coder
diff --git a/‎cli/deployment/config.go
Lines changed: 6 additions & 0 deletions b/‎cli/deployment/config.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎cli/server.go
Lines changed: 3 additions & 2 deletions b/‎cli/server.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎cli/testdata/coder_server_--help.golden
Lines changed: 3 additions & 0 deletions b/‎cli/testdata/coder_server_--help.golden
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 3 additions & 0 deletions
diff --git a/‎coderd/audit/request.go
Lines changed: 14 additions & 6 deletions b/‎coderd/audit/request.go
Lines changed: 14 additions & 6 deletions
diff --git a/‎coderd/coderdtest/coderdtest.go
Lines changed: 1 addition & 0 deletions b/‎coderd/coderdtest/coderdtest.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 20 additions & 0 deletions b/‎coderd/database/databasefake/databasefake.go
Lines changed: 20 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 2 additions & 0 deletions b/‎coderd/database/querier.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 21 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 21 additions & 0 deletions
diff --git a/‎coderd/database/queries/siteconfig.sql
Lines changed: 7 additions & 0 deletions b/‎coderd/database/queries/siteconfig.sql
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/userauth.go
Lines changed: 4 additions & 1 deletion b/‎coderd/userauth.go
Lines changed: 4 additions & 1 deletion
diff --git a/‎codersdk/appearance.go
Lines changed: 43 additions & 0 deletions b/‎codersdk/appearance.go
Lines changed: 43 additions & 0 deletions
diff --git a/‎codersdk/branding.go
Lines changed: 23 additions & 0 deletions b/‎codersdk/branding.go
Lines changed: 23 additions & 0 deletions
diff --git a/‎codersdk/deploymentconfig.go
Lines changed: 1 addition & 0 deletions b/‎codersdk/deploymentconfig.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎codersdk/features.go
Lines changed: 2 additions & 2 deletions b/‎codersdk/features.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎codersdk/servicebanner.go
Lines changed: 0 additions & 38 deletions b/‎codersdk/servicebanner.go
Lines changed: 0 additions & 38 deletions
diff --git a/‎docs/admin/automation.md
Lines changed: 5 additions & 10 deletions b/‎docs/admin/automation.md
Lines changed: 5 additions & 10 deletions
@@ -248,6 +248,12 @@ func newConfig() *codersdk.DeploymentConfig {
 				Flag:    "oidc-ignore-email-verified",
 				Default: false,
 			},
+			UsernameField: &codersdk.DeploymentConfigField[string]{
+				Name:    "OIDC Username Field",
+				Usage:   "OIDC claim field to use as the username.",
+				Flag:    "oidc-username-field",
+				Default: "preferred_username",
+			},
 		},
 
 		Telemetry: &codersdk.TelemetryConfig{
 
@@ -526,8 +526,9 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 					Verifier: oidcProvider.Verifier(&oidc.Config{
 						ClientID: cfg.OIDC.ClientID.Value,
 					}),
-					EmailDomain:  cfg.OIDC.EmailDomain.Value,
-					AllowSignups: cfg.OIDC.AllowSignups.Value,
+					EmailDomain:   cfg.OIDC.EmailDomain.Value,
+					AllowSignups:  cfg.OIDC.AllowSignups.Value,
+					UsernameField: cfg.OIDC.UsernameField.Value,
 				}
 			}
 
 
@@ -112,6 +112,9 @@ Flags:
                                                      OIDC.
                                                      Consumes $CODER_OIDC_SCOPES (default
                                                      [openid,profile,email])
+      --oidc-username-field string                   OIDC claim field to use as the username.
+                                                     Consumes $CODER_OIDC_USERNAME_FIELD
+                                                     (default "preferred_username")
       --postgres-url string                          URL of a PostgreSQL database. If empty,
                                                      PostgreSQL binaries will be downloaded
                                                      from Maven
 
