From 84d8f8afd28c31c3612c8ac8a84efe82068e855c Mon Sep 17 00:00:00 2001 From: David Stockton <7375241+dstockton@users.noreply.github.com> Date: Fri, 13 Feb 2026 17:06:11 +0000 Subject: [PATCH] Document AUTH__COOKIE_SECURE env var Co-Authored-By: Claude Opus 4.6 --- content/configuration/auth-sso.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/configuration/auth-sso.md b/content/configuration/auth-sso.md index 39f33b26..9a110f14 100644 --- a/content/configuration/auth-sso.md +++ b/content/configuration/auth-sso.md @@ -20,7 +20,8 @@ For each of the auth providers listed, you must provide the following configurat | Variable | Description | Default Value | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | | `AUTH__DRIVER` | Which driver to use, either `local`, `oauth2`, `openid`, `ldap`, `saml`. | | -| `AUTH__MODE` | Whether to use `'cookie'` or `'session'` authentication mode when redirecting. Applies to the following drivers `oauth2`, `openid`, `saml`. | `session` | +| `AUTH__MODE` | Whether to use `'cookie'` or `'session'` authentication mode when redirecting. Applies to the following drivers `oauth2`, `openid`, `saml`. | `session` | +| `AUTH__COOKIE_SECURE` | Set the `secure` attribute on the OAuth 2.0 / OpenID state cookie. Enable when serving over HTTPS. Applies to `oauth2` and `openid` drivers. | `false` | ::callout{icon="material-symbols:info-outline"} Cookie and session configuration settings such as `REFRESH_TOKEN_COOKIE_*`, `SESSION_COOKIE_*`, and related security parameters can be found in [Security & Limits](/configuration/security-limits).