small updates to auth docs

[choldgraf]

Makes GitHub first (since it's the easiest+most free of the auth steps) and adds a bit of extra information

[manics]

Typo in oath

[choldgraf]

thanks for noticing @manics !!

[cam72cam]

Perhaps a note here that it is not required if all the users membership is public

[choldgraf]

great point @cam72cam !

[cam72cam]

That does not exactly address my concern, perhaps something like:

The org_whitelist section is optional, it lets you only allow users from particular GitHub organizations that you list. If you do not add the auth scope read:org, only users with public membership in the org will be allowed to log in. If it is not included, then all GitHub users will be allowed to access your JupyterHub.

[choldgraf]

@cam72cam hmm - I'm actually a bit unclear as to what read:org means, and wasn't able to find options for this when creating a github OAuth app. Could you link to docs on what you're talking about here? Or more generally let me know what this means in more lay-person's terms?

[manics]

@choldgraf I've got a related PR open: #523
Assuming this goes in I could either open a separate docs PR discussing org_whitelist and scope once this PR is merged in which case just leave your changes as they are, or I could give you a commit to cherry-pick here?

[choldgraf]

Let's leave this open and you're welcome to suggest language here that I can add once you merge it in! That work for you?

[choldgraf]

(just please remember to ping me when it's merged)

[cam72cam]

@choldgraf read:org means that the application can lookup what organizations the user is a member of (both public and private memberships)

[manics]

@choldgraf Suggested text in choldgraf#1

[choldgraf]

I love it @manics and @cam72cam - thanks for the patch and clarification. This PR is RTG from my end