@@ -1975,6 +1975,9 @@ const docTemplate = `{
                 },
                 "scopes": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
+                },
+                "username_field": {
+                    "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
                 }
             }
         },
 
@@ -1795,6 +1795,9 @@
         },
         "scopes": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
+        },
+        "username_field": {
+          "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
         }
       }
     },
 
@@ -157,7 +157,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 		}
 
 		ip := parseIP(p.Request.RemoteAddr)
-		err := p.Audit.Export(ctx, database.AuditLog{
+		auditLog := database.AuditLog{
 			ID:               uuid.New(),
 			Time:             database.Now(),
 			UserID:           httpmw.APIKey(p.Request).UserID,
@@ -171,9 +171,13 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			StatusCode:       int32(sw.Status),
 			RequestID:        httpmw.RequestID(p.Request),
 			AdditionalFields: p.AdditionalFields,
-		})
+		}
+		err := p.Audit.Export(ctx, auditLog)
 		if err != nil {
-			p.Log.Error(logCtx, "export audit log", slog.Error(err))
+			p.Log.Error(logCtx, "export audit log",
+				slog.F("audit_log", auditLog),
+				slog.Error(err),
+			)
 			return
 		}
 	}
@@ -192,7 +196,7 @@ func BuildAudit[T Auditable](ctx context.Context, p *BuildAuditParams[T]) {
 		p.AdditionalFields = json.RawMessage("{}")
 	}
 
-	err := p.Audit.Export(ctx, database.AuditLog{
+	auditLog := database.AuditLog{
 		ID:               uuid.New(),
 		Time:             database.Now(),
 		UserID:           p.UserID,
@@ -206,9 +210,13 @@ func BuildAudit[T Auditable](ctx context.Context, p *BuildAuditParams[T]) {
 		StatusCode:       int32(p.Status),
 		RequestID:        p.JobID,
 		AdditionalFields: p.AdditionalFields,
-	})
+	}
+	err := p.Audit.Export(ctx, auditLog)
 	if err != nil {
-		p.Log.Error(ctx, "export audit log", slog.Error(err))
+		p.Log.Error(ctx, "export audit log",
+			slog.F("audit_log", auditLog),
+			slog.Error(err),
+		)
 		return
 	}
 }
 
@@ -880,6 +880,7 @@ func (o *OIDCConfig) OIDCConfig() *coderd.OIDCConfig {
 		}, &oidc.Config{
 			SkipClientIDCheck: true,
 		}),
+		UsernameField: "preferred_username",
 	}
 }
 
 
@@ -123,6 +123,7 @@ type data struct {
 	derpMeshKey     string
 	lastUpdateCheck []byte
 	serviceBanner   []byte
+	logoURL         string
 	lastLicenseID   int32
 }
 
@@ -3356,6 +3357,25 @@ func (q *fakeQuerier) GetServiceBanner(_ context.Context) (string, error) {
 	return string(q.serviceBanner), nil
 }
 
+func (q *fakeQuerier) InsertOrUpdateLogoURL(_ context.Context, data string) error {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	q.logoURL = data
+	return nil
+}
+
+func (q *fakeQuerier) GetLogoURL(_ context.Context) (string, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	if q.logoURL == "" {
+		return "", sql.ErrNoRows
+	}
+
+	return q.logoURL, nil
+}
+
 func (q *fakeQuerier) InsertLicense(
 	_ context.Context, arg database.InsertLicenseParams,
 ) (database.License, error) {
 
@@ -23,3 +23,10 @@ ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'service_ban
 
