[v/25.2] manage: document rpk OAUTHBEARER (OIDC) for Kafka/Admin/SR APIs

[david-yu]

Backports the rpk OAUTHBEARER documentation to v/25.2. rpk OAUTHBEARER (redpanda-data/redpanda#30169) was backported to the v25.2.x release line, so it should be documented here. Companion to the v/25.3 backport (#1766).

A literal #1762 cherry-pick wasn't possible (the foundational OAUTHBEARER content it refines isn't on this branch — authentication.adoc is ~500 lines behind main), so this ports the self-contained feature docs:

• rpk -X reference: OAUTHBEARER acceptable value + sasl.mechanism note + user/pass cross-notes.
• authentication partial: adds the [[oidc-rpk]] "Connect to Redpanda with OIDC using rpk" section (with a Validate OIDC authentication step); corrects three stale "rpk only supports basic auth for the Admin API" notes.
• Version-appropriate trims: the GBAC xref and the sasl_mechanisms_overrides xref from main are omitted — neither exists on v/25.2 (sasl_mechanisms_overrides is a v25.3+ property), so the prerequisite references sasl_mechanisms only.
• netlify.toml: pins NODE_VERSION = "20" so the new Netlify image builds the preview.

Verified: delimited blocks balanced, both anchors present, all remaining xref targets resolve on this branch, no stale claims and no dangling GBAC/overrides references.

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for redpanda-docs-preview ready!

Name	Link
🔨 Latest commit	3a20388
🔍 Latest deploy log	https://app.netlify.com/projects/redpanda-docs-preview/deploys/6a3d30808472e40008aa5d73
😎 Deploy Preview	https://deploy-preview-1767--redpanda-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b312eed8-d80c-45d6-af22-a5cddfe704f6

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dyu/oidc-oauthbearer-v25.2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[Feediver1]

@david-yu — found why your v/25.2 PRs (#1765, #1767) won't build, and it's not your content.

v/25.2's playbook was left pointing at the old ROOT component after the ROOT → streaming rename (#1703) updated antora.yml but not local-antora-playbook.yml. The start_page aims at a component that no longer exists, so Antora can't resolve the site start page and the Netlify deploy fails. This has broken every v/25.2 deploy since late May — later PRs just merged anyway because the preview isn't a required check. That's the "something funny with 25.2" you hit.

Fix is up: #1768 (3-line playbook patch on v/25.2).

Once #1768 merges, please rebase #1765 and #1767 on the updated v/25.2 (or re-trigger the deploy) so the previews pick up the corrected playbook. One more thing when you do: don't trust a green Netlify SUCCESS — grep the deploy log for ERROR (asciidoctor). v/25.2 has a backlog of merged-but-never-cleanly-built PRs, so once the start page resolves, other pre-existing build errors may surface that were hidden behind the fatal failure. Anything sourced from your branch/files is yours; anything else is pre-existing.

[Feediver1]

lgtm