Merge pull request #95 from vbelouso/oauth

feat: add external IDP integration

Author: vbelouso

docs/authentication.md

@@ -2,34 +2,9 @@
 
 ## Authentication
 
-For development a Keycloak instance will be instantiated with the users defined in the configuration.
+For detailed authentication configuration including OpenShift OAuth, Keycloak, and external identity providers (Google, GitHub, Azure AD), see the [Authentication Guide](./authentication.md).
 
-```properties
-%dev.quarkus.keycloak.devservices.users.joe=pass123
-```
-
-For production the OpenShift OAuth2 provider will be used so it is required to
-provide the following environment variables:
-
-* `OPENSHIFT_DOMAIN`: e.g. `example.openshift.com`
-* `OAUTH_CLIENT_SECRET`: With the secret defined for the `agent-morpheus-client` in the OpenShift cluster.
-
-In the cluster you have to create an `OAuthClient` with the right redirect URLs
-
-```yaml
-apiVersion: oauth.openshift.io/v1
-kind: OAuthClient
-metadata:
-  name: agent-morpheus-client
-grantMethod: prompt
-secret: some-long-secret-used-by-the-oauth-client
-redirectURIs:
-  - "http://agent-morpheus-client:8080"
-  - "https://agent-morpheus-client.example.openshift.com"
-  - "http://agent-morpheus-client.example.openshift.com"
-```
-
-## External services (GitHub / Morpheus)
+## External Services (GitHub / Morpheus)
 
 Use the `rest-client` properties for updating the default the github and morpheus RestClient endpoints:
 

docs/configuration.md

@@ -2,7 +2,9 @@
 
 ## Configuration
 
-To see all the configuration options check the [configuration](./configuration.md) README.
+To see all the configuration options check the [configuration](./configuration.md) guide.
+
+For authentication setup (Keycloak, external identity providers, testing), see the [authentication](./authentication.md) guide.
 
 ## Running the application in dev mode
 
@@ -51,6 +53,29 @@ You can create a native executable using:
 ./mvnw package -Dnative
 ```
 
+### Build profiles
+
+> **Warning**: Quarkus has build-time properties that are fixed at compile time. If you change
+> build-time properties in `application.properties` for a custom profile (e.g., `%external-idp`),
+> you must build with that profile to apply them. Runtime properties can be overridden via
+> `QUARKUS_PROFILE` env var at startup.
+
+To build with a specific profile:
+
+```shell
+./mvnw package -Dnative -Dquarkus.profile=external-idp
+```
+
+Or using container build:
+
+```shell
+# podman
+podman build --build-arg QUARKUS_PROFILE=external-idp -f src/main/docker/Dockerfile.multi-stage .
+
+# docker
+docker build --build-arg QUARKUS_PROFILE=external-idp -f src/main/docker/Dockerfile.multi-stage .
+```
+
 Or, if you don't have GraalVM installed, you can run the native executable build in a container using:
 
 ```shell
@@ -59,6 +84,20 @@ Or, if you don't have GraalVM installed, you can run the native executable build
 
 You can then execute your native executable with: `./target/agent-morpheus-client-1.0.0-SNAPSHOT-runner`
 
+### Building with profiles
+
+Some Quarkus properties are **build-time only** and cannot be changed at runtime. When building for a specific deployment target, include the profile:
+
+```shell
+# For external-idp deployments (Keycloak, Google, etc.)
+./mvnw package -Dnative -Dquarkus.profile=external-idp
+
+# For prod deployments (OpenShift OAuth) - default
+./mvnw package -Dnative
+```
+
+**Important:** The CI/CD pipeline builds a universal image without a specific profile. Runtime profile selection via `QUARKUS_PROFILE` works for most configurations, but build-time properties (like `@IfBuildProfile` annotations) are fixed at compile time.
+
 If you want to learn more about building native executables, please consult <https://quarkus.io/guides/maven-tooling>.
 
 ## Related Guides