feat(docs): add repository options for SQL backends in configuration

Author: hrntknr

docs/docs/configuration.md

@@ -93,6 +93,26 @@ You can use both exact matching and glob patterns for OIDC user authorization:
 | `--tls-listen` | `TLS_LISTEN`         | `:443`   | Address to listen on for TLS |
 | `--data-path`  | `DATA_PATH`          | `./data` | Path to the data directory   |
 
+### Repository Options
+
+| Option                  | Environment Variable  | Default | Description                                                                                                           |
+| ----------------------- | --------------------- | ------- | --------------------------------------------------------------------------------------------------------------------- |
+| `--repository-backend`  | `REPOSITORY_BACKEND`  | `local` | Storage backend for OAuth state. Supported values: `local` (embedded BoltDB), `sqlite`, `postgres`, or `mysql`.       |
+| `--repository-dsn`      | `REPOSITORY_DSN`      | -       | Connection string passed directly to the SQL driver. Required when `--repository-backend` is `sqlite/postgres/mysql`. |
+
+`local` uses an embedded BoltDB file under `--data-path`. SQL backends run migrations automatically via GORM; the DSN must be valid for the chosen driver (examples below). The deprecated value `sql` is no longer accepted—select the concrete driver instead.
+
+```bash title="DSN examples"
+# sqlite
+--repository-backend sqlite --repository-dsn "file:data/mcp-auth.db?cache=shared&mode=rwc"
+
+# postgres
+--repository-backend postgres --repository-dsn "postgres://user:pass@hostname:5432/database?sslmode=disable"
+
+# mysql
+--repository-backend mysql --repository-dsn "user:pass@tcp(hostname:3306)/database?parseTime=true"
+```
+
 ### Proxy Options
 
 | Option                 | Environment Variable | Default | Description                                                                                           |