From 3addcaf9b2b945507c6c1d9e8c58d2aeb431bfe4 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Tue, 15 Nov 2022 21:13:12 -0500
Subject: [PATCH 01/19] Allow hiding password entry, changing OpenID Connect
 text and OpenID Connect icon

---
 cli/deployment/config.go                      | 15 +++
 cli/server.go                                 |  4 +
 cli/testdata/coder_server_--help.golden       | 10 ++
 coderd/coderd.go                              |  1 +
 coderd/userauth.go                            | 25 ++++-
 codersdk/deploymentconfig.go                  |  3 +
 codersdk/users.go                             | 23 ++++-
 site/src/api/typesGenerated.ts                | 25 ++++-
 site/src/components/SignInForm/SignInForm.tsx | 97 ++++++++++---------
 9 files changed, 145 insertions(+), 58 deletions(-)

diff --git a/cli/deployment/config.go b/cli/deployment/config.go
index f6c8a1555b52d..0dc20b5b995f8 100644
--- a/cli/deployment/config.go
+++ b/cli/deployment/config.go
@@ -157,6 +157,11 @@ func newConfig() *codersdk.DeploymentConfig {
 			Flag:   "postgres-url",
 			Secret: true,
 		},
+		PasswordAuthHidden: &codersdk.DeploymentConfigField[bool]{
+			Name:  "Flag to hide password auth",
+			Usage: "When this flag is set to true, the user/password form in the UI will be hidden",
+			Flag:  "password-auth-hidden",
+		},
 		OAuth2: &codersdk.OAuth2Config{
 			Github: &codersdk.OAuth2GithubConfig{
 				ClientID: &codersdk.DeploymentConfigField[string]{
@@ -231,6 +236,16 @@ func newConfig() *codersdk.DeploymentConfig {
 				Flag:    "oidc-scopes",
 				Default: []string{oidc.ScopeOpenID, "profile", "email"},
 			},
+			SignInText: &codersdk.DeploymentConfigField[string]{
+				Name:  "OpenID Connect sign in text",
+				Usage: "The text to show on the OpenID Connect sign in button",
+				Flag:  "oidc-sign-in-text",
+			},
+			IconURL: &codersdk.DeploymentConfigField[string]{
+				Name:  "OpenID connect icon URL",
+				Usage: "URL pointing to the icon to use on the OepnID Connect login button",
+				Flag:  "oidc-icon-url",
+			},
 		},
 
 		Telemetry: &codersdk.TelemetryConfig{
diff --git a/cli/server.go b/cli/server.go
index 4dfd4c5a40da1..a612fe35af027 100644
--- a/cli/server.go
+++ b/cli/server.go
@@ -370,6 +370,8 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				options.TLSCertificates = tlsConfig.Certificates
 			}
 
+			options.PasswordAuthHidden = cfg.PasswordAuthHidden.Value
+
 			if cfg.OAuth2.Github.ClientSecret.Value != "" {
 				options.GithubOAuth2Config, err = configureGithubOAuth2(accessURLParsed,
 					cfg.OAuth2.Github.ClientID.Value,
@@ -419,6 +421,8 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 					}),
 					EmailDomain:  cfg.OIDC.EmailDomain.Value,
 					AllowSignups: cfg.OIDC.AllowSignups.Value,
+					SignInText:   cfg.OIDC.SignInText.Value,
+					IconURL:      cfg.OIDC.IconURL.Value,
 				}
 			}
 
diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
index f609657cc5bdc..33d6d1d19bec2 100644
--- a/cli/testdata/coder_server_--help.golden
+++ b/cli/testdata/coder_server_--help.golden
@@ -98,12 +98,22 @@ Flags:
       --oidc-email-domain string                     Email domain that clients logging in with
                                                      OIDC must match.
                                                      Consumes $CODER_OIDC_EMAIL_DOMAIN
+      --oidc-icon-url string                         URL pointing to the icon to use on the
+                                                     OepnID Connect login button
+                                                     Consumes $CODER_OIDC_ICON_URL
       --oidc-issuer-url string                       Issuer URL to use for Login with OIDC.
                                                      Consumes $CODER_OIDC_ISSUER_URL
       --oidc-scopes strings                          Scopes to grant when authenticating with
                                                      OIDC.
                                                      Consumes $CODER_OIDC_SCOPES (default
                                                      [openid,profile,email])
+      --oidc-sign-in-text string                     The text to show on the OpenID Connect
+                                                     sign in button
+                                                     Consumes $CODER_OIDC_SIGN_IN_TEXT
+      --password-auth-hidden                         When this flag is set to true, the
+                                                     user/password form in the UI will be
+                                                     hidden
+                                                     Consumes $CODER_PASSWORD_AUTH_HIDDEN
       --postgres-url string                          URL of a PostgreSQL database. If empty,
                                                      PostgreSQL binaries will be downloaded
                                                      from Maven
diff --git a/coderd/coderd.go b/coderd/coderd.go
index d695bb508db47..573c5698b7c74 100644
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@@ -76,6 +76,7 @@ type Options struct {
 	Authorizer           rbac.Authorizer
 	AzureCertificates    x509.VerifyOptions
 	GoogleTokenValidator *idtoken.Validator
+	PasswordAuthHidden   bool
 	GithubOAuth2Config   *GithubOAuth2Config
 	OIDCConfig           *OIDCConfig
 	PrometheusRegistry   *prometheus.Registry
diff --git a/coderd/userauth.go b/coderd/userauth.go
index deffdca9c3b42..d1575d7d005ec 100644
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@@ -44,10 +44,27 @@ type GithubOAuth2Config struct {
 }
 
