docs: add iam document

website/docs/advanced-usage/plugins/com.msgbyte.iam.md

@@ -0,0 +1,34 @@
+---
+sidebar_position: 3
+title: iam - Third party login
+---
+
+`com.msgbyte.iam`
+
+The `IAM` plugin provides third-party login functionality
+
+Currently supported:
+- github
+
+## Configuration Method
+
+### Github
+
+Create an OAuth application in `Github`. Get `Client ID` and `Client secrets`
+
+Configure the authorization callback address `Authorization callback URL` of the `Github` application to `{API_URL}/api/plugin:com.msgbyte.iam/github/redirect`. Note that `API_URL` is the value in the environment variable, and the two should be consistent.
+
+Configure Tailchat environment variables:
+
+- IAM_GITHUB_ID
+- IAM_GITHUB_SECRET
+
+Respectively, `Client ID` and `Client secrets` obtained before
+
+## Security Protection
+
+In order to prevent tokens from being obtained by malicious applications, it is recommended to add front-end domain name verification.
+
+Just configure `IAM_FE_URL` in the environment variable, and the value is the front-end domain name. Such as: `IAM_FE_URL=http://localhost:11011`
+
+> for `window.opener.postMessage(<data>, "IAM_FE_URL")`

website/i18n/zh-Hans/docusaurus-plugin-content-docs/current/advanced-usage/plugins/com.msgbyte.iam.md

@@ -0,0 +1,34 @@
+---
+sidebar_position: 3
+title: iam - 第三方登录
+---
+
+`com.msgbyte.iam`
+
+`IAM` 插件提供第三方登录功能
+
+目前支持:
+- github
+
+## 配置方式
+
+### Github
+
+在 `Github` 中创建 OAuth 应用。获得 `Client ID` 与 `Client secrets`
+
+配置`Github`应用的授权回调地址`Authorization callback URL` 为 `{API_URL}/api/plugin:com.msgbyte.iam/github/redirect`。注意，`API_URL` 为环境变量中的值，两者应当保持一致。
+
+配置Tailchat环境变量:
+
+- IAM_GITHUB_ID
+- IAM_GITHUB_SECRET
+
+分别为之前获取到的`Client ID` 与 `Client secrets`
+
+## 安全强化
+
+为了token的安全不被恶意应用获取，建议增加前端域名校验。
+
+在环境变量中配置`IAM_FE_URL`即可，值为前端域名。如: `IAM_FE_URL=http://localhost:11011`
+
+> 用于 `window.opener.postMessage(<data>, "IAM_FE_URL")`