: `<external_url>/api/v0/auth/login/<provider_name>/callback`.
 
 #### `display_name`
 - **Default:** *(empty)*
@@ -639,6 +640,7 @@ Below are the properties for each OAuth provider entry inside `auth.oauth`:
 #### `provider_name`
 - **Default:** *(empty)*
 - **Description:** A **unique** name for this provider. Must not conflict with other providers.
+  This name is used to derive the callback URL for the OAuth provider: `<external_url>/api/v0/auth/login/<provider_name>/callback`.
 
 #### `display_name`
 - **Default:** *(empty)*
diff --git a/docs/documentation/usage/authentication.md b/docs/documentation/usage/authentication.md
index 8902951..fbe2969 100644
--- a/docs/documentation/usage/authentication.md
+++ b/docs/documentation/usage/authentication.md
@@ -51,6 +51,15 @@ To add OIDC or OAuth2 authentication to WireGuard Portal, create a Client-ID and
 configure a new authentication provider in the [`auth`](../configuration/overview.md#auth) section of the configuration file.
 Make sure that each configured provider has a unique `provider_name` property set. Samples can be seen [here](../configuration/examples.md).
 
+When registering the OAuth2 or OIDC application with your provider, configure the callback/redirect URL as follows:
+
+```text
+<external_url>/api/v0/auth/login/<provider_name>/callback
+```
+
+Replace `<external_url>` with the value configured in [`external_url`](../configuration/overview.md#external_url) and
+`<provider_name>` with the exact `provider_name` from the matching OAuth2 or OIDC provider configuration.
+
 #### Limiting Login to Specific Domains
 
 You can limit the login to specific domains by setting the `allowed_domains` property for OAuth2 or OIDC providers.