 -- name: GetServiceBanner :one
 SELECT value FROM site_configs WHERE key = 'service_banner';
+
+-- name: InsertOrUpdateLogoURL :exec
+INSERT INTO site_configs (key, value) VALUES ('logo_url', $1)
+ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'logo_url';
+
+-- name: GetLogoURL :one
+SELECT value FROM site_configs WHERE key = 'logo_url';
@@ -198,6 +198,9 @@ type OIDCConfig struct {
 	// IgnoreEmailVerified allows ignoring the email_verified claim
 	// from an upstream OIDC provider. See #5065 for context.
 	IgnoreEmailVerified bool
+	// UsernameField selects the claim field to be used as the created user's
+	// username.
+	UsernameField string
 }
 
 func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
@@ -236,7 +239,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
 		})
 		return
 	}
-	usernameRaw, ok := claims["preferred_username"]
+	usernameRaw, ok := claims[api.OIDCConfig.UsernameField]
 	var username string
 	if ok {
 		username, _ = usernameRaw.(string)
 
@@ -0,0 +1,43 @@
+package codersdk
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+)
+
+type AppearanceConfig struct {
+	LogoURL       string              `json:"logo_url"`
+	ServiceBanner ServiceBannerConfig `json:"service_banner"`
+}
+
+type ServiceBannerConfig struct {
+	Enabled         bool   `json:"enabled"`
+	Message         string `json:"message,omitempty"`
+	BackgroundColor string `json:"background_color,omitempty"`
+}
+
+func (c *Client) Appearance(ctx context.Context) (AppearanceConfig, error) {
+	res, err := c.Request(ctx, http.MethodGet, "/api/v2/appearance", nil)
+	if err != nil {
+		return AppearanceConfig{}, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusOK {
+		return AppearanceConfig{}, readBodyAsError(res)
+	}
+	var cfg AppearanceConfig
+	return cfg, json.NewDecoder(res.Body).Decode(&cfg)
+}
+
+func (c *Client) UpdateAppearance(ctx context.Context, appearance AppearanceConfig) error {
+	res, err := c.Request(ctx, http.MethodPut, "/api/v2/appearance", appearance)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusOK {
+		return readBodyAsError(res)
+	}
+	return nil
+}
@@ -0,0 +1,23 @@
+package codersdk
+
+import (
+	"context"
+	"net/http"
+)
+
+type UpdateBrandingRequest struct {
+	LogoURL string `json:"logo_url"`
+}
+
+// UpdateBranding applies customization settings available to Enterprise customers.
+func (c *Client) UpdateBranding(ctx context.Context, req UpdateBrandingRequest) error {
+	res, err := c.Request(ctx, http.MethodPut, "/api/v2/branding", req)
+	if err != nil {
+		return err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusOK {
+		return readBodyAsError(res)
+	}
+	return nil
+}
@@ -99,6 +99,7 @@ type OIDCConfig struct {
 	IssuerURL           *DeploymentConfigField[string]   `json:"issuer_url" typescript:",notnull"`
 	Scopes              *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
 	IgnoreEmailVerified *DeploymentConfigField[bool]     `json:"ignore_email_verified" typescript:",notnull"`
+	UsernameField       *DeploymentConfigField[string]   `json:"username_field" typescript:",notnull"`
 }
 
 type TelemetryConfig struct {
 
@@ -23,7 +23,7 @@ const (
 	FeatureHighAvailability           = "high_availability"
 	FeatureMultipleGitAuth            = "multiple_git_auth"
 	FeatureExternalProvisionerDaemons = "external_provisioner_daemons"
-	FeatureServiceBanners             = "service_banners"
+	FeatureAppearance                 = "appearance"
 )
 
 var FeatureNames = []string{
@@ -35,7 +35,7 @@ var FeatureNames = []string{
 	FeatureHighAvailability,
 	FeatureMultipleGitAuth,
 	FeatureExternalProvisionerDaemons,
-	FeatureServiceBanners,
+	FeatureAppearance,
 }
 
 type Feature struct {
 
@@ -2,13 +2,9 @@
 
 We recommend automating Coder deployments through the CLI. Examples include [updating templates via CI/CD pipelines](../templates/change-management.md).
 
-## Tokens
+## Authentication
 
-Long-lived tokens can be generated to perform actions on behalf of your user account:
-
-```console
-coder tokens create
-```
+Coder uses authentication tokens to grant machine users access to the REST API. Follow the [Authentication](../api/authentication.md) page to learn how to generate long-lived tokens.
 
