Document OAuth logout redirect validation

deploy/authentication-setup.mdx

@@ -47,7 +47,7 @@
 
 Your host your documentation at `docs.foo.com` and you need basic access control without tracking individual users. You want to prevent public access while keeping setup simple. 
 
 **Create a strong password** in your dashboard. **Share credentials** with authorized users. That's it!
 </Tab>
 <Tab title="Mintlify dashboard">
 ### Prerequisites
@@ -101,7 +101,7 @@
       * **Additional authorization parameters** (optional): Additional query parameters to add to the initial authorization request.
       * **Token URL**: Your OAuth token exchange endpoint.
       * **Info API URL** (optional): Endpoint on your server that Mintlify calls to retrieve user info. Required for group-based access control. If omitted, the OAuth flow only verifies identity.
-      * **Logout URL** (optional): The native logout URL for your OAuth provider. Mintlify redirects users to this URL with a `GET` request when they log out. Mintlify does not append query parameters, so include any parameters (for example, `returnTo`) directly in the URL. Configure a page to redirect users to on a successful logout.
+      * **Logout URL** (optional): The native logout URL for your OAuth provider. When users log out, Mintlify validates the logout redirect against this configured URL for security. The redirect only succeeds if it exactly matches the configured `logoutUrl`. If you do not configure a logout URL, users redirect to `/login`. Mintlify redirects users with a `GET` request and does not append query parameters, so include any parameters (for example, `returnTo`) directly in the URL.
       * **Redirect URL** (optional): The URL to redirect users to after authentication.
     5. Click **Save changes**.