It's hard to tell if refresh tokens are working correctly because we don't directly surface the information of whether we are getting them from the OIDC identity provider. Without directly going around Coder and querying the database, you kind of have to wait around for your access token to expire to verify things are working. This could be 1 hour, or it could be days, depending on the OIDC identity provider setting.

@Emyrk added a visual indication for refresh tokens for External Auth links, but not login:

We could do something similar, or add information about refresh tokens to the Health page.

relates to #18307