mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
1a41608035
fixes #17070 Cleans up our handling of APIKey expiration and OIDC to keep them separate concepts. For an OIDC-login APIKey, both the APIKey and OIDC link must be valid to login. If the OIDC link is expired and we have a refresh token, we will attempt to refresh. OIDC refreshes do not have any effect on APIKey expiry. https://github.com/coder/coder/issues/17070#issuecomment-2886183613 explains why this is the correct behavior.