PS-11159 [DOCS] - document OpenID Connect (OIDC) authentication 8.4

docs/authentication-methods.md

@@ -25,5 +25,6 @@ Either of these ways let you continue using the authentication method if needed,
 | LDAP Authentication              | MySQL connects to an LDAP server to authenticate users. Ideal for managing large, distributed systems, enabling centralized user management, and integrating with existing directory services. The main drawback is the added complexity of maintaining an LDAP server.              |
 | Kerberos Authentication          | Uses the Kerberos protocol for authentication. Provides strong security and single sign-on across multiple services. Common in enterprise environments but requires a complex Kerberos infrastructure.                                                              |
 | FIDO Pluggable Authentication    | Supports FIDO (Fast IDentity Online) authentication devices. Used in high-security environments for robust two-factor authentication. Requires special hardware like security keys and may face user resistance.                                                          |
+| OpenID Connect Authentication    | Authenticates users with signed JSON Web Tokens (JWTs) issued by an external Identity Provider such as Keycloak, Okta, or Microsoft Entra ID. Suitable for organizations that already operate a central identity service and want password-less, single-sign-on access to MySQL. Requires a secure connection (TLS, socket, or shared memory) and supports group-to-role mapping. |
 | Auth Socket Authentication       | Uses the operating system's socket-based authentication, matching the connecting user with the system user that owns the MySQL process. Ideal for local administrative access but limited to local machine use and not suitable for remote or multi-user environments.        |