 ## CLI
 
@@ -23,14 +19,13 @@ coder workspaces ls
 
 ## REST API
 
-You can use tokens with the Coder's REST API using the `Coder-Session-Token` HTTP header.
+You can review the [API reference](../api/index.md) to find the necessary routes and payload. Alternatively, you can enable the [Swagger](https://swagger.io/) endpoint to read the documentation and do requests against the API:
 
 ```console
-curl 'https://dev.coder.com/api/v2/workspaces' \
-  -H 'Coder-Session-Token: *****'
+coder server --swagger-enable
 ```
 
-> At this time, we do not publish an API reference. However, [codersdk](https://github.com/coder/coder/tree/main/codersdk) can be grepped to find the necessary routes and payloads.
+By default, the local Swagger endpoint is http://localhost:3000/swagger.
 
 ## Golang SDK
Original file line number	Diff line number	Diff line change
`@@ -526,8 +526,9 @@ func Server(vip viper.Viper, newAPI func(context.Context, coderd.Options) (*co`
`526`	`526`	`Verifier: oidcProvider.Verifier(&oidc.Config{`
`527`	`527`	`ClientID: cfg.OIDC.ClientID.Value,`
`528`	`528`	`}),`
`529`		`- EmailDomain: cfg.OIDC.EmailDomain.Value,`
`530`		`- AllowSignups: cfg.OIDC.AllowSignups.Value,`
	`529`	`+ EmailDomain: cfg.OIDC.EmailDomain.Value,`
	`530`	`+ AllowSignups: cfg.OIDC.AllowSignups.Value,`
	`531`	`+ UsernameField: cfg.OIDC.UsernameField.Value,`
`531`	`532`	`}`
`532`	`533`	`}`
`533`	`534`
Original file line number	Diff line number	Diff line change
@@ -1975,6 +1975,9 @@ const docTemplate = `{
`1975`	`1975`	`},`
`1976`	`1976`	`"scopes": {`
`1977`	`1977`	`"$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"`
	`1978`	`+ },`
	`1979`	`+ "username_field": {`
	`1980`	`+ "$ref": "#/definitions/codersdk.DeploymentConfigField-string"`
`1978`	`1981`	`}`
`1979`	`1982`	`}`
`1980`	`1983`	`},`
Original file line number	Diff line number	Diff line change
`@@ -1795,6 +1795,9 @@`
`1795`	`1795`	`},`
`1796`	`1796`	`"scopes": {`
`1797`	`1797`	`"$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"`
	`1798`	`+ },`
	`1799`	`+ "username_field": {`
	`1800`	`+ "$ref": "#/definitions/codersdk.DeploymentConfigField-string"`
`1798`	`1801`	`}`
`1799`	`1802`	`}`
`1800`	`1803`	`},`
Original file line number	Diff line number	Diff line change
`@@ -880,6 +880,7 @@ func (o OIDCConfig) OIDCConfig() coderd.OIDCConfig {`
`880`	`880`	`}, &oidc.Config{`
`881`	`881`	`SkipClientIDCheck: true,`
`882`	`882`	`}),`
	`883`	`+ UsernameField: "preferred_username",`
`883`	`884`	`}`
`884`	`885`	`}`
`885`	`886`
Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,7 @@ type OIDCConfig struct {`
`99`	`99`	IssuerURL *DeploymentConfigField[string] `json:"issuer_url" typescript:",notnull"`
`100`	`100`	Scopes *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
`101`	`101`	IgnoreEmailVerified *DeploymentConfigField[bool] `json:"ignore_email_verified" typescript:",notnull"`
	`102`	+ UsernameField *DeploymentConfigField[string] `json:"username_field" typescript:",notnull"`
`102`	`103`	`}`
`103`	`104`
`104`	`105`	`type TelemetryConfig struct {`