From c8e67833f53e98a3804cd0b1e3ac0dec3f481a05 Mon Sep 17 00:00:00 2001
From: Montasser abd majid ZEHRI
 <76430267+atnomoverflow@users.noreply.github.com>
Date: Fri, 16 Jun 2023 16:18:26 +0100
Subject: [PATCH] docs: add oidc keycloak docs (#8042)

* adding docs for keycloak to solve the problem with the refraish token

* fmt
---
 docs/admin/auth.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/admin/auth.md b/docs/admin/auth.md
index 27859f9724..e976c61436 100644
--- a/docs/admin/auth.md
+++ b/docs/admin/auth.md
@@ -328,3 +328,11 @@ Below are some details specific to individual OIDC providers.
      ```
 
    - (Optional) If using Group Sync, send the required groups in the configured groups claim field. See [here](https://stackoverflow.com/a/55570286) for an example.
+
+### Keycloak
+
+The access_type parameter has two possible values: "online" and "offline." By default, the value is set to "offline". This means that when a user authenticates using OIDC, the application requests offline access to the user's resources, including the ability to refresh access tokens without requiring the user to reauthenticate.
+
+To enable the `offline_access` scope, which allows for the refresh token functionality, you need to add it to the list of requested scopes during the authentication flow. Including the `offline_access` scope in the requested scopes ensures that the user is granted the necessary permissions to obtain refresh tokens.
+
+By combining the `{"access_type":"offline"}` parameter in the OIDC Auth URL with the `offline_access` scope, you can achieve the desired behavior of obtaining refresh tokens for offline access to the user's resources.