Update authentication documentation (#5342)

User authorization documentation updated:

- Screenshots
- Procedure descriptions
- Links

site/content/en/docs/administration/basics/admin-account.md

@@ -0,0 +1,47 @@
+---
+title: 'Superuser registration'
+linkTitle: 'Superuser registration'
+weight: 2
+description: 'A CVAT installation guide to create a superuser.'
+---
+
+This section is for users who whant to be a bit more flexible with CVAT use.
+
+The user you register by default does not have full permissions on the instance,
+so you must create a superuser.
+The superuser can use [Django administration panel](http://localhost:8080/admin)
+to assign groups (roles) to other users.
+<br>Available roles are: user (default), admin, business, worker.
+
+### Prerequisites
+
+Before you register an admin account (superuser), you need to install CVAT locally,
+see [Installation Guide](/docs/administration/basics/installation/).
+
+Steps of installation are partly different, depending on the type of operation system (OS).
+
+This section starts with **Create superuser** step that is common for all OS.
+
+### Register as a superuser
+
+In the process of installation you need to create a superuser:
+
+1. In a terminal run the following command:
+
+```bash
+  docker exec -it cvat_server bash -ic 'python3 ~/manage.py createsuperuser'
+```
+
+2. Set up username, email address, and password.
+3. Go to [`localhost:8080`](http://localhost:8080), and log in with credentials from step 2.
+4. (Optional) Go to [Django administration panel](http://localhost:8080/admin) panel to:
+   - Create/edit/delete users
+   - Control permissions of users and access to the tool.
+
+![Django panel](/images/image115.jpg)
+
+To manage users' permission, in the [Django administration panel](http://localhost:8080/admin):
+
+1. On the left menu click **Users**.
+2. On the main pane click **Admin** and scroll down to **Permissions** section.
+3. Select user groups and add/remove permissions.

site/content/en/docs/administration/basics/social-accounts-configuration.md

@@ -0,0 +1,85 @@
+---
+title: 'Social auth configuration'
+linkTitle: 'Social auth configuration'
+weight: 3
+description: 'Social accounts configuration guide.'
+---
+
+## Enable authentication with a Google account
+
+To enable authentication, do the following:
+
+1. Log in to the [Google Cloud console](https://console.cloud.google.com/)
+2. [Create a project](https://cloud.google.com/resource-manager/docs/creating-managing-projects),
+   and go to [APIs & Services](https://console.cloud.google.com/apis/)
+3. On the left menu, select **OAuth consent**, then select
+   **User type** (**Internal** or **External**), and click **Create**.
+4. On the **OAuth consent screen** fill all required fields, and click **Save and Continue**.
+5. On the **Scopes** screen, click **Add or remove scopes** and
+   select `auth/userinfo.email`, `auth/userinfo.profile`, and `openid` .
+   Click **Update**, and **Save and Continue**.
+   <br>For more information, see [Configure Auth Consent](https://developers.google.com/workspace/guides/configure-oauth-consent).
+6. On the left menu, click **Credentials**, on the top
+   menu click **+ Create credentials**, and select **OAuth client ID**.
+7. From the **Application Type** select **Web application** and
+   configure: **Application name**, **Authorized JavaScript origins**, **Authorized redirect URIs**.
+   <br> For example, if you plan to deploy CVAT instance on `https://localhost:8080`, add `https://localhost:8080`
+   to authorized JS origins and `https://localhost:8080/api/auth/google/login/callback/` to redirect URIs.
+   <br>Please make sure this URL matches `GOOGLE_CALLBACK_URL` settings variable on the server.
+
+8. Set environment variables in CVAT:
+
+   1. Create `docker-compose.override.yml` with the following code:
+
+   ```yaml
+   version: '3.3'
+   services:
+     cvat_server:
+       environment:
+         USE_ALLAUTH_SOCIAL_ACCOUNTS: 'True'
+         SOCIAL_AUTH_GOOGLE_CLIENT_ID: '<YOUR_GOOGLE_CLIENT_ID>'
+         SOCIAL_AUTH_GOOGLE_CLIENT_SECRET: '<YOUR_GOOGLE_CLIENT_SECRET>'
+   ```
+
+   2. In a terminal, run the following command:
+
+   ```bash
+   docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
+   ```
+
+## Enable authentication with a Github account
+
+There are 2 basic steps to enable Github account authentication.
+
+1. Open Github settings page.
+2. On the left menu, click **<> Developer settings** > **OAuth Apps** > **Register new application**.
+   <br>For more information, see [Creating an OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
+3. Fill in the name field, set the homepage URL (for example: `https://localhost:8080`),
+   and authorization callback URL (for example: `https://localhost:8080/api/auth/github/login/callback/`).
+   <br>Please make sure this URL matches `GITHUB_CALLBACK_URL` settings variable on the server.
+4. Set environment variables in CVAT:
+
+   1. Create `docker-compose.override.yml` with the following code:
+
+   ```yaml
+   version: '3.3'
+   services:
+     cvat_server:
+       environment:
+         USE_ALLAUTH_SOCIAL_ACCOUNTS: 'True'
+         SOCIAL_AUTH_GITHUB_CLIENT_ID: '<YOUR_GITHUB_CLIENT_ID>'
+         SOCIAL_AUTH_GITHUB_CLIENT_SECRET: '<YOUR_GITHUB_CLIENT_SECRET>'
+   ```
+
+   2. In a terminal, run the following command:
+
+   ```bash
+   docker-compose -f docker-compose.yml -f docker-compose.override.yml up -d
+   ```
+
+> **Note:** You can also configure [Github App](https://docs.github.com/en/developers/apps/building-github-apps/creating-a-github-app),
+> but don't forget to add required permissions.
+> <br>In the **Permission** > **Account permissions** > **Email addresses** must be set to **read-only**.
+
+You can also configure OAuth with other services,
+see [Social Auth with Django services](https://django-allauth.readthedocs.io/en/latest/providers.html)

