Merge pull request #74184 from jneczypor/OSDOCS-9954

/lgtm, merging OSDOCS-9954: oc (CLI) needs to be functional or fail gracefully without oauth server

Author: JoeAldinger

modules/oc-by-example-content.adoc

@@ -1856,11 +1856,40 @@ Log in to a server
   # Log in to the given server through a browser
   oc login localhost:8443 --web --callback-port 8280
 
+ifdef::openshift-dedicated,openshift-rosa[]
   # Log in to the external OIDC issuer through Auth Code + PKCE by starting a local server listening port 8080
-  oc login localhost:8443 --exec-plugin=oc-oidc --client-id=client-id --extra-scopes=email,profile --callback-port=8080
+  oc login --exec-plugin=oc-oidc --issuer-url=<issuer_url> --client-id=<client_id> --extra-scopes=email,profile --callback-port=8080
+
+  # Log in with an external OIDC if the external OIDC certificate is not publically trusted
+  oc login --exec-plugin=oc-oidc --issuer-url=<issuer_url> --client-id=<client_id> --extra-scopes=email --callback-port=8080 --oidc-certificate-authority <CA for external OIDC certificate>
+endif::openshift-dedicated,openshift-rosa[]  
 ----
 
+ifdef::openshift-dedicated,openshift-rosa[]
+.Arguments
+[cols="30,70"]
+|===
+|Option |Definition
+
+|`--exec-plugin`
+|Specifies the type of exec plugin credentials used to authenticate the external OIDC issuer. Currently, only `oc-oidc` is supported.
+
+|`--issuer-url`
+|Issuer URL for the external issuer. Required.
+
+|`--client-id`
+|Client ID for the external OIDC issuer. Only supports Auth Code and PKCE. Required.
+
+|`--extra-scopes`
+|Extra scopes for the external OIDC issuer. Optional.
+
+|`--callback-port`
+|The port that the callback server is redirected to after authentication flow is complete. The default is any random, open port.
 
+|`--oidc-certificate-authority`
+|Path to a certificate file for the external OIDC certificate authority.
+|===
+endif::openshift-dedicated,openshift-rosa[]
 
 == oc logout
 End the current server session