docs: add description of pre_authenticate option

Signed-off-by: Patrick Chin <8509935+thepatrickchin@users.noreply.github.com>

Author: thepatrickchin

docs/source/components/auth/api-authentication.md

@@ -114,6 +114,7 @@ authentication:
 | `token_endpoint_auth_method` | Some token provider endpoints require specific types of authentication. For example `client_secret_post`. |
 | `redirect_uri` | The redirect URI for OAuth 2.0 authentication. Must match the registered redirect URI with the OAuth provider.|
 | `scopes` | List of permissions to the API provider (e.g., `read`, `write`). |
+| `pre_authenticate` | Whether to trigger authentication at WebSocket connection time before the user submits their first prompt, defaults to `False`. Only applies in `nat serve` mode. When enabled, tokens are cached for the session to avoid re-authentication on reconnect. |
 | `use_pkce` | Whether to use PKCE (Proof Key for Code Exchange) in the OAuth 2.0 flow, defaults to `False` |
 | `use_redirect_auth` | Whether to use a redirect-based flow or open the OAuth consent page in a popup window, defaults to `False` (popup) |
 | `authorization_kwargs` | Additional keyword arguments to include in the authorization request. |