Skip to content

Docs - Update authentication section to reflect current auth model #2360

New issue
New issue
Open
Open
Docs - Update authentication section to reflect current auth model#2360
Assignees
tomkis
Labels
docsImprovements or additions to documentation
@jenna-winkler

Description

@jenna-winkler
jenna-winkler
opened on Mar 9, 2026

Problem

The deployment guide's basic authentication section (#basic-authentication) is outdated and actively misleading. It describes an admin password configuration that no longer exists. Auth is now binary - either disabled entirely (AUTH__DISABLE_AUTH=true) or OIDC-based (Keycloak or external OIDC provider). There is no "partial auth" or standalone basic auth option. Users attempting to follow the current docs hit a dead end.

What needs to change

Remove or replace the basic authentication section. The updated docs should clearly state upfront that the two supported auth modes are: auth disabled, or OIDC. It should explain when each is appropriate and link to the correct configuration for each path. Any references to configuring an admin password independent of Keycloak should be removed.

Context

A user attempted to deploy without Keycloak by following the basic auth section and was unable to proceed. Radek confirmed the section is stale and no longer reflects how auth works.

Metadata

Metadata

Assignees

Labels

docsImprovements or additions to documentation

Type

No type

Projects

Agent Stack

Status

Dev backlog

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions