fix(coderd)!: add CODER_OIDC_IGNORE_USERINFO configuration option (#6922)

* add CODER_OIDC_IGNORE_USERINFO option * chore: update docs for CODER_OIDC_IGNORE_USERINFO w.r.t ADFS * fix!: codersdk: fix incorrectly named OIDC_GROUP_MAPPING -> CODER_OIDC_GROUP_MAPPING
2025-07-09 11:45:56 +00:00 · 2023-04-05 09:07:43 +01:00
parent 929589ddfa
commit 9c4ccd76a0
13 changed files with 209 additions and 42 deletions
--- a/codersdk/deployment.go
+++ b/codersdk/deployment.go
@ -258,6 +258,7 @@ type OIDCConfig struct {
 	UsernameField       clibase.String                    `json:"username_field" typescript:",notnull"`
 	EmailField          clibase.String                    `json:"email_field" typescript:",notnull"`
 	AuthURLParams       clibase.Struct[map[string]string] `json:"auth_url_params" typescript:",notnull"`
+	IgnoreUserInfo      clibase.Bool                      `json:"ignore_user_info" typescript:",notnull"`
 	GroupField          clibase.String                    `json:"groups_field" typescript:",notnull"`
 	GroupMapping        clibase.Struct[map[string]string] `json:"group_mapping" typescript:",notnull"`
 	SignInText          clibase.String                    `json:"sign_in_text" typescript:",notnull"`
@ -882,6 +883,16 @@ when required by your organization's security policy.`,
 			Group:       &deploymentGroupOIDC,
 			YAML:        "authURLParams",
 		},
+		{
+			Name:        "OIDC Ignore UserInfo",
+			Description: "Ignore the userinfo endpoint and only use the ID token for user information.",
+			Flag:        "oidc-ignore-userinfo",
+			Env:         "CODER_OIDC_IGNORE_USERINFO",
+			Default:     "false",
+			Value:       &c.OIDC.IgnoreUserInfo,
+			Group:       &deploymentGroupOIDC,
+			YAML:        "ignoreUserInfo",
+		},
 		{
 			Name:        "OIDC Group Field",
 			Description: "Change the OIDC default 'groups' claim field. By default, will be 'groups' if present in the oidc scopes argument.",
@ -901,7 +912,7 @@ when required by your organization's security policy.`,
 			Name:        "OIDC Group Mapping",
 			Description: "A map of OIDC group IDs and the group in Coder it should map to. This is useful for when OIDC providers only return group IDs.",
 			Flag:        "oidc-group-mapping",
-			Env:         "OIDC_GROUP_MAPPING",
+			Env:         "CODER_OIDC_GROUP_MAPPING",
 			Default:     "{}",
 			Value:       &c.OIDC.GroupMapping,
 			Group:       &deploymentGroupOIDC,