Note-to-configure-SSO.md

+# Manual setting
+
+https://github.com/doorkeeper-gem/doorkeeper-openid_connect?tab=readme-ov-file#routes
+
+https://sso.thape.com.cn/.well-known/openid-configuration
+
+From auth_providers provider.
+
+```json
+{
+  "host": "sso.thape.com.com",
+  "icon": "openid_connect/auth_provider-custom.png",
+  "issuer": "https://sso.thape.com.cn",
+  "jwks_uri": "https://sso.thape.com.cn/oauth/discovery/keys",
+  "client_id": "",
+  "metadata_url": "https://sso.thape.com.cn/.well-known/openid-configuration",
+  "client_secret": "",
+  "oidc_provider": "custom",
+  "token_endpoint": "https://sso.thape.com.cn/oauth/token",
+  "userinfo_endpoint": "https://sso.thape.com.cn/oauth/userinfo",
+  "end_session_endpoint": "",
+  "authorization_endpoint": "https://sso.thape.com.cn/oauth/authorize",
+  "post_logout_redirect_uri": ""
+}
+```
+
+New scope is fixed at `openid email profile`
+
+# Legacy SSO setting method.
+
 ## local debug settings
 
 ```
@@ -45,31 +75,3 @@ Setting.plugin_openproject_openid_connect = Hash({}).deep_merge({
   }
 })
 ```
\ No newline at end of file
-
-# Manual setting
-
-https://github.com/doorkeeper-gem/doorkeeper-openid_connect?tab=readme-ov-file#routes
-
-https://sso.thape.com.cn/.well-known/openid-configuration
-
-From auth_providers provider.
-
-```json
-{
-  "host": "sso.thape.com.com",
-  "icon": "openid_connect/auth_provider-custom.png",
-  "issuer": "https://sso.thape.com.cn",
-  "jwks_uri": "https://sso.thape.com.cn/oauth/discovery/keys",
-  "client_id": "",
-  "metadata_url": "https://sso.thape.com.cn/.well-known/openid-configuration",
-  "client_secret": "",
-  "oidc_provider": "custom",
-  "token_endpoint": "https://sso.thape.com.cn/oauth/token",
-  "userinfo_endpoint": "https://sso.thape.com.cn/oauth/userinfo",
-  "end_session_endpoint": "",
-  "authorization_endpoint": "https://sso.thape.com.cn/oauth/authorize",
-  "post_logout_redirect_uri": ""
-}
-```
-
-scope is fixed at openid email profile
\ No newline at end of file