NotificationsYou must be signed in to change notification settings
Fork913
Star10k

Commit8e1ccf9

authored

chore: update IdP docs with Google quirks (#18318)

Following some issues we discovered on dogfood after merging#17878, wethink `prompt=consent` is required for refresh tokens to be sent byGoogle every time you sign in.

1 parentf2f0237 commit8e1ccf9Copy full SHA for 8e1ccf9

File tree

1 file changed

+12

-0

lines changed

docs/admin/users
- idp-sync.md

1 file changed

+12

-0

lines changed

`‎docs/admin/users/idp-sync.md`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -595,3 +595,15 @@ user is granted the necessary permissions to obtain refresh tokens.`
`595`	`595`	By combining the`{"access_type":"offline"}` parameterin the OIDC Auth URL with
`596`	`596`	the`offline_access` scope, you can achieve the desired behavior of obtaining
`597`	`597`	`refresh tokensfor offline access to the user's resources.`
	`598`	`+`
	`599`	`+### Google`
	`600`	`+`
	`601`	`+To ensure Coder receives a refresh token when users authenticate with Google`
	`602`	+directly, set the `prompt` to `consent` in the auth URL parameters. Without
	`603`	`+this, users will be logged out after 1 hour.`
	`604`	`+`
	`605`	`+In your Coder configuration:`
	`606`	`+`
	`607`	+```shell
	`608`	`+CODER_OIDC_AUTH_URL_PARAMS='{"access_type":"offline","prompt":"consent"}'`
	`609`	+```

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8e1ccf9

File tree

1 file changed

1 file changed

`‎docs/admin/users/idp-sync.md`

0 commit comments