From bc63676c6f82f0bfa8d024c524d317ac15203bb3 Mon Sep 17 00:00:00 2001
From: Rowan Smith <rowan@coder.com>
Date: Mon, 24 Nov 2025 09:26:09 +1100
Subject: [PATCH] chore: Update OIDC scopes to include offline_access

This is an update to https://coder.com/docs/admin/users/oidc-auth/microsoft#enable-refresh-tokens-recommended. We recommend users enable refresh tokens but don't actually give them the env var value to add.

https://coder.com/docs/admin/users/oidc-auth/refresh-tokens does a good job of including `offline_access` in the list.
---
 docs/admin/users/oidc-auth/microsoft.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/admin/users/oidc-auth/microsoft.md b/docs/admin/users/oidc-auth/microsoft.md
index 8acf2191a9d58..db9958f1bd0b7 100644
--- a/docs/admin/users/oidc-auth/microsoft.md
+++ b/docs/admin/users/oidc-auth/microsoft.md
@@ -44,7 +44,7 @@ CODER_OIDC_ICON_URL=/icon/microsoft.svg
 
 ```env
 # Keep standard scopes
-CODER_OIDC_SCOPES=openid,profile,email
+CODER_OIDC_SCOPES=openid,profile,email,offline_access
 ```
 
 After changing settings, users must log out and back in once to obtain refresh tokens