From cfe0f8a0e61b9fe90b743b9302cf6348bd1f41ce Mon Sep 17 00:00:00 2001
From: Chris Kanich <kaytwo@gmail.com>
Date: Wed, 7 May 2025 14:48:42 -0500
Subject: [PATCH] review changes

---
 docs/features/sso.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/features/sso.md b/docs/features/sso.md
index 9f2a674..42218bc 100644
--- a/docs/features/sso.md
+++ b/docs/features/sso.md
@@ -22,6 +22,8 @@ There are several global configuration options for OAuth:
 1. `OAUTH_MERGE_ACCOUNTS_BY_EMAIL` - allows logging into an account that matches the email address provided by the OAuth provider.
     - This is considered insecure as not all OAuth providers verify email addresses, and may allow accounts to be hijacked.
 1. `OAUTH_UPDATE_PICTURE_ON_LOGIN` - if `true`, users will have OAuth-provided profile pictures updated on login.
+    - If the OAuth picture claim is disabled by setting `OAUTH_PICTURE_CLAIM` to the empty string, this configuration will be ignored.
+1. `OAUTH_PICTURE_CLAIM` - can be used to customize or disable profile picture storage. The default, `picture`, will work for most providers; if set to the empty string, all users will receive the default person profile picture.
 
 ### Google