 func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
+	var signInText string
+	var iconURL string
+
+	if api.OIDCConfig != nil {
+		signInText = api.OIDCConfig.SignInText
+	}
+	if api.OIDCConfig != nil {
+		iconURL = api.OIDCConfig.IconURL
+	}
+
 	httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
-		Password: true,
-		Github:   api.GithubOAuth2Config != nil,
-		OIDC:     api.OIDCConfig != nil,
+		Password: codersdk.PasswordMethod{
+			AuthMethod: codersdk.AuthMethod{Enabled: true},
+			Hidden:     api.PasswordAuthHidden,
+		},
+		Github: codersdk.AuthMethod{Enabled: api.GithubOAuth2Config != nil},
+		OIDC: codersdk.OIDCMethod{
+			AuthMethod: codersdk.AuthMethod{Enabled: api.OIDCConfig != nil},
+			SignInText: signInText,
+			IconURL:    iconURL,
+		},
 	})
 }
 
@@ -195,6 +212,8 @@ type OIDCConfig struct {
 	// EmailDomain is the domain to enforce when a user authenticates.
 	EmailDomain  string
 	AllowSignups bool
+	SignInText   string
+	IconURL      string
 }
 
 func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
diff --git a/codersdk/deploymentconfig.go b/codersdk/deploymentconfig.go
index 494aff391cbf7..f48e528609cc0 100644
--- a/codersdk/deploymentconfig.go
+++ b/codersdk/deploymentconfig.go
@@ -24,6 +24,7 @@ type DeploymentConfig struct {
 	CacheDirectory              *DeploymentConfigField[string]          `json:"cache_directory" typescript:",notnull"`
 	InMemoryDatabase            *DeploymentConfigField[bool]            `json:"in_memory_database" typescript:",notnull"`
 	PostgresURL                 *DeploymentConfigField[string]          `json:"pg_connection_url" typescript:",notnull"`
+	PasswordAuthHidden          *DeploymentConfigField[bool]            `json:"password_auth_hidden" typescript:",notnull"`
 	OAuth2                      *OAuth2Config                           `json:"oauth2" typescript:",notnull"`
 	OIDC                        *OIDCConfig                             `json:"oidc" typescript:",notnull"`
 	Telemetry                   *TelemetryConfig                        `json:"telemetry" typescript:",notnull"`
@@ -92,6 +93,8 @@ type OIDCConfig struct {
 	EmailDomain  *DeploymentConfigField[string]   `json:"email_domain" typescript:",notnull"`
 	IssuerURL    *DeploymentConfigField[string]   `json:"issuer_url" typescript:",notnull"`
 	Scopes       *DeploymentConfigField[[]string] `json:"scopes" typescript:",notnull"`
+	SignInText   *DeploymentConfigField[string]   `json:"sign_in_text" typescript:",notnull"`
+	IconURL      *DeploymentConfigField[string]   `json:"icon_url" typescript:",notnull"`
 }
 
 type TelemetryConfig struct {
diff --git a/codersdk/users.go b/codersdk/users.go
index d1ea338410826..c99bf9c958570 100644
--- a/codersdk/users.go
+++ b/codersdk/users.go
@@ -105,11 +105,26 @@ type CreateOrganizationRequest struct {
 	Name string `json:"name" validate:"required,username"`
 }
 
-// AuthMethods contains whether authentication types are enabled or not.
+// AuthMethods contains authentication method information like whether they are enabled or not or hidden or not, etc.
 type AuthMethods struct {
-	Password bool `json:"password"`
-	Github   bool `json:"github"`
-	OIDC     bool `json:"oidc"`
+	Password PasswordMethod `json:"password"`
+	Github   AuthMethod     `json:"github"`
+	OIDC     OIDCMethod     `json:"oidc"`
+}
+
+type AuthMethod struct {
+	Enabled bool `json:"enabled"`
+}
+
+type PasswordMethod struct {
+	AuthMethod
+	Hidden bool `json:"hidden"`
+}
+
+type OIDCMethod struct {
+	AuthMethod
+	SignInText string `json:"signInText"`
+	IconURL    string `json:"iconUrl"`
 }
 
 // HasFirstUser returns whether the first user has been created.
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
index 42213934c88d8..fd2895b84db4f 100644
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@@ -90,11 +90,16 @@ export interface AuditLogsRequest extends Pagination {
   readonly q?: string
 }
 
+// From codersdk/users.go
+export interface AuthMethod {
+  readonly enabled: boolean
+}
+
 // From codersdk/users.go
 export interface AuthMethods {
-  readonly password: boolean
-  readonly github: boolean
-  readonly oidc: boolean
+  readonly password: PasswordMethod
+  readonly github: AuthMethod
+  readonly oidc: OIDCMethod
 }
 
