diff --git a/auth_oidc/README.rst b/auth_oidc/README.rst
index a0ca767c5e..5d551ee657 100644
--- a/auth_oidc/README.rst
+++ b/auth_oidc/README.rst
@@ -7,7 +7,7 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1
+   !! source digest: sha256:a54c4126f9873d2af17b9228f9afa844806a2541b42dc7945ec41be08379a915
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -28,11 +28,11 @@ Authentication OpenID Connect
 
 |badge1| |badge2| |badge3| |badge4| |badge5|
 
-This module allows users to login through an OpenID Connect provider using the
-authorization code flow or implicit flow.
+This module allows users to login through an OpenID Connect provider
+using the authorization code flow or implicit flow.
 
-Note the implicit flow is not recommended because it exposes access tokens to
-the browser and in http logs.
+Note the implicit flow is not recommended because it exposes access
+tokens to the browser and in http logs.
 
 **Table of contents**
 
@@ -42,80 +42,90 @@ the browser and in http logs.
 Installation
 ============
 
-This module depends on the `python-jose <https://pypi.org/project/python-jose/>`__
-library, not to be confused with ``jose`` which is also available on PyPI.
+This module depends on the
+`python-jose <https://pypi.org/project/python-jose/>`__ library, not to
+be confused with ``jose`` which is also available on PyPI.
 
 Configuration
 =============
 
 Setup for Microsoft Azure
-~~~~~~~~~~~~~~~~~~~~~~~~~
+-------------------------
 
 Example configuration with OpenID Connect authorization code flow.
 
-# configure a new web application in Azure with OpenID and code flow (see
-  the `provider documentation
-  <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)>`_)
-# in this application the redirect url must be be "<url of your
-  server>/auth_oauth/signin" and of course this URL should be reachable from
-  Azure
-# create a new authentication provider in Odoo with the following
-  parameters (see the `portal documentation
-  <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`_
-  for more information):
+1. configure a new web application in Azure with OpenID and code flow
+   (see the `provider
+   documentation <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider>`__))
 
-.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png
+2. in this application the redirect url must be be "<url of your
+   server>/auth_oauth/signin" and of course this URL should be reachable
+   from Azure
 
-.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png
+3. create a new authentication provider in Odoo with the following
+   parameters (see the `portal
+   documentation <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`__
+   for more information):
 
-Single tenant provider limits the access to user of your tenant,
-while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
-without an guest account.
+|image|
 
-* Provider Name: Azure AD Single Tenant
-* Client ID: Application (client) id
-* Client Secret: Client secret
-* Allowed: yes
+|image1|
 
-or
+Single tenant provider limits the access to user of your tenant, while
+Multitenants allow access for all AzureAD users, so user of foreign
+companies can use their AzureAD login without an guest account.
+
+-  Provider Name: Azure AD Single Tenant
+-  Client ID: Application (client) id
+-  Client Secret: Client secret
+-  Allowed: yes
 
-* Provider Name: Azure AD Multitenant
-* Client ID: Application (client) id
-* Client Secret: Client secret
-* Allowed: yes
-* replace {tenant_id} in urls with your Azure tenant id
+or
 
-.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png
+-  Provider Name: Azure AD Multitenant
+-  Client ID: Application (client) id
+-  Client Secret: Client secret
+-  Allowed: yes
+-  replace {tenant_id} in urls with your Azure tenant id
 
+|image2|
 
 Setup for Keycloak
-~~~~~~~~~~~~~~~~~~
+------------------
 
 Example configuration with OpenID Connect authorization code flow.
 
