Add tools and OAuth documentation (#82)

Author: CeEv

docs/services/bbb/Getting started.md

@@ -21,7 +21,7 @@ Add `FEATURE_VIDEOCONFERENCE_ENABLED=true` in **client** and **server** and
 
 Add the right permission to the role. Permissions they need are `START_MEETING, JOIN_MEETING`.
 
-Add "videoconference" to School features (table school) in MongoDB.
+Add "videoconference" to School features (table schools) in MongoDB.
 
 Make sure that the fields below exists in the videoconference ltitool object (MongoDB).
 
@@ -53,7 +53,7 @@ BBB has built in features to allow for such constellations. It has a waiting roo
 
 These features are currently deactivated in dBildungscloud, but can be activated. In a POC we could confirm that it works as imagined, it just needs to be properly implemented now.
 
-So for future developments we needs the following changes:
+The following changes are necessary:
 
 **Client:**
 - Add an option on room creation, that allows external experts, but puts them in a waiting room

docs/services/oauth/_category_.json

@@ -0,0 +1,8 @@
+{
+  "label": "OAuth",
+  "position": 8,
+  "link": {
+    "type": "generated-index",
+    "description": "Learn about the OAuth strategy."
+  }
+}

docs/services/oauth/concept.md

@@ -0,0 +1,20 @@
+# OAuth
+
+## Login Process in SVS
+
+![OAuth Flow](./img/oauth_flow.drawio.svg)
+
+The following steps illustrated above:
+
+1. The client initiates the flow by click on the "Login via XYZ" button and directing the user to the authorization endpoint.
+2. The identity provider authenticates the user and establishes whether the resource owner grants or denies the client's access request.
+3. Assuming the resource owner grants access, the identity provider redirects the user back to the SVS-Client using the redirect_uri provided in the authentication endpoint request earlier. The redirect includes an authorization code provided by the identity provider.
+4. The client then requests an access token with the given authentication code from the SVS-Server which
+5. The client requests the signing key from the identity provider to validate the token signature. The SVS-Server validates the signature of the ID tokens according to the specified algorithm.
+6. The provisioning for the specific external system is executed to either create or update user data.
+7. A JWT is generated for the user
+8. The JWT is stored in the client for later request against the SVS-Server-API
+
+## Module Design
+
+![OAuth Module Design](./img/Oauth_Module_Design.drawio.svg)

docs/services/oauth/img/Oauth_Module_Design.drawio.svg

@@ -1,8 +1,8 @@
 {
-  "label": "provining",
-  "position": 8,
+  "label": "provisioning",
+  "position": 9,
   "link": {
     "type": "generated-index",
-    "description": "Learn about the provining service."
+    "description": "Learn about the provisioning service."
   }
 }

docs/services/oauth/img/oauth_flow.drawio.svg

@@ -1,4 +1,4 @@
-# Concept provining
+# Concept Provisioning
 
 ## Login and provisioning flow
 

docs/services/provining/_category_ .json

@@ -1,6 +1,6 @@
 {
   "label": "Schulcloud Client",
-  "position": 9,
+  "position": 10,
   "link": {
     "type": "generated-index",
     "description": "Learn about the schulcloud-client repo."

docs/services/provining/concept.md

@@ -1,6 +1,6 @@
 {
   "label": "Schulcloud Server",
-  "position": 10,
+  "position": 11,
   "link": {
     "type": "generated-index",
     "description": "Learn about the schulcloud-server repo."

docs/services/schulcloud-client/_category_.json

@@ -1,6 +1,6 @@
 {
   "label": "Tldraw Server",
-  "position": 11,
+  "position": 12,
   "link": {
     "type": "generated-index",
     "description": "Learn about the tldraw-server repo."