Skip to content

ENG-8753 docs: add enterprise auth documentation section#6672

Open
FarhanAliRaza wants to merge 7 commits into
reflex-dev:mainfrom
FarhanAliRaza:auth-docs
Open

ENG-8753 docs: add enterprise auth documentation section#6672
FarhanAliRaza wants to merge 7 commits into
reflex-dev:mainfrom
FarhanAliRaza:auth-docs

Conversation

@FarhanAliRaza

@FarhanAliRaza FarhanAliRaza commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Add docs for the OIDC AuthPlugin covering the secure-by-default model, providers, custom auth pages, and testing guarded code. Register the new pages in the enterprise sidebar, add an Authentication category to the enterprise overview, and whitelist the section for preview.

All Submissions:

  • Have you followed the guidelines stated in CONTRIBUTING.md file?
  • Have you checked to ensure there aren't any other open Pull Requests for the desired changed?

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)

New Feature Submission:

  • Does your submission pass the tests?
  • Have you linted your code locally prior to submission?

Changes To Core Features:

  • Have you added an explanation of what your changes do and why you'd like us to include them?

@FarhanAliRaza
docs: add enterprise auth documentation section
c8aa9fc 
Add docs for the OIDC AuthPlugin covering the secure-by-default model,
providers, custom auth pages, and testing guarded code. Register the new
pages in the enterprise sidebar, add an Authentication category to the
enterprise overview, and whitelist the section for preview.
@FarhanAliRaza FarhanAliRaza requested review from a team and Alek99 as code owners June 19, 2026 22:42
@codspeed-hq

codspeed-hq Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

Merging this PR will not alter performance

✅ 26 untouched benchmarks
⏩ 8 skipped benchmarks1

Comparing FarhanAliRaza:auth-docs (bb830d0) with main (8945367)

Open in CodSpeed

Footnotes

  1. 8 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@greptile-apps

greptile-apps Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds a complete enterprise authentication documentation section covering the rxe.AuthPlugin OIDC integration, registers the new pages in the enterprise sidebar, and adds an Authentication category to the enterprise overview. The whitelist.py change removes a stale commented-out entry, leaving the list empty so all pages continue to build.

  • Six new markdown docs (overview, secure-by-default, providers, custom-pages, testing, deployment) covering the full AuthPlugin lifecycle from quickstart to production deployment.
  • Sidebar and overview wired consistently with the existing enterprise navigation pattern; WHITELISTED_PAGES correctly stays [].

Confidence Score: 5/5

Safe to merge — purely documentation additions and a minor cleanup of a commented-out line in whitelist.py.

All changes are new markdown documentation files plus sidebar/overview wiring that follows the established enterprise page registration pattern exactly. The whitelist.py change removes a commented-out example and leaves the list empty, which is the correct state for building all pages. No functional Python logic is modified.

No files require special attention.

Important Files Changed

Filename Overview
docs/app/reflex_docs/whitelist.py Removes commented-out example entry; WHITELISTED_PAGES remains [] (build all pages). Correct change.
docs/app/reflex_docs/templates/docpage/sidebar/sidebar_items/enterprise.py Adds Authentication section to the enterprise sidebar, referencing enterprise.auth.* path attributes consistent with how other sidebar sections are wired.
docs/enterprise/overview.md Inserts an Authentication category block with six entries into the overview feature matrix; count matches the sidebar (6 pages).
docs/enterprise/auth/overview.md New quickstart-oriented overview for rxe.AuthPlugin: install, configure, four protected surfaces, User facade, sign-out, login flow end-to-end.
docs/enterprise/auth/secure-by-default.md Comprehensive reference for the four auth= wrappers, authorization checks, context objects, withholding mechanics, and CSRF logout protection.
docs/enterprise/auth/providers.md Documents GenericOIDCAuthState, named providers, env-var resolution, scopes/refresh tokens, multi-provider setup, advanced hooks, and migration from deprecated API.
docs/enterprise/auth/custom-pages.md Covers page-builder contract, custom login/callback/logout/forbidden builders, auth-failure UX, import-path string wiring, and default builder table.
docs/enterprise/auth/testing.md Documents unit-testing authorization checks with hand-built context objects, async check testing (includes @pytest.mark.asyncio), and end-to-end OIDC flow against oidc-provider-mock.
docs/enterprise/auth/deployment.md Covers HTTPS/Secure-cookie requirement, callback URI registration, reverse-proxy considerations, IdP provider table, and troubleshooting table for common deployment errors.

Reviews (5): Last reviewed commit: "docs(auth): refine compile-time, check-a..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 19, 2026
View reviewed changes
Comment thread docs/app/reflex_docs/whitelist.py Outdated
@FarhanAliRaza
docs(auth): clarify User Vars bind to AuthUserState
55ed197 
Document that User.name/.email/.sub/.picture resolve against
AuthUserState — populated after login by whichever provider
authenticated the user — so they work in single- and multi-provider
setups alike, rather than the first configured provider. Correct their
type from `str | None` to `str` (empty until login) and note
AuthUserState.provider_name / User.current_provider() for branching on
the active provider.
@adhami3310 adhami3310 added the documentation Improvements or additions to documentation label Jun 24, 2026
@FarhanAliRaza
docs(auth): add production deployment guide and expand auth pages
fbaebd7 
Add a new "Deploying to Production" page covering the HTTPS/Secure-cookie
requirement, exact redirect URI construction, reverse-proxy origin
handling, and a troubleshooting reference keyed on literal errors. Wire
it into the enterprise sidebar, overview listing, and docs whitelist.

Revise the existing auth pages (overview, secure-by-default, providers,
custom-pages, testing) for accuracy and depth.
@FarhanAliRaza
docs(auth): cross-link logout CSRF protection from overview and custo…
073d3d8 
…m-pages

Point the logout-flow descriptions at the secure-by-default section that
documents the cross-site logout guard, so readers can find the guarantee
from where logout is first mentioned.
@FarhanAliRaza
docs: reset dev page whitelist to build all pages
34b71c8 
Drop the auth-docs preview entries now that the section is complete; an
empty whitelist builds the full site, matching upstream behavior.
@FarhanAliRaza
docs(auth): refine compile-time, check-attachment, and testing details
bb830d0 
Clarify that the app compiles before the IdP is reachable (discovery
happens at login), that auth= checks attach to specific events/vars/
fields, and tighten the testing guide: run from tests/, the
_userinfo/userinfo split, and a full Playwright OIDC end-to-end example.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments
@Alek99 Alek99 Awaiting requested review from Alek99 Alek99 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FarhanAliRaza @adhami3310