 In Keycloak:
 
-# configure a new Client
-# make sure Authorization Code Flow is Enabled.
-# configure the client Access Type as "confidential" and take note of the client secret in the Credentials tab
-# configure the redirect url to be "<url of your server>/auth_oauth/signin"
+1. configure a new Client
+2. make sure Authorization Code Flow is Enabled.
+3. configure the client Access Type as "confidential" and take note of
+   the client secret in the Credentials tab
+4. configure the redirect url to be "<url of your
+   server>/auth_oauth/signin"
 
 In Odoo, create a new Oauth Provider with the following parameters:
 
-* Provider name: Keycloak (or any name you like that identify your keycloak
-  provider)
-* Auth Flow: OpenID Connect (authorization code flow)
-* Client ID: the same Client ID you entered when configuring the client in Keycloak
-* Client Secret: found in keycloak on the client Credentials tab
-* Allowed: yes
-* Body: the link text to appear on the login page, such as Login with Keycloak
-* Scope: openid email
-* Authentication URL: The "authorization_endpoint" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
-* Token URL: The "token_endpoint" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
-* JWKS URL: The "jwks_uri" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
+-  Provider name: Keycloak (or any name you like that identify your
+   keycloak provider)
+-  Auth Flow: OpenID Connect (authorization code flow)
+-  Client ID: the same Client ID you entered when configuring the client
+   in Keycloak
+-  Client Secret: found in keycloak on the client Credentials tab
+-  Allowed: yes
+-  Body: the link text to appear on the login page, such as Login with
+   Keycloak
+-  Scope: openid email
+-  Authentication URL: The "authorization_endpoint" URL found in the
+   OpenID Endpoint Configuration of your Keycloak realm
+-  Token URL: The "token_endpoint" URL found in the OpenID Endpoint
+   Configuration of your Keycloak realm
+-  JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint
+   Configuration of your Keycloak realm
+
+.. |image| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png
+.. |image1| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png
+.. |image2| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png
 
 Usage
 =====
@@ -125,26 +135,28 @@ On the login page, click on the authentication provider you configured.
 Known issues / Roadmap
 ======================
 
-* When going to the login screen, check for a existing token and do a direct login without the clicking on the SSO link
-* When doing a logout an extra option to also logout at the SSO provider.
+-  When going to the login screen, check for a existing token and do a
+   direct login without the clicking on the SSO link
+-  When doing a logout an extra option to also logout at the SSO
+   provider.
 
 Changelog
 =========
 
 14.0.1.0.0 2021-12-10
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
-* Odoo 14 migration
+-  Odoo 14 migration
 
 13.0.1.0.0 2020-04-10
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
-* Odoo 13 migration, add authorization code flow.
+-  Odoo 13 migration, add authorization code flow.
 
 10.0.1.0.0 2018-10-05
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
-* Initial implementation
+-  Initial implementation
 
 Bug Tracker
 ===========
@@ -160,21 +172,21 @@ Credits
 =======
 
 Authors
-~~~~~~~
+-------
 
 * ICTSTUDIO
 * André Schenkels
 * ACSONE SA/NV
 
 Contributors
-~~~~~~~~~~~~
+------------
 
-* Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
-* Stéphane Bidoul <stephane.bidoul@acsone.eu>
-* David Jaen <david.jaen.revert@gmail.com>
+-  Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
+-  Stéphane Bidoul <stephane.bidoul@acsone.eu>
+-  David Jaen <david.jaen.revert@gmail.com>
 
 Maintainers
-~~~~~~~~~~~
+-----------
 
 This module is maintained by the OCA.
 
