coder · kylecarbs · Jan 31, 2023 · Nov 16, 2022 · Nov 16, 2022 · Nov 16, 2022
diff --git a/cli/deployment/config.go b/cli/deployment/config.go
@@ -254,6 +254,17 @@ func newConfig() *codersdk.DeploymentConfig {
 				Flag:    "oidc-username-field",
 				Default: "preferred_username",
 			},
+			SignInText: &codersdk.DeploymentConfigField[string]{
+				Name:    "OpenID Connect sign in text",
+				Usage:   "The text to show on the OpenID Connect sign in button",
+				Flag:    "oidc-sign-in-text",
+				Default: "OpenID Connect",
+			},
+			IconURL: &codersdk.DeploymentConfigField[string]{
+				Name:  "OpenID connect icon URL",
+				Usage: "URL pointing to the icon to use on the OepnID Connect login button",
+				Flag:  "oidc-icon-url",
+			},
 		},
 
 		Telemetry: &codersdk.TelemetryConfig{

diff --git a/cli/server.go b/cli/server.go
@@ -552,6 +552,8 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 					EmailDomain:   cfg.OIDC.EmailDomain.Value,
 					AllowSignups:  cfg.OIDC.AllowSignups.Value,
 					UsernameField: cfg.OIDC.UsernameField.Value,
+					SignInText:    cfg.OIDC.SignInText.Value,
+					IconURL:       cfg.OIDC.IconURL.Value,
 				}
 			}
 

diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -148,6 +148,9 @@ Flags:
       --oidc-email-domain strings                    Email domains that clients logging in
                                                      with OIDC must match.
                                                      Consumes $CODER_OIDC_EMAIL_DOMAIN
+      --oidc-icon-url string                         URL pointing to the icon to use on the
+                                                     OepnID Connect login button
+                                                     Consumes $CODER_OIDC_ICON_URL
       --oidc-ignore-email-verified                   Ignore the email_verified claim from the
                                                      upstream provider.
                                                      Consumes $CODER_OIDC_IGNORE_EMAIL_VERIFIED
@@ -157,6 +160,10 @@ Flags:
                                                      OIDC.
                                                      Consumes $CODER_OIDC_SCOPES (default
                                                      [openid,profile,email])
+      --oidc-sign-in-text string                     The text to show on the OpenID Connect
+                                                     sign in button
+                                                     Consumes $CODER_OIDC_SIGN_IN_TEXT
+                                                     (default "OpenID Connect")
       --oidc-username-field string                   OIDC claim field to use as the username.
                                                      Consumes $CODER_OIDC_USERNAME_FIELD
                                                      (default "preferred_username")

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -51,10 +51,24 @@ type GithubOAuth2Config struct {
 // @Success 200 {object} codersdk.AuthMethods
 // @Router /users/authmethods [get]
 func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
+	var signInText string
+	var iconURL string
+
+	if api.OIDCConfig != nil {
+		signInText = api.OIDCConfig.SignInText
+	}
+	if api.OIDCConfig != nil {
+		iconURL = api.OIDCConfig.IconURL
+	}
+
 	httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
-		Password: true,
-		Github:   api.GithubOAuth2Config != nil,
-		OIDC:     api.OIDCConfig != nil,
+		Password: codersdk.AuthMethod{Enabled: true},
+		Github:   codersdk.AuthMethod{Enabled: api.GithubOAuth2Config != nil},
+		OIDC: codersdk.OIDCAuthMethod{
+			AuthMethod: codersdk.AuthMethod{Enabled: api.OIDCConfig != nil},
+			SignInText: signInText,
+			IconURL:    iconURL,
+		},
 	})
 }
 
@@ -215,6 +229,10 @@ type OIDCConfig struct {
 	// UsernameField selects the claim field to be used as the created user's
 	// username.
 	UsernameField string
+	// SignInText is the text to display on the OIDC login button
+	SignInText string
+	// IconURL points to the URL of an icon to display on the OIDC login button
+	IconURL string
 }
 
