Hello,

I have a question regarding Coder'sOIDC token refresh mechanism. Does anyone know if we have any control over how Coder handles token refreshing? I've looked through the Coder documentation but couldn't find anything relevant.

The issue is that Coder seems to be improperly handling token refreshes, causing about 10-20 errors per minute in our OIDC event log. When the Coder session is active for an extended period, this results in thousands of entries, which, for now, seems to be just a cosmetic issue. However, I'm not sure if this erroneous token refresh might have any adverse effects on usage (probably not, since it seems a local session gets established), but I think this might be worth bringing up as a possible bug.

Here's what’s going wrong: When the token is refreshed, our OIDC provider issues a new refresh token and invalidates the old one. But Coder continues to use the old token which, as expected, fails. It then retries using the same old token, again failing, and this cycle continues.

I would greatly appreciate it if anyone has any insights into this or can guide me on how I can report this issue to the Coder development team.

Thank you in advance for your help!

We are currently running Coder v0.24.1+2c843f4