diff --git a/auth_oidc/__manifest__.py b/auth_oidc/__manifest__.py
index 1d4a3e1a7a..4e855e6f73 100644
--- a/auth_oidc/__manifest__.py
+++ b/auth_oidc/__manifest__.py
@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "16.0.1.0.1",
+    "version": "16.0.1.0.2",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "
diff --git a/auth_oidc/readme/CONFIGURE.md b/auth_oidc/readme/CONFIGURE.md
new file mode 100644
index 0000000000..275e4c0a20
--- /dev/null
+++ b/auth_oidc/readme/CONFIGURE.md
@@ -0,0 +1,72 @@
+## Setup for Microsoft Azure
+
+Example configuration with OpenID Connect authorization code flow.
+
+1. configure a new web application in Azure with OpenID and code flow (see
+the [provider
+documentation](https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)))
+
+2. in this application the redirect url must be be "\<url of your
+server\>/auth_oauth/signin" and of course this URL should be reachable
+from Azure
+
+3. create a new authentication provider in Odoo with the following
+parameters (see the [portal
+documentation](https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings)
+for more information):
+
+![image](../static/description/oauth-microsoft_azure-api_permissions.png)
+
+![image](../static/description/oauth-microsoft_azure-optional_claims.png)
+
+Single tenant provider limits the access to user of your tenant, while
+Multitenants allow access for all AzureAD users, so user of foreign
+companies can use their AzureAD login without an guest account.
+
+- Provider Name: Azure AD Single Tenant
+- Client ID: Application (client) id
+- Client Secret: Client secret
+- Allowed: yes
+
+or
+
+- Provider Name: Azure AD Multitenant
+- Client ID: Application (client) id
+- Client Secret: Client secret
+- Allowed: yes
+- replace {tenant_id} in urls with your Azure tenant id
+
+![image](../static/description/odoo-azure_ad_multitenant.png)
+
+## Setup for Keycloak
+
+Example configuration with OpenID Connect authorization code flow.
+
+In Keycloak:
+
+1. configure a new Client
+2. make sure Authorization Code Flow is
+Enabled.
+3. configure the client Access Type as "confidential" and take
+note of the client secret in the Credentials tab
+4. configure the
+redirect url to be "\<url of your server\>/auth_oauth/signin"
+
+In Odoo, create a new Oauth Provider with the following parameters:
+
+- Provider name: Keycloak (or any name you like that identify your
+  keycloak provider)
+- Auth Flow: OpenID Connect (authorization code flow)
+- Client ID: the same Client ID you entered when configuring the client
+  in Keycloak
+- Client Secret: found in keycloak on the client Credentials tab
+- Allowed: yes
+- Body: the link text to appear on the login page, such as Login with
+  Keycloak
+- Scope: openid email
+- Authentication URL: The "authorization_endpoint" URL found in the
+  OpenID Endpoint Configuration of your Keycloak realm
+- Token URL: The "token_endpoint" URL found in the OpenID Endpoint
+  Configuration of your Keycloak realm
+- JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint
+  Configuration of your Keycloak realm
diff --git a/auth_oidc/readme/CONFIGURE.rst b/auth_oidc/readme/CONFIGURE.rst
deleted file mode 100644
index 64734fe209..0000000000
--- a/auth_oidc/readme/CONFIGURE.rst
+++ /dev/null
@@ -1,68 +0,0 @@
-Setup for Microsoft Azure
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Example configuration with OpenID Connect authorization code flow.
-
-# configure a new web application in Azure with OpenID and code flow (see
-  the `provider documentation
