pysnippet
diff --git a/‎docs/.vitepress/config.js‎
Lines changed: 1 addition & 1 deletion b/‎docs/.vitepress/config.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/references/index.md‎
Lines changed: 43 additions & 0 deletions b/‎docs/references/index.md‎
Lines changed: 43 additions & 0 deletions
@@ -0,0 +1,43 @@
+# Features
+
+Below is the incomplete list of features that are supported by the library. Other features and samples can be found in
+the [tutorials](/references/tutorials) section.
+
+## Several providers
+
+The library leverages the [social-core](https://github.com/python-social-auth/social-core)
+authentication [backends](https://github.com/python-social-auth/social-core/tree/master/social_core/backends), which
+means it supports all the providers that are supported by it. However, if the provider you are interested in does not
+exist in the list, you can add one by following
+the [documentation](https://python-social-auth.readthedocs.io/en/latest/backends/implementation.html).
+
+## SSR & REST APIs
+
+::: tip Ticket #19
+
+This upcoming feature is under development and will be available in the next release. You can track the progress in
+the [#19](https://github.com/pysnippet/fastapi-oauth2/issues/19) issue.
+
+:::
+
+## CSRF protection
+
+CSRF protection is enabled by default which means when the user opens the `/oauth2/{provider}/auth` endpoint it
+redirects to the authorization endpoint of the IDP with an autogenerated `state` parameter and saves it in the session
+storage. After authorization, when the `/oauth2/{provider}/token` callback endpoint gets called with the
+provided `state`, the `oauthlib` validates it and then redirects to the `redirect_uri`.
+
+## PKCE support
+
+::: tip Ticket #18
+
+PKCE support is under development and will be available in the next release. You can track the progress in
+the [#18](https://github.com/pysnippet/fastapi-oauth2/issues/18) issue.
+
+:::
+
+<style>
+.tip {
+  border: 0;
+}
+</style>