chore: add warning log if misconfigured groups oidc (#7874)

* chore: add warning log if misconfigured groups oidc This is not perfect, but if we find a 'groups' claim and it is not configured, put out a warning log to give some information
2025-07-03 16:13:58 +00:00 · 2023-06-08 08:51:59 -05:00
parent 479467473e
commit b2324325fa
6 changed files with 22 additions and 7 deletions
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@ -675,6 +675,12 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		}
 	}

+	// This conditional is purely to warn the user they might have misconfigured their OIDC
+	// configuration.
+	if _, groupClaimExists := claims["groups"]; !usingGroups && groupClaimExists {
+		api.Logger.Debug(ctx, "'groups' claim was returned, but 'oidc-group-field' is not set, check your coder oidc settings.")
+	}
+
 	// The username is a required property in Coder. We make a best-effort
 	// attempt at using what the claims provide, but if that fails we will
 	// generate a random username.