-  <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)>`_)
-# in this application the redirect url must be be "<url of your
-  server>/auth_oauth/signin" and of course this URL should be reachable from
-  Azure
-# create a new authentication provider in Odoo with the following
-  parameters (see the `portal documentation
-  <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`_
-  for more information):
-
-.. image:: ..static/description/oauth-microsoft_azure-api_permissions.png
-
-.. image:: ..static/description/oauth-microsoft_azure-optional_claims.png
-
-Single tenant provider limits the access to user of your tenant,
-while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
-without an guest account.
-
-* Provider Name: Azure AD Single Tenant
-* Client ID: Application (client) id
-* Client Secret: Client secret
-* Allowed: yes
-
-or
-
-* Provider Name: Azure AD Multitenant
-* Client ID: Application (client) id
-* Client Secret: Client secret
-* Allowed: yes
-* replace {tenant_id} in urls with your Azure tenant id
-
-.. image:: ..static/description/odoo-azure_ad_multitenant.png
-
-
-Setup for Keycloak
-~~~~~~~~~~~~~~~~~~
-
-Example configuration with OpenID Connect authorization code flow.
-
-In Keycloak:
-
-# configure a new Client
-# make sure Authorization Code Flow is Enabled.
-# configure the client Access Type as "confidential" and take note of the client secret in the Credentials tab
-# configure the redirect url to be "<url of your server>/auth_oauth/signin"
-
-In Odoo, create a new Oauth Provider with the following parameters:
-
-* Provider name: Keycloak (or any name you like that identify your keycloak
-  provider)
-* Auth Flow: OpenID Connect (authorization code flow)
-* Client ID: the same Client ID you entered when configuring the client in Keycloak
-* Client Secret: found in keycloak on the client Credentials tab
-* Allowed: yes
-* Body: the link text to appear on the login page, such as Login with Keycloak
-* Scope: openid email
-* Authentication URL: The "authorization_endpoint" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
-* Token URL: The "token_endpoint" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
-* JWKS URL: The "jwks_uri" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
diff --git a/auth_oidc/readme/CONTRIBUTORS.md b/auth_oidc/readme/CONTRIBUTORS.md
new file mode 100644
index 0000000000..5663785334
--- /dev/null
+++ b/auth_oidc/readme/CONTRIBUTORS.md
@@ -0,0 +1,3 @@
+- Alexandre Fayolle \<<alexandre.fayolle@camptocamp.com>\>
+- Stéphane Bidoul \<<stephane.bidoul@acsone.eu>\>
+- David Jaen \<<david.jaen.revert@gmail.com>\>
diff --git a/auth_oidc/readme/CONTRIBUTORS.rst b/auth_oidc/readme/CONTRIBUTORS.rst
deleted file mode 100644
index 303011adb2..0000000000
--- a/auth_oidc/readme/CONTRIBUTORS.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-* Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
-* Stéphane Bidoul <stephane.bidoul@acsone.eu>
-* David Jaen <david.jaen.revert@gmail.com>
diff --git a/auth_oidc/readme/DESCRIPTION.rst b/auth_oidc/readme/DESCRIPTION.md
similarity index 56%
rename from auth_oidc/readme/DESCRIPTION.rst
rename to auth_oidc/readme/DESCRIPTION.md
index ae89dd9d73..3677c8bbaa 100644
--- a/auth_oidc/readme/DESCRIPTION.rst
+++ b/auth_oidc/readme/DESCRIPTION.md
@@ -1,5 +1,5 @@
-This module allows users to login through an OpenID Connect provider using the
-authorization code flow or implicit flow.
+This module allows users to login through an OpenID Connect provider
+using the authorization code flow or implicit flow.
 
