fix(coderd)!: add CODER_OIDC_IGNORE_USERINFO configuration option (#6922)

* add CODER_OIDC_IGNORE_USERINFO option * chore: update docs for CODER_OIDC_IGNORE_USERINFO w.r.t ADFS * fix!: codersdk: fix incorrectly named OIDC_GROUP_MAPPING -> CODER_OIDC_GROUP_MAPPING
2025-07-23 21:32:07 +00:00 · 2023-04-05 09:07:43 +01:00
parent 929589ddfa
commit 9c4ccd76a0
13 changed files with 209 additions and 42 deletions
--- a/docs/cli/server.md
+++ b/docs/cli/server.md
@ -361,7 +361,7 @@ Change the OIDC default 'groups' claim field. By default, will be 'groups' if pr
 |             |                                        |
 | ----------- | -------------------------------------- |
 | Type        | <code>struct[map[string]string]</code> |
-| Environment | <code>$OIDC_GROUP_MAPPING</code>       |
+| Environment | <code>$CODER_OIDC_GROUP_MAPPING</code> |
 | Default     | <code>{}</code>                        |

 A map of OIDC group IDs and the group in Coder it should map to. This is useful for when OIDC providers only return group IDs.
@ -384,6 +384,16 @@ URL pointing to the icon to use on the OepnID Connect login button.

 Ignore the email_verified claim from the upstream provider.

+### --oidc-ignore-userinfo
+
+|             |                                          |
+| ----------- | ---------------------------------------- |
+| Type        | <code>bool</code>                        |
+| Environment | <code>$CODER_OIDC_IGNORE_USERINFO</code> |
+| Default     | <code>false</code>                       |
+
+Ignore the userinfo endpoint and only use the ID token for user information.
+
 ### --oidc-issuer-url

 |             |                                     |