 // From codersdk/authorization.go
@@ -289,6 +294,7 @@ export interface DeploymentConfig {
   readonly cache_directory: DeploymentConfigField<string>
   readonly in_memory_database: DeploymentConfigField<boolean>
   readonly pg_connection_url: DeploymentConfigField<string>
+  readonly password_auth_hidden: DeploymentConfigField<boolean>
   readonly oauth2: OAuth2Config
   readonly oidc: OIDCConfig
   readonly telemetry: TelemetryConfig
@@ -446,6 +452,14 @@ export interface OIDCConfig {
   readonly email_domain: DeploymentConfigField<string>
   readonly issuer_url: DeploymentConfigField<string>
   readonly scopes: DeploymentConfigField<string[]>
+  readonly sign_in_text: DeploymentConfigField<string>
+  readonly icon_url: DeploymentConfigField<string>
+}
+
+// From codersdk/users.go
+export interface OIDCMethod extends AuthMethod {
+  readonly signInText: string
+  readonly iconUrl: string
 }
 
 // From codersdk/organizations.go
@@ -505,6 +519,11 @@ export interface ParameterSchema {
   readonly validation_contains?: string[]
 }
 
+// From codersdk/users.go
+export interface PasswordMethod extends AuthMethod {
+  readonly hidden: boolean
+}
+
 // From codersdk/groups.go
 export interface PatchGroupRequest {
   readonly add_users: string[]
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index f55358375bef6..407e02b176955 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -130,8 +130,8 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
 
   return (
     <>
-      <Welcome />
-      <form onSubmit={form.handleSubmit}>
+      <Welcome/>
+      {!authMethods?.password.hidden && (<form onSubmit={form.handleSubmit}>
         <Stack>
           {Object.keys(loginErrors).map(
             (errorKey: string) =>
@@ -174,55 +174,56 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
             </LoadingButton>
           </div>
         </Stack>
-      </form>
-      {(authMethods?.github || authMethods?.oidc) && (
-        <>
-          <div className={styles.divider}>
-            <div className={styles.dividerLine} />
-            <div className={styles.dividerLabel}>Or</div>
-            <div className={styles.dividerLine} />
-          </div>
-
-          <Box display="grid" gridGap="16px">
-            {authMethods.github && (
-              <Link
-                underline="none"
-                href={`/api/v2/users/oauth2/github/callback?redirect=${encodeURIComponent(
-                  redirectTo,
-                )}`}
+      </form>)}
+      {(!authMethods?.password.hidden && (authMethods?.github.enabled || authMethods?.oidc.enabled)) && (
+        <div className={styles.divider}>
+          <div className={styles.dividerLine}/>
+          <div className={styles.dividerLabel}>Or</div>
+          <div className={styles.dividerLine}/>
+        </div>
+      )}
+      {(authMethods?.github.enabled || authMethods?.oidc.enabled) && (
+        <Box display="grid" gridGap="16px">
+          {authMethods.github.enabled && (
+            <Link
+              underline="none"
+              href={`/api/v2/users/oauth2/github/callback?redirect=${encodeURIComponent(
+                redirectTo,
+              )}`}
+            >
+              <Button
+                startIcon={<GitHubIcon className={styles.buttonIcon} />}
+                disabled={isLoading}
+                fullWidth
+                type="submit"
+                variant="contained"
               >
-                <Button
-                  startIcon={<GitHubIcon className={styles.buttonIcon} />}
-                  disabled={isLoading}
-                  fullWidth
-                  type="submit"
-                  variant="contained"
-                >
-                  {Language.githubSignIn}
-                </Button>
-              </Link>
-            )}
+                {Language.githubSignIn}
+              </Button>
+            </Link>
+          )}
 
-            {authMethods.oidc && (
-              <Link
-                underline="none"
-                href={`/api/v2/users/oidc/callback?redirect=${encodeURIComponent(
-                  redirectTo,
-                )}`}
+          {authMethods.oidc.enabled && (
+            <Link
+              underline="none"
+              href={`/api/v2/users/oidc/callback?redirect=${encodeURIComponent(
+                redirectTo,
+              )}`}
+            >
+              <Button
+                startIcon={authMethods.oidc.iconUrl
+                  ? <img alt="Open ID Connect icon" src={authMethods.oidc.iconUrl} width="24" height="24"/>
+                  : <KeyIcon className={styles.buttonIcon} />}
+                disabled={isLoading}
+                fullWidth
+                type="submit"
+                variant="contained"
               >
-                <Button
-                  startIcon={<KeyIcon className={styles.buttonIcon} />}
-                  disabled={isLoading}
-                  fullWidth
-                  type="submit"
-                  variant="contained"
-                >
-                  {Language.oidcSignIn}
-                </Button>
-              </Link>
-            )}
-          </Box>
-        </>
+                {authMethods.oidc.signInText || Language.oidcSignIn}
+              </Button>
+            </Link>
+          )}
+        </Box>
       )}
     </>
   )

From 40bc156b3961ebab5de4f8c0d319420d6ebcc059 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Tue, 15 Nov 2022 21:32:01 -0500
Subject: [PATCH 02/19] Docs

---
 docs/admin/auth.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/admin/auth.md b/docs/admin/auth.md
index 877ef1d8af929..add02494990bb 100644
--- a/docs/admin/auth.md
+++ b/docs/admin/auth.md
@@ -4,6 +4,10 @@ By default, Coder is accessible via password authentication.
 