 // @Summary OpenID Connect Callback

diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go
@@ -77,8 +77,8 @@ func TestUserAuthMethods(t *testing.T) {
 
 		methods, err := client.AuthMethods(ctx)
 		require.NoError(t, err)
-		require.True(t, methods.Password)
-		require.False(t, methods.Github)
+		require.True(t, methods.Password.Enabled)
+		require.False(t, methods.Github.Enabled)
 	})
 	t.Run("Github", func(t *testing.T) {
 		t.Parallel()
@@ -91,8 +91,8 @@ func TestUserAuthMethods(t *testing.T) {
 
 		methods, err := client.AuthMethods(ctx)
 		require.NoError(t, err)
-		require.True(t, methods.Password)
-		require.True(t, methods.Github)
+		require.True(t, methods.Password.Enabled)
+		require.True(t, methods.Github.Enabled)
 	})
 }
 

diff --git a/codersdk/deployment.go b/codersdk/deployment.go
@@ -200,6 +200,8 @@ type OIDCConfig struct {
 	Scopes              *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
 	IgnoreEmailVerified *DeploymentConfigField[bool]     `json:"ignore_email_verified" typescript:",notnull"`
 	UsernameField       *DeploymentConfigField[string]   `json:"username_field" typescript:",notnull"`
+	SignInText          *DeploymentConfigField[string]   `json:"sign_in_text" typescript:",notnull"`
+	IconURL             *DeploymentConfigField[string]   `json:"icon_url" typescript:",notnull"`
 }
 
 type TelemetryConfig struct {

diff --git a/codersdk/users.go b/codersdk/users.go
@@ -105,11 +105,21 @@ type CreateOrganizationRequest struct {
 	Name string `json:"name" validate:"required,username"`
 }
 
-// AuthMethods contains whether authentication types are enabled or not.
+// AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc.
 type AuthMethods struct {
-	Password bool `json:"password"`
-	Github   bool `json:"github"`
-	OIDC     bool `json:"oidc"`
+	Password AuthMethod     `json:"password"`
+	Github   AuthMethod     `json:"github"`
+	OIDC     OIDCAuthMethod `json:"oidc"`
+}
+
+type AuthMethod struct {
+	Enabled bool `json:"enabled"`
+}
+
+type OIDCAuthMethod struct {
+	AuthMethod
+	SignInText string `json:"signInText"`
+	IconURL    string `json:"iconUrl"`
 }
 
 // HasFirstUser returns whether the first user has been created.

diff --git a/docs/admin/auth.md b/docs/admin/auth.md
@@ -131,6 +131,13 @@ CODER_OIDC_IGNORE_EMAIL_VERIFIED=true
 
 When a new user is created, the `preferred_username` claim becomes the username. If this claim is empty, the email address will be stripped of the domain, and become the username (e.g. `example@coder.com` becomes `example`).
 
+If you'd like to change the OpenID Connect button text and/or icon, you can configure them like so:
+
+```console
+CODER_OIDC_SIGN_IN_TEXT="Sign in with Gitea"
+CODER_OIDC_ICON_URL=https://gitea.io/images/gitea.png
+```
+
 ## SCIM (enterprise)
 
 Coder supports user provisioning and deprovisioning via SCIM 2.0 with header

diff --git a/docs/api/general.md b/docs/api/general.md
@@ -562,6 +562,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
       "usage": "string",
       "value": ["string"]
     },
+    "icon_url": {
+      "default": "string",
+      "enterprise": true,
+      "flag": "string",
+      "hidden": true,
+      "name": "string",
+      "secret": true,
+      "shorthand": "string",
+      "usage": "string",
+      "value": "string"
+    },
     "ignore_email_verified": {
       "default": true,
       "enterprise": true,
@@ -595,6 +606,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
       "usage": "string",
       "value": ["string"]
     },
+    "sign_in_text": {
+      "default": "string",
+      "enterprise": true,
+      "flag": "string",
+      "hidden": true,
+      "name": "string",
+      "secret": true,
+      "shorthand": "string",
+      "usage": "string",
+      "value": "string"
+    },
     "username_field": {
       "default": "string",
       "enterprise": true,