Closed
Description
When opening for the first time coder deployed using helm, I'm redirected to https://coder.../setup, to create an account. Without a message to inform me of the success, I looked inside the database, saw a new user with owner permission, and copy the change to my logged user with oidc.
Moreover, I had set CODER_DISABLE_PASSWORD_AUTH to true.
Now I deleted the local user from the web interface.
My issue is that /setup is still available, asking to create a user. It does not seem to work, so no party can steal ownership but should be disabled fully.
Finally, allowing to set a user from an oidc provider could be a nice feature to remove the need to create the first account manually.
Metadata
Metadata
Assignees
Labels
No labels