 The following steps explain how to set up GitHub OAuth or OpenID Connect.
 
+If after configuring another authentication method you'd like to hide password authentication, you can configure that like so:
+```console
+CODER_PASSWORD_AUTH_HIDDEN=true
+```
 ## GitHub
 
 ### Step 1: Configure the OAuth application in GitHub
@@ -81,6 +85,12 @@ CODER_TLS_CLIENT_CERT_FILE=/path/to/cert.pem
 CODER_TLS_CLIENT_KEY_FILE=/path/to/key.pem
 ```
 
+If you'd like to change the OpenID Connect button text and/or icon, you can configure them like so:
+```console
+CODER_OIDC_SIGN_IN_TEXT="Sign in with Gitea"
+CODER_OIDC_ICON_URL=https://gitea.io/images/gitea.png
+```
+
 ## SCIM (enterprise)
 
 Coder supports user provisioning and deprovisioning via SCIM 2.0 with header

From 0f4a40e91f8c58e5a3c97bc5f4d27a7cff15255c Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Tue, 15 Nov 2022 21:46:30 -0500
Subject: [PATCH 03/19] Cleaning

---
 site/src/components/SignInForm/SignInForm.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index 407e02b176955..cd2127bf4af37 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -130,7 +130,7 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
 
   return (
     <>
-      <Welcome/>
+      <Welcome />
       {!authMethods?.password.hidden && (<form onSubmit={form.handleSubmit}>
         <Stack>
           {Object.keys(loginErrors).map(

From 90d900c6813d3ed43c704d577ba60d4bcc89d0f8 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Tue, 15 Nov 2022 22:05:00 -0500
Subject: [PATCH 04/19] Fix Prettier and Go test and TS compile error

---
 coderd/userauth_test.go                       |   8 +-
 site/src/components/SignInForm/SignInForm.tsx | 116 ++++++++++--------
 site/src/testHelpers/entities.ts              |   6 +-
 3 files changed, 71 insertions(+), 59 deletions(-)

diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go
index 04abffedaa850..289f1a63268f1 100644
--- a/coderd/userauth_test.go
+++ b/coderd/userauth_test.go
@@ -77,8 +77,8 @@ func TestUserAuthMethods(t *testing.T) {
 
 		methods, err := client.AuthMethods(ctx)
 		require.NoError(t, err)
-		require.True(t, methods.Password)
-		require.False(t, methods.Github)
+		require.True(t, methods.Password.Enabled)
+		require.False(t, methods.Github.Enabled)
 	})
 	t.Run("Github", func(t *testing.T) {
 		t.Parallel()
@@ -91,8 +91,8 @@ func TestUserAuthMethods(t *testing.T) {
 
 		methods, err := client.AuthMethods(ctx)
 		require.NoError(t, err)
-		require.True(t, methods.Password)
-		require.True(t, methods.Github)
+		require.True(t, methods.Password.Enabled)
+		require.True(t, methods.Github.Enabled)
 	})
 }
 
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index cd2127bf4af37..152704c1ca0cd 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -131,57 +131,60 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
   return (
     <>
       <Welcome />
-      {!authMethods?.password.hidden && (<form onSubmit={form.handleSubmit}>
-        <Stack>
-          {Object.keys(loginErrors).map(
-            (errorKey: string) =>
-              Boolean(loginErrors[errorKey as LoginErrors]) && (
-                <AlertBanner
-                  key={errorKey}
-                  severity="error"
-                  error={loginErrors[errorKey as LoginErrors]}
-                  text={Language.errorMessages[errorKey as LoginErrors]}
-                />
-              ),
-          )}
-          <TextField
-            {...getFieldHelpers("email")}
-            onChange={onChangeTrimmed(form)}
-            autoFocus
-            autoComplete="email"
-            fullWidth
-            label={Language.emailLabel}
-            type="email"
-            variant="outlined"
-          />
-          <TextField
-            {...getFieldHelpers("password")}
-            autoComplete="current-password"
-            fullWidth
-            id="password"
-            label={Language.passwordLabel}
-            type="password"
-            variant="outlined"
-          />
-          <div>
-            <LoadingButton
-              loading={isLoading}
+      {!authMethods?.password.hidden && (
+        <form onSubmit={form.handleSubmit}>
+          <Stack>
+            {Object.keys(loginErrors).map(
+              (errorKey: string) =>
+                Boolean(loginErrors[errorKey as LoginErrors]) && (
+                  <AlertBanner
+                    key={errorKey}
+                    severity="error"
+                    error={loginErrors[errorKey as LoginErrors]}
+                    text={Language.errorMessages[errorKey as LoginErrors]}
+                  />
+                ),
+            )}
+            <TextField
+              {...getFieldHelpers("email")}
+              onChange={onChangeTrimmed(form)}
+              autoFocus
+              autoComplete="email"
               fullWidth
-              type="submit"
-              variant="contained"
-            >
-              {isLoading ? "" : Language.passwordSignIn}
