coder
diff --git a/‎cli/testdata/server-config.yaml.golden
Lines changed: 4 additions & 0 deletions b/‎cli/testdata/server-config.yaml.golden
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 81 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 81 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 71 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 71 additions & 0 deletions
diff --git a/‎docs/api/authorization.md
Lines changed: 51 additions & 0 deletions b/‎docs/api/authorization.md
Lines changed: 51 additions & 0 deletions
diff --git a/‎docs/api/schemas.md
Lines changed: 38 additions & 0 deletions b/‎docs/api/schemas.md
Lines changed: 38 additions & 0 deletions
@@ -33,6 +33,10 @@ networking:
     # directly in the database.
     # (default: <unset>, type: bool)
     disablePasswordAuth: false
+    # If enabled, users can switch from password based authentication to oauth based
+    # authentication by logging into an oidc account with the same email address.
+    # (default: <unset>, type: bool)
+    enableOauthAuthConversion: false
     # The interval in which coderd should be checking the status of workspace proxies.
     # (default: 1m0s, type: duration)
     proxyHealthInterval: 1m0s
 
@@ -66,6 +66,57 @@ curl -X POST http://coder-server:8080/api/v2/authcheck \
 
 To perform this operation, you must be authenticated. [Learn more](authentication.md).
 
+## Convert user from password to oauth authentication
+
+### Code samples
+
+```shell
+# Example request using curl
+curl -X POST http://coder-server:8080/api/v2/users/convert-login \
+  -H 'Content-Type: application/json' \
+  -H 'Accept: application/json' \
+  -H 'Coder-Session-Token: API_KEY'
+```
+
+`POST /users/convert-login`
+
+> Body parameter
+
+```json
+{
+  "email": "user@example.com",
+  "password": "string",
+  "to_login_type": "password"
+}
+```
+
+### Parameters
+
+| Name   | In   | Type                                                                   | Required | Description     |
+| ------ | ---- | ---------------------------------------------------------------------- | -------- | --------------- |
+| `body` | body | [codersdk.ConvertLoginRequest](schemas.md#codersdkconvertloginrequest) | true     | Convert request |
+
+### Example responses
+
+> 201 Response
+
+```json
+{
+  "expires_at": "string",
+  "state_string": "string",
+  "to_login_type": "password",
+  "user_id": "string"
+}
+```
+
+### Responses
+
+| Status | Meaning                                                      | Description | Schema                                                                         |
+| ------ | ------------------------------------------------------------ | ----------- | ------------------------------------------------------------------------------ |
+| 201    | [Created](https://tools.ietf.org/html/rfc7231#section-6.3.2) | Created     | [codersdk.OauthConversionResponse](schemas.md#codersdkoauthconversionresponse) |
+
+To perform this operation, you must be authenticated. [Learn more](authentication.md).
+
 ## Log in user
 
 ### Code samples
 
@@ -1270,6 +1270,24 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
 | `autostart` |
 | `autostop`  |
 
+## codersdk.ConvertLoginRequest
+
+```json
+{
+  "email": "user@example.com",
+  "password": "string",
+  "to_login_type": "password"
+}
+```
+
+### Properties
+
+| Name            | Type                                     | Required | Restrictions | Description                                    |
+| --------------- | ---------------------------------------- | -------- | ------------ | ---------------------------------------------- |
+| `email`         | string                                   | true     |              |                                                |
+| `password`      | string                                   | true     |              |                                                |
+| `to_login_type` | [codersdk.LoginType](#codersdklogintype) | true     |              | To login type is the login type to convert to. |
+
 ## codersdk.CreateFirstUserRequest
 
 ```json
@@ -2992,6 +3010,26 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
 | `sign_in_text`          | string                     | false    |              |             |
 | `username_field`        | string                     | false    |              |             |
 
+## codersdk.OauthConversionResponse
+
+```json
+{
+  "expires_at": "string",
+  "state_string": "string",
+  "to_login_type": "password",
+  "user_id": "string"
+}
+```
+
+### Properties
+
+| Name            | Type                                     | Required | Restrictions | Description |
+| --------------- | ---------------------------------------- | -------- | ------------ | ----------- |
+| `expires_at`    | string                                   | false    |              |             |
+| `state_string`  | string                                   | false    |              |             |
+| `to_login_type` | [codersdk.LoginType](#codersdklogintype) | false    |              |             |
+| `user_id`       | string                                   | false    |              |             |
+
 ## codersdk.Organization
 
 ```json