site/content/en/docs/manual/basics/authorization.md

@@ -1,43 +0,0 @@
----
-title: 'Authorization'
-linkTitle: 'Authorization'
-weight: 1
----
-
-- First of all, you have to log in to CVAT tool. For authentication, you can use your username or email
-  you provided during registration.
-
-  ![](/images/image001.jpg)
-
-- For register a new user press "Create an account"
-
-  ![](/images/image002.jpg)
-
-- You can register a user but by default it will not have rights even to view
-  list of tasks. Thus you should create a superuser. The superuser can use
-  [Django administration panel](http://localhost:8080/admin) to assign correct
-  groups to the user. Please use the command below to create an admin account:
-
-  ```bash
-    docker exec -it cvat_server bash -ic 'python3 ~/manage.py createsuperuser'
-  ```
-
-- If you want to create a non-admin account, you can do that using the link below
-  on the login page. Don't forget to modify permissions for the new user in the
-  administration panel. There are several groups (aka roles): admin, user,
-  annotator, observer.
-
-  ![](/images/image003.jpg)
-
-  A username generates from the email automatically. It can be edited if needed.
-
-  ![](/images/filling_email.gif)
-
-### Administration panel
-
-Go to the [Django administration panel](http://localhost:8080/admin). There you can:
-
-- Create / edit / delete users
-- Control permissions of users and access to the tool.
-
-  ![](/images/image115.jpg)

site/content/en/docs/manual/basics/registration.md

@@ -0,0 +1,59 @@
+---
+title: 'Registration'
+linkTitle: 'registration'
+weight: 1
+description: 'App CVAT user registration and account access.'
+---
+
+To start to annotate in CVAT, you need to
+create an account or log in to the existing account.
+
+This section describes [App CVAT](https://app.cvat.ai/), that is sutable
+for small personal projects, that do not require user management.
+It is also ok to use if you just want to try what is CVAT.
+
+While it is easy to use, it has some limitations.
+For example, in App CVAT you cannot create a superuser (admin account)
+or administer user roles. All these features are available
+for [Admin user](/docs/administration/basics/admin-account/) in
+[local version of CVAT](/docs/administration/basics/installation/).
+
+See:
+
+- [User registration](#user-registration)
+- [Account access](#account-access)
+
+To creata account or log in, go to the [App CVAT](https://app.cvat.ai/) login page:
+
+![](/images/image001.jpg)
+
+> **Note:** By default authentication and registration with Google and GitHub work only for [App CVAT](https://app.cvat.ai/). <br>If you want to use Google and GitHub authentication on a local installation, see [Social auth configuration](/docs/administration/basics/social-accounts-configuration/).
+
+### User registration
+
+To register as a non-admin user, do the following:
+
+1. Click **Create an account**.
+
+   ![Create account](/images/image002.jpg)
+
+2. Fill in all blank fields, accept terms of use, and
+   click the **Create an account** button.
+
+![Account form](/images/image003.jpg)
+
+<br>A username generates from the email automatically. You can edit it if needed.
+
+![Usernname generation](/images/filling_email.gif)
+
+To register with Google or Github, click the button with the name of the service, and folow instructions on the screen.
+
+### Account access
+
+To access your account, do the following:
+
+1. Go to the login page.
+2. Enter username or email. The password field will appear.
+3. Enter the password and click **Next**.
+
+To log in with Google or Github, click the button with the name of the service.