-Note the implicit flow is not recommended because it exposes access tokens to
-the browser and in http logs.
+Note the implicit flow is not recommended because it exposes access
+tokens to the browser and in http logs.
diff --git a/auth_oidc/readme/HISTORY.md b/auth_oidc/readme/HISTORY.md
new file mode 100644
index 0000000000..98e99203b8
--- /dev/null
+++ b/auth_oidc/readme/HISTORY.md
@@ -0,0 +1,11 @@
+## 14.0.1.0.0 2021-12-10
+
+- Odoo 14 migration
+
+## 13.0.1.0.0 2020-04-10
+
+- Odoo 13 migration, add authorization code flow.
+
+## 10.0.1.0.0 2018-10-05
+
+- Initial implementation
diff --git a/auth_oidc/readme/HISTORY.rst b/auth_oidc/readme/HISTORY.rst
deleted file mode 100644
index 33b336582e..0000000000
--- a/auth_oidc/readme/HISTORY.rst
+++ /dev/null
@@ -1,14 +0,0 @@
-14.0.1.0.0 2021-12-10
-~~~~~~~~~~~~~~~~~~~~~
-
-* Odoo 14 migration
-
-13.0.1.0.0 2020-04-10
-~~~~~~~~~~~~~~~~~~~~~
-
-* Odoo 13 migration, add authorization code flow.
-
-10.0.1.0.0 2018-10-05
-~~~~~~~~~~~~~~~~~~~~~
-
-* Initial implementation
diff --git a/auth_oidc/readme/INSTALL.md b/auth_oidc/readme/INSTALL.md
new file mode 100644
index 0000000000..37af7b9c93
--- /dev/null
+++ b/auth_oidc/readme/INSTALL.md
@@ -0,0 +1,3 @@
+This module depends on the
+[python-jose](https://pypi.org/project/python-jose/) library, not to be
+confused with `jose` which is also available on PyPI.
diff --git a/auth_oidc/readme/INSTALL.rst b/auth_oidc/readme/INSTALL.rst
deleted file mode 100644
index bccbbbad79..0000000000
--- a/auth_oidc/readme/INSTALL.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-This module depends on the `python-jose <https://pypi.org/project/python-jose/>`__
-library, not to be confused with ``jose`` which is also available on PyPI.
diff --git a/auth_oidc/readme/ROADMAP.md b/auth_oidc/readme/ROADMAP.md
new file mode 100644
index 0000000000..712da2fde6
--- /dev/null
+++ b/auth_oidc/readme/ROADMAP.md
@@ -0,0 +1,4 @@
+- When going to the login screen, check for a existing token and do a
+  direct login without the clicking on the SSO link
+- When doing a logout an extra option to also logout at the SSO
+  provider.
diff --git a/auth_oidc/readme/ROADMAP.rst b/auth_oidc/readme/ROADMAP.rst
deleted file mode 100644
index 6a95f19054..0000000000
--- a/auth_oidc/readme/ROADMAP.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-* When going to the login screen, check for a existing token and do a direct login without the clicking on the SSO link
-* When doing a logout an extra option to also logout at the SSO provider.
diff --git a/auth_oidc/readme/USAGE.rst b/auth_oidc/readme/USAGE.md
similarity index 100%
rename from auth_oidc/readme/USAGE.rst
rename to auth_oidc/readme/USAGE.md
diff --git a/auth_oidc/static/description/index.html b/auth_oidc/static/description/index.html
index 6ff3594f3c..40f1cb7ce6 100644
--- a/auth_oidc/static/description/index.html
+++ b/auth_oidc/static/description/index.html
@@ -367,13 +367,13 @@ <h1 class="title">Authentication OpenID Connect</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1
+!! source digest: sha256:a54c4126f9873d2af17b9228f9afa844806a2541b42dc7945ec41be08379a915
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_oidc"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oidc"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
-<p>This module allows users to login through an OpenID Connect provider using the
-authorization code flow or implicit flow.</p>
-<p>Note the implicit flow is not recommended because it exposes access tokens to
-the browser and in http logs.</p>
+<p>This module allows users to login through an OpenID Connect provider
+using the authorization code flow or implicit flow.</p>
+<p>Note the implicit flow is not recommended because it exposes access
+tokens to the browser and in http logs.</p>
 <p><strong>Table of contents</strong></p>
 <div class="contents local topic" id="contents">
 <ul class="simple">
@@ -402,29 +402,32 @@ <h1 class="title">Authentication OpenID Connect</h1>
 </div>
 <div class="section" id="installation">
 <h1><a class="toc-backref" href="#toc-entry-1">Installation</a></h1>
-<p>This module depends on the <a class="reference external" href="https://pypi.org/project/python-jose/">python-jose</a>
-library, not to be confused with <tt class="docutils literal">jose</tt> which is also available on PyPI.</p>
+<p>This module depends on the
+<a class="reference external" href="https://pypi.org/project/python-jose/">python-jose</a> library, not to
+be confused with <tt class="docutils literal">jose</tt> which is also available on PyPI.</p>
 </div>
 <div class="section" id="configuration">
 <h1><a class="toc-backref" href="#toc-entry-2">Configuration</a></h1>
 <div class="section" id="setup-for-microsoft-azure">
 <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2>
 <p>Example configuration with OpenID Connect authorization code flow.</p>
-<dl class="docutils">
-<dt># configure a new web application in Azure with OpenID and code flow (see</dt>
-<dd>the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)">provider documentation</a>)</dd>