-            </LoadingButton>
-          </div>
-        </Stack>
-      </form>)}
-      {(!authMethods?.password.hidden && (authMethods?.github.enabled || authMethods?.oidc.enabled)) && (
-        <div className={styles.divider}>
-          <div className={styles.dividerLine}/>
-          <div className={styles.dividerLabel}>Or</div>
-          <div className={styles.dividerLine}/>
-        </div>
+              label={Language.emailLabel}
+              type="email"
+              variant="outlined"
+            />
+            <TextField
+              {...getFieldHelpers("password")}
+              autoComplete="current-password"
+              fullWidth
+              id="password"
+              label={Language.passwordLabel}
+              type="password"
+              variant="outlined"
+            />
+            <div>
+              <LoadingButton
+                loading={isLoading}
+                fullWidth
+                type="submit"
+                variant="contained"
+              >
+                {isLoading ? "" : Language.passwordSignIn}
+              </LoadingButton>
+            </div>
+          </Stack>
+        </form>
       )}
+      {!authMethods?.password.hidden &&
+        (authMethods?.github.enabled || authMethods?.oidc.enabled) && (
+          <div className={styles.divider}>
+            <div className={styles.dividerLine} />
+            <div className={styles.dividerLabel}>Or</div>
+            <div className={styles.dividerLine} />
+          </div>
+        )}
       {(authMethods?.github.enabled || authMethods?.oidc.enabled) && (
         <Box display="grid" gridGap="16px">
           {authMethods.github.enabled && (
@@ -211,9 +214,18 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
               )}`}
             >
               <Button
-                startIcon={authMethods.oidc.iconUrl
-                  ? <img alt="Open ID Connect icon" src={authMethods.oidc.iconUrl} width="24" height="24"/>
-                  : <KeyIcon className={styles.buttonIcon} />}
+                startIcon={
+                  authMethods.oidc.iconUrl ? (
+                    <img
+                      alt="Open ID Connect icon"
+                      src={authMethods.oidc.iconUrl}
+                      width="24"
+                      height="24"
+                    />
+                  ) : (
+                    <KeyIcon className={styles.buttonIcon} />
+                  )
+                }
                 disabled={isLoading}
                 fullWidth
                 type="submit"
diff --git a/site/src/testHelpers/entities.ts b/site/src/testHelpers/entities.ts
index 8842c49ac9c20..d1478167d77e4 100644
--- a/site/src/testHelpers/entities.ts
+++ b/site/src/testHelpers/entities.ts
@@ -551,9 +551,9 @@ export const MockUserAgent: Types.UserAgent = {
 }
 
 export const MockAuthMethods: TypesGen.AuthMethods = {
-  password: true,
-  github: false,
-  oidc: false,
+  password: { enabled: true, hidden: false },
+  github: { enabled: false },
+  oidc: { enabled: false, signInText: "", iconUrl: "" },
 }
 
 export const MockGitSSHKey: TypesGen.GitSSHKey = {

From 97b5019422a1ab86439cf80b95dc9a3e44107f2c Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Tue, 15 Nov 2022 22:18:46 -0500
Subject: [PATCH 05/19] Fix LoginPage test

---
 site/src/pages/LoginPage/LoginPage.test.tsx | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx
index 19372d002dbd5..126eaf8ef67e0 100644
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@@ -10,6 +10,7 @@ import {
 } from "../../testHelpers/renderHelpers"
 import { server } from "../../testHelpers/server"
 import { LoginPage } from "./LoginPage"
+import * as TypesGen from "../../api/typesGenerated";
 
 describe("LoginPage", () => {
   beforeEach(() => {
@@ -80,15 +81,18 @@ describe("LoginPage", () => {
   })
 
   it("shows github authentication when enabled", async () => {
+    const authMethods: TypesGen.AuthMethods = {
+      password: { enabled: true, hidden: false },
+      github: { enabled: true },
+      oidc: { enabled: true, signInText: "", iconUrl: "" }
+    };
+
     // Given
     server.use(
       rest.get("/api/v2/users/authmethods", async (req, res, ctx) => {
         return res(
           ctx.status(200),
-          ctx.json({
-            password: true,
-            github: true,
-          }),
+          ctx.json(authMethods),
         )
       }),
     )

From 8019ec7a2d853189e6bc8cb3c73fd47a642393fa Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Tue, 15 Nov 2022 22:25:54 -0500
Subject: [PATCH 06/19] Prettier

---
 site/src/pages/LoginPage/LoginPage.test.tsx | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx
index 126eaf8ef67e0..d0d4fe2a3388e 100644
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@@ -10,7 +10,7 @@ import {
 } from "../../testHelpers/renderHelpers"
 import { server } from "../../testHelpers/server"
 import { LoginPage } from "./LoginPage"
-import * as TypesGen from "../../api/typesGenerated";
