When opening for the first time coder deployed using helm, I'm redirected to https://coder.../setup, to create an account. Without a message to inform me of the success, I looked inside the database, saw a new user with owner permission, and copy the change to my logged user with oidc.

Moreover, I had set CODER_DISABLE_PASSWORD_AUTH to true.

Now I deleted the local user from the web interface.

My issue is that /setup is still available, asking to create a user. It does not seem to work, so no party can steal ownership but should be disabled fully.

Finally, allowing to set a user from an oidc provider could be a nice feature to remove the need to create the first account manually.