-<dt># in this application the redirect url must be be “&lt;url of your</dt>
-<dd>server&gt;/auth_oauth/signin” and of course this URL should be reachable from
-Azure</dd>
-<dt># create a new authentication provider in Odoo with the following</dt>
-<dd>parameters (see the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings">portal documentation</a>
-for more information):</dd>
-</dl>
-<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png" />
-<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png" />
-<p>Single tenant provider limits the access to user of your tenant,
-while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
-without an guest account.</p>
+<ol class="arabic simple">
+<li>configure a new web application in Azure with OpenID and code flow
+(see the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider">provider
+documentation</a>))</li>
+<li>in this application the redirect url must be be “&lt;url of your
+server&gt;/auth_oauth/signin” and of course this URL should be reachable
+from Azure</li>
+<li>create a new authentication provider in Odoo with the following
+parameters (see the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings">portal
+documentation</a>
+for more information):</li>
+</ol>
+<p><img alt="image" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png" /></p>
+<p><img alt="image1" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png" /></p>
+<p>Single tenant provider limits the access to user of your tenant, while
+Multitenants allow access for all AzureAD users, so user of foreign
+companies can use their AzureAD login without an guest account.</p>
 <ul class="simple">
 <li>Provider Name: Azure AD Single Tenant</li>
 <li>Client ID: Application (client) id</li>
@@ -439,32 +442,38 @@ <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2
 <li>Allowed: yes</li>
 <li>replace {tenant_id} in urls with your Azure tenant id</li>
 </ul>
-<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png" />
+<p><img alt="image2" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png" /></p>
 </div>
 <div class="section" id="setup-for-keycloak">
 <h2><a class="toc-backref" href="#toc-entry-4">Setup for Keycloak</a></h2>
 <p>Example configuration with OpenID Connect authorization code flow.</p>
 <p>In Keycloak:</p>
-<p># configure a new Client
-# make sure Authorization Code Flow is Enabled.
-# configure the client Access Type as “confidential” and take note of the client secret in the Credentials tab
-# configure the redirect url to be “&lt;url of your server&gt;/auth_oauth/signin”</p>
+<ol class="arabic simple">
+<li>configure a new Client</li>
+<li>make sure Authorization Code Flow is Enabled.</li>
+<li>configure the client Access Type as “confidential” and take note of
+the client secret in the Credentials tab</li>
+<li>configure the redirect url to be “&lt;url of your
+server&gt;/auth_oauth/signin”</li>
+</ol>
 <p>In Odoo, create a new Oauth Provider with the following parameters:</p>
 <ul class="simple">
-<li>Provider name: Keycloak (or any name you like that identify your keycloak
-provider)</li>
+<li>Provider name: Keycloak (or any name you like that identify your
+keycloak provider)</li>
 <li>Auth Flow: OpenID Connect (authorization code flow)</li>
-<li>Client ID: the same Client ID you entered when configuring the client in Keycloak</li>
+<li>Client ID: the same Client ID you entered when configuring the client
+in Keycloak</li>
 <li>Client Secret: found in keycloak on the client Credentials tab</li>
 <li>Allowed: yes</li>
-<li>Body: the link text to appear on the login page, such as Login with Keycloak</li>
+<li>Body: the link text to appear on the login page, such as Login with
+Keycloak</li>
 <li>Scope: openid email</li>
 <li>Authentication URL: The “authorization_endpoint” URL found in the
 OpenID Endpoint Configuration of your Keycloak realm</li>
-<li>Token URL: The “token_endpoint” URL found in the
-OpenID Endpoint Configuration of your Keycloak realm</li>
-<li>JWKS URL: The “jwks_uri” URL found in the
-OpenID Endpoint Configuration of your Keycloak realm</li>
+<li>Token URL: The “token_endpoint” URL found in the OpenID Endpoint
+Configuration of your Keycloak realm</li>
+<li>JWKS URL: The “jwks_uri” URL found in the OpenID Endpoint
+Configuration of your Keycloak realm</li>
 </ul>
 </div>
 </div>
@@ -475,8 +484,10 @@ <h1><a class="toc-backref" href="#toc-entry-5">Usage</a></h1>
 <div class="section" id="known-issues-roadmap">
 <h1><a class="toc-backref" href="#toc-entry-6">Known issues / Roadmap</a></h1>
 <ul class="simple">
-<li>When going to the login screen, check for a existing token and do a direct login without the clicking on the SSO link</li>
-<li>When doing a logout an extra option to also logout at the SSO provider.</li>
+<li>When going to the login screen, check for a existing token and do a
+direct login without the clicking on the SSO link</li>
+<li>When doing a logout an extra option to also logout at the SSO
+provider.</li>
 </ul>
 </div>
 <div class="section" id="changelog">