+import * as TypesGen from "../../api/typesGenerated"
 
 describe("LoginPage", () => {
   beforeEach(() => {
@@ -84,16 +84,13 @@ describe("LoginPage", () => {
     const authMethods: TypesGen.AuthMethods = {
       password: { enabled: true, hidden: false },
       github: { enabled: true },
-      oidc: { enabled: true, signInText: "", iconUrl: "" }
-    };
+      oidc: { enabled: true, signInText: "", iconUrl: "" },
+    }
 
     // Given
     server.use(
       rest.get("/api/v2/users/authmethods", async (req, res, ctx) => {
-        return res(
-          ctx.status(200),
-          ctx.json(authMethods),
-        )
+        return res(ctx.status(200), ctx.json(authMethods))
       }),
     )
 

From 97d9d468a6535e3fd82833da77a36c40ddd9da28 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Tue, 15 Nov 2022 22:41:17 -0500
Subject: [PATCH 07/19] Fix storybook

---
 .../SignInForm/SignInForm.stories.tsx         | 23 ++++++++++---------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/site/src/components/SignInForm/SignInForm.stories.tsx b/site/src/components/SignInForm/SignInForm.stories.tsx
index 7de136157d3b6..c4a120c84da4a 100644
--- a/site/src/components/SignInForm/SignInForm.stories.tsx
+++ b/site/src/components/SignInForm/SignInForm.stories.tsx
@@ -29,8 +29,9 @@ Loading.args = {
   ...SignedOut.args,
   isLoading: true,
   authMethods: {
-    github: true,
-    password: true,
+    password: { enabled: true, hidden: false },
+    github: { enabled: true },
+    oidc: { enabled: false, signInText: "", iconUrl: "" },
   },
 }
 
@@ -99,9 +100,9 @@ export const WithGithub = Template.bind({})
 WithGithub.args = {
   ...SignedOut.args,
   authMethods: {
-    password: true,
-    github: true,
-    oidc: false,
+    password: { enabled: true, hidden: false },
+    github: { enabled: true },
+    oidc: { enabled: false, signInText: "", iconUrl: "" },
   },
 }
 
@@ -109,9 +110,9 @@ export const WithOIDC = Template.bind({})
 WithOIDC.args = {
   ...SignedOut.args,
   authMethods: {
-    password: true,
-    github: false,
-    oidc: true,
+    password: { enabled: true, hidden: false },
+    github: { enabled: false },
+    oidc: { enabled: true, signInText: "", iconUrl: "" },
   },
 }
 
@@ -119,8 +120,8 @@ export const WithGithubAndOIDC = Template.bind({})
 WithGithubAndOIDC.args = {
   ...SignedOut.args,
   authMethods: {
-    password: true,
-    github: true,
-    oidc: true,
+    password: { enabled: true, hidden: false },
+    github: { enabled: true },
+    oidc: { enabled: true, signInText: "", iconUrl: "" },
   },
 }

From 0858ad017222335d5243d5064ae767b49b1c0415 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Thu, 24 Nov 2022 17:00:27 +0000
Subject: [PATCH 08/19] Add query param to un-hide password auth

---
 docs/admin/auth.md                            | 10 ++++++++++
 site/src/components/SignInForm/SignInForm.tsx | 11 +++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/docs/admin/auth.md b/docs/admin/auth.md
index add02494990bb..a9d38f0942a0d 100644
--- a/docs/admin/auth.md
+++ b/docs/admin/auth.md
@@ -5,9 +5,17 @@ By default, Coder is accessible via password authentication.
 The following steps explain how to set up GitHub OAuth or OpenID Connect.
 
 If after configuring another authentication method you'd like to hide password authentication, you can configure that like so:
+
 ```console
 CODER_PASSWORD_AUTH_HIDDEN=true
 ```
+
+If your external authentication method(s) were to go down, you can un-hide password authentication with the following URL query parameter:
+
+```console
+https://coder.domain.com/login?auth=password
+```
+
 ## GitHub
 
 ### Step 1: Configure the OAuth application in GitHub
@@ -80,12 +88,14 @@ Once complete, run `sudo service coder restart` to reboot Coder.
 > When a new user is created, the `preferred_username` claim becomes the username. If this claim is empty, the email address will be stripped of the domain, and become the username (e.g. `example@coder.com` becomes `example`).
 
 If your OpenID Connect provider requires client TLS certificates for authentication, you can configure them like so:
+
 ```console
 CODER_TLS_CLIENT_CERT_FILE=/path/to/cert.pem
 CODER_TLS_CLIENT_KEY_FILE=/path/to/key.pem
 ```
 
 If you'd like to change the OpenID Connect button text and/or icon, you can configure them like so:
+
 ```console
 CODER_OIDC_SIGN_IN_TEXT="Sign in with Gitea"
 CODER_OIDC_ICON_URL=https://gitea.io/images/gitea.png
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index 152704c1ca0cd..2d442eb633c79 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -14,6 +14,8 @@ import { getFormHelpers, onChangeTrimmed } from "../../util/formUtils"
 import { Welcome } from "../Welcome/Welcome"
 import { LoadingButton } from "./../LoadingButton/LoadingButton"
 import { AlertBanner } from "components/AlertBanner/AlertBanner"
+import { ContactlessOutlined } from "@material-ui/icons"
+import { useSearchParams } from "react-router-dom"
 
