77<img src="https://avatars.githubusercontent.com/u/5446298?v=4" alt="Steven Masley" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
88 </a >
99</div >
10- December 13, 2023
10+ Updated: June, 2025
1111
1212---
1313
@@ -50,7 +50,7 @@ the `id_token`. See all configuration options for group sync in the
5050
5151``` bash
5252# Add the 'groups' scope.
53- CODER_OIDC_SCOPES=openid,profile,email,groups
53+ CODER_OIDC_SCOPES=openid,profile,email,offline_access, groups
5454# This name needs to match the "Claim name" in the configuration above.
5555CODER_OIDC_GROUP_FIELD=groups
5656```
@@ -60,7 +60,7 @@ membership.
6060
6161``` bash
6262# Requires the "groups" scope
63- CODER_OIDC_SCOPES=openid,profile,email,groups
63+ CODER_OIDC_SCOPES=openid,profile,email,offline_access, groups
6464# This name needs to match the "Claim name" in the configuration above.
6565CODER_OIDC_USER_ROLE_FIELD=groups
6666# Example configuration to map a group to some roles
@@ -95,7 +95,7 @@ Configure using these new attributes in Coder.
9595# This must be set to false. Coder uses this endpoint to grab the attributes.
9696CODER_OIDC_IGNORE_USERINFO=false
9797# No custom scopes are required.
98- CODER_OIDC_SCOPES=openid,profile,email
98+ CODER_OIDC_SCOPES=openid,profile,email,offline_access
9999# Configure the group/role field using the attribute name in the application.
100100CODER_OIDC_USER_ROLE_FIELD=approles
101101# See our docs for mapping okta roles to coder roles.
@@ -147,7 +147,7 @@ need to configure coder to use this.
147147# authorization server.
148148CODER_OIDC_ISSUER_URL=https://dev-12222860.okta.com/oauth2/default
149149# Add the new scope you just configured
150- CODER_OIDC_SCOPES=openid,profile,email,roles
150+ CODER_OIDC_SCOPES=openid,profile,email,roles,offline_access
151151# Use the claim you just configured
152152CODER_OIDC_USER_ROLE_FIELD=roles
153153# See our docs for mapping okta roles to coder roles.