coder
diff --git a/‎coderd/apidoc/docs.go
+67 b/‎coderd/apidoc/docs.go
+67
diff --git a/‎coderd/apidoc/swagger.json
+63 b/‎coderd/apidoc/swagger.json
+63
diff --git a/‎coderd/coderd.go
+1 b/‎coderd/coderd.go
+1
diff --git a/‎coderd/members.go
+41 b/‎coderd/members.go
+41
diff --git a/‎coderd/members_test.go
+60 b/‎coderd/members_test.go
+60
diff --git a/‎codersdk/organizations.go
+5 b/‎codersdk/organizations.go
+5
diff --git a/‎codersdk/users.go
+14 b/‎codersdk/users.go
+14
diff --git a/‎docs/api/members.md
+67 b/‎docs/api/members.md
+67
@@ -837,6 +837,7 @@ func New(options *Options) *API {
 					})
 				})
 				r.Route("/members", func(r chi.Router) {
+					r.Get("/", api.listMembers)
 					r.Route("/roles", func(r chi.Router) {
 						r.Get("/", api.assignableOrgRoles)
 						r.With(httpmw.RequireExperiment(api.Experiments, codersdk.ExperimentCustomRoles)).
 
@@ -3,6 +3,8 @@ package coderd
 import (
 	"net/http"
 
+	"github.com/google/uuid"
+
 	"github.com/coder/coder/v2/coderd/database/db2sdk"
 	"github.com/coder/coder/v2/coderd/rbac"
 
@@ -12,6 +14,36 @@ import (
 	"github.com/coder/coder/v2/codersdk"
 )
 
+// @Summary List organization members
+// @ID list-organization-members
+// @Security CoderSessionToken
+// @Produce json
+// @Tags Members
+// @Param organization path string true "Organization ID"
+// @Success 200 {object} []codersdk.OrganizationMemberWithName
+// @Router /organizations/{organization}/members [get]
+func (api *API) listMembers(rw http.ResponseWriter, r *http.Request) {
+	var (
+		ctx          = r.Context()
+		organization = httpmw.OrganizationParam(r)
+	)
+
+	members, err := api.Database.OrganizationMembers(ctx, database.OrganizationMembersParams{
+		OrganizationID: organization.ID,
+		UserID:         uuid.Nil,
+	})
+	if httpapi.Is404Error(err) {
+		httpapi.ResourceNotFound(rw)
+		return
+	}
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, db2sdk.List(members, convertOrganizationMemberRow))
+}
+
 // @Summary Assign role to organization member
 // @ID assign-role-to-organization-member
 // @Security CoderSessionToken
@@ -73,3 +105,12 @@ func convertOrganizationMember(mem database.OrganizationMember) codersdk.Organiz
 	}
 	return convertedMember
 }
+
+func convertOrganizationMemberRow(row database.OrganizationMembersRow) codersdk.OrganizationMemberWithName {
+	convertedMember := codersdk.OrganizationMemberWithName{
+		Username:           row.Username,
+		OrganizationMember: convertOrganizationMember(row.OrganizationMember),
+	}
+
+	return convertedMember
+}
@@ -0,0 +1,60 @@
+package coderd_test
+
+import (
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/coderd/coderdtest"
+	"github.com/coder/coder/v2/coderd/database/db2sdk"
+	"github.com/coder/coder/v2/coderd/rbac"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/testutil"
+)
+
+func TestListMembers(t *testing.T) {
+	t.Parallel()
+
+	t.Run("OK", func(t *testing.T) {
+		t.Parallel()
+		owner := coderdtest.New(t, nil)
+		first := coderdtest.CreateFirstUser(t, owner)
+
+		client, user := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, rbac.ScopedRoleOrgAdmin(first.OrganizationID))
+
+		ctx := testutil.Context(t, testutil.WaitShort)
+		members, err := client.OrganizationMembers(ctx, first.OrganizationID)
+		require.NoError(t, err)
+		require.Len(t, members, 2)
+		require.ElementsMatch(t,
+			[]uuid.UUID{first.UserID, user.ID},
+			db2sdk.List(members, onlyIDs))
+	})
+
+	// Calling it from a user without the org access.
+	t.Run("NotInOrg", func(t *testing.T) {
+		t.Parallel()
+		owner := coderdtest.New(t, nil)
+		first := coderdtest.CreateFirstUser(t, owner)
+
+		client, _ := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, rbac.ScopedRoleOrgAdmin(first.OrganizationID))
+
+		ctx := testutil.Context(t, testutil.WaitShort)
+		org, err := owner.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
+			Name:        "test",
+			DisplayName: "",
+			Description: "",
+		})
+		require.NoError(t, err, "create organization")
+
+		// 404 error is expected instead of a 403/401 to not leak existence of
+		// an organization.
+		_, err = client.OrganizationMembers(ctx, org.ID)
+		require.ErrorContains(t, err, "404")
+	})
+}
+
+func onlyIDs(u codersdk.OrganizationMemberWithName) uuid.UUID {
+	return u.UserID
+}
@@ -57,6 +57,11 @@ type OrganizationMember struct {
 	Roles          []SlimRole `db:"roles" json:"roles"`
 }
 
+type OrganizationMemberWithName struct {
+	Username           string `table:"username,default_sort" json:"username"`
+	OrganizationMember `table:"m,recursive_inline"`
+}
+
 type CreateOrganizationRequest struct {
 	Name string `json:"name" validate:"required,organization_name"`
 	// DisplayName will default to the same value as `Name` if not provided.
 
@@ -379,6 +379,20 @@ func (c *Client) UpdateUserPassword(ctx context.Context, user string, req Update
 	return nil
 }
 
+// OrganizationMembers lists all members in an organization
+func (c *Client) OrganizationMembers(ctx context.Context, organizationID uuid.UUID) ([]OrganizationMemberWithName, error) {
+	res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/organizations/%s/members/", organizationID), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusOK {
+		return nil, ReadBodyAsError(res)
+	}
+	var members []OrganizationMemberWithName
+	return members, json.NewDecoder(res.Body).Decode(&members)
+}
+
 // UpdateUserRoles grants the userID the specified roles.
 // Include ALL roles the user has.
 func (c *Client) UpdateUserRoles(ctx context.Context, user string, req UpdateRoles) (User, error) {