 /**
  * BuiltInAuthFormValues describes a form using built-in (email/password)
@@ -107,6 +109,7 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
   initialTouched,
 }) => {
   const styles = useStyles()
+  const [searchParams] = useSearchParams()
 
   const form: FormikContextType<BuiltInAuthFormValues> =
     useFormik<BuiltInAuthFormValues>({
@@ -128,10 +131,14 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
     loginErrors.authError,
   )
 
+  const passwordHidden = authMethods?.password.hidden
+  const urlParamOverride = searchParams.get("auth") === "password"
+  const showPasswordLogin = !passwordHidden || urlParamOverride
+
   return (
     <>
       <Welcome />
-      {!authMethods?.password.hidden && (
+      {showPasswordLogin && (
         <form onSubmit={form.handleSubmit}>
           <Stack>
             {Object.keys(loginErrors).map(
@@ -177,7 +184,7 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
           </Stack>
         </form>
       )}
-      {!authMethods?.password.hidden &&
+      {showPasswordLogin &&
         (authMethods?.github.enabled || authMethods?.oidc.enabled) && (
           <div className={styles.divider}>
             <div className={styles.dividerLine} />

From 6afca649973ba212a2a9d4837e5feba31591e897 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Mon, 5 Dec 2022 23:20:53 -0500
Subject: [PATCH 09/19] Cleaning

---
 site/src/api/typesGenerated.ts                | 2 +-
 site/src/components/SignInForm/SignInForm.tsx | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
index f0b70bbc998a3..04154af93a2bd 100644
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@@ -289,7 +289,6 @@ export interface DeploymentConfig {
   readonly cache_directory: DeploymentConfigField<string>
   readonly in_memory_database: DeploymentConfigField<boolean>
   readonly pg_connection_url: DeploymentConfigField<string>
-  readonly password_auth_hidden: DeploymentConfigField<boolean>
   readonly oauth2: OAuth2Config
   readonly oidc: OIDCConfig
   readonly telemetry: TelemetryConfig
@@ -308,6 +307,7 @@ export interface DeploymentConfig {
   readonly api_rate_limit: DeploymentConfigField<number>
   readonly experimental: DeploymentConfigField<boolean>
   readonly update_check: DeploymentConfigField<boolean>
+  readonly password_auth_hidden: DeploymentConfigField<boolean>
 }
 
 // From codersdk/deploymentconfig.go
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index 8f42fd09f9690..07c164239416a 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -14,7 +14,6 @@ import { getFormHelpers, onChangeTrimmed } from "../../util/formUtils"
 import { LoadingButton } from "./../LoadingButton/LoadingButton"
 import { AlertBanner } from "components/AlertBanner/AlertBanner"
 import { useTranslation } from "react-i18next"
-import { ContactlessOutlined } from "@material-ui/icons"
 import { useSearchParams } from "react-router-dom"
 
 /**

From fc12496dd638d1921acb709a13ddb0a7f006f29f Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Mon, 16 Jan 2023 19:17:37 -0500
Subject: [PATCH 10/19] Hide password by default when OIDC enabled

---
 cli/deployment/config.go                      |  5 ---
 cli/server.go                                 |  6 ++--
 coderd/coderd.go                              |  1 -
 coderd/userauth.go                            | 11 +++----
 codersdk/users.go                             | 13 +++-----
 docs/admin/auth.md                            | 12 -------
 site/src/api/typesGenerated.ts                |  7 +----
 .../SignInForm/SignInForm.stories.tsx         |  8 ++---
 site/src/components/SignInForm/SignInForm.tsx | 31 ++++++++++++-------
 9 files changed, 35 insertions(+), 59 deletions(-)

diff --git a/cli/deployment/config.go b/cli/deployment/config.go
index 32ce67393532c..d68c64dd190b6 100644
--- a/cli/deployment/config.go
+++ b/cli/deployment/config.go
@@ -168,11 +168,6 @@ func newConfig() *codersdk.DeploymentConfig {
 			Flag:   "postgres-url",
 			Secret: true,
 		},
-		PasswordAuthHidden: &codersdk.DeploymentConfigField[bool]{
-			Name:  "Flag to hide password auth",
-			Usage: "When this flag is set to true, the user/password form in the UI will be hidden",
-			Flag:  "password-auth-hidden",
-		},
 		OAuth2: &codersdk.OAuth2Config{
 			Github: &codersdk.OAuth2GithubConfig{
 				ClientID: &codersdk.DeploymentConfigField[string]{
diff --git a/cli/server.go b/cli/server.go
index ab4c6e2059965..fe915068fc0a9 100644
--- a/cli/server.go
+++ b/cli/server.go
@@ -481,8 +481,6 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				options.TLSCertificates = tlsConfig.Certificates
 			}
 
-			options.PasswordAuthHidden = cfg.PasswordAuthHidden.Value
-
 			if cfg.UpdateCheck.Value {
 				options.UpdateCheckOptions = &updatecheck.Options{
 					// Avoid spamming GitHub API checking for updates.
@@ -552,8 +550,8 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 					EmailDomain:   cfg.OIDC.EmailDomain.Value,
 					AllowSignups:  cfg.OIDC.AllowSignups.Value,
 					UsernameField: cfg.OIDC.UsernameField.Value,
-					SignInText:   cfg.OIDC.SignInText.Value,
-					IconURL:      cfg.OIDC.IconURL.Value,
+					SignInText:    cfg.OIDC.SignInText.Value,
+					IconURL:       cfg.OIDC.IconURL.Value,
 				}
 			}
 
diff --git a/coderd/coderd.go b/coderd/coderd.go
index 80e1ca107077e..30e306d1fdf95 100644
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@@ -97,7 +97,6 @@ type Options struct {
 	Authorizer                     rbac.Authorizer
 	AzureCertificates              x509.VerifyOptions
 	GoogleTokenValidator           *idtoken.Validator
-	PasswordAuthHidden   bool
 	GithubOAuth2Config             *GithubOAuth2Config
 	OIDCConfig                     *OIDCConfig
 	PrometheusRegistry             *prometheus.Registry
diff --git a/coderd/userauth.go b/coderd/userauth.go
index 46dda986dfa78..ea49db546307a 100644
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@@ -62,11 +62,8 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
-		Password: codersdk.PasswordMethod{
-			AuthMethod: codersdk.AuthMethod{Enabled: true},
-			Hidden:     api.PasswordAuthHidden,
-		},
-		Github: codersdk.AuthMethod{Enabled: api.GithubOAuth2Config != nil},
+		Password: codersdk.AuthMethod{Enabled: true},
+		Github:   codersdk.AuthMethod{Enabled: api.GithubOAuth2Config != nil},
 		OIDC: codersdk.OIDCMethod{
 			AuthMethod: codersdk.AuthMethod{Enabled: api.OIDCConfig != nil},
 			SignInText: signInText,
@@ -233,9 +230,9 @@ type OIDCConfig struct {
 	// username.
 	UsernameField string
 	// SignInText is the text to display on the OIDC login button
-	SignInText   string
+	SignInText string
 	// IconURL points to the URL of an icon to display on the OIDC login button
-	IconURL      string
+	IconURL string
 }
 
 // @Summary OpenID Connect Callback
diff --git a/codersdk/users.go b/codersdk/users.go
index 610f081a30bed..ca12654057857 100644
--- a/codersdk/users.go
+++ b/codersdk/users.go
@@ -105,22 +105,17 @@ type CreateOrganizationRequest struct {
 	Name string `json:"name" validate:"required,username"`
 }
 
-// AuthMethods contains authentication method information like whether they are enabled or not or hidden or not, etc.
+// AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc.
 type AuthMethods struct {
-	Password PasswordMethod `json:"password"`
-	Github   AuthMethod     `json:"github"`
-	OIDC     OIDCMethod     `json:"oidc"`
+	Password AuthMethod `json:"password"`
+	Github   AuthMethod `json:"github"`
+	OIDC     OIDCMethod `json:"oidc"`
 }
 
 type AuthMethod struct {
 	Enabled bool `json:"enabled"`
 }
 
-type PasswordMethod struct {
-	AuthMethod
-	Hidden bool `json:"hidden"`
-}
-
 type OIDCMethod struct {
 	AuthMethod
 	SignInText string `json:"signInText"`
diff --git a/docs/admin/auth.md b/docs/admin/auth.md
index 8576f99ff3d76..ee65bce14f4e9 100644
--- a/docs/admin/auth.md
+++ b/docs/admin/auth.md
@@ -4,18 +4,6 @@ By default, Coder is accessible via password authentication.
 
 The following steps explain how to set up GitHub OAuth or OpenID Connect.
 
-If after configuring another authentication method you'd like to hide password authentication, you can configure that like so:
-
-```console
-CODER_PASSWORD_AUTH_HIDDEN=true
-```
-
-If your external authentication method(s) were to go down, you can un-hide password authentication with the following URL query parameter:
-
-```console
-https://coder.domain.com/login?auth=password
-```
-
 ## GitHub
 
 ### Step 1: Configure the OAuth application in GitHub
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
index 9d10f225584e7..5269bd84c8837 100644
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@@ -96,7 +96,7 @@ export interface AuthMethod {
 
 // From codersdk/users.go
 export interface AuthMethods {
-  readonly password: PasswordMethod
+  readonly password: AuthMethod
   readonly github: AuthMethod
   readonly oidc: OIDCMethod
 }
@@ -538,11 +538,6 @@ export interface ParameterSchema {
   readonly validation_contains?: string[]
 }
 
-// From codersdk/users.go
-export interface PasswordMethod extends AuthMethod {
-  readonly hidden: boolean
-}
-
 // From codersdk/groups.go
 export interface PatchGroupRequest {
   readonly add_users: string[]
diff --git a/site/src/components/SignInForm/SignInForm.stories.tsx b/site/src/components/SignInForm/SignInForm.stories.tsx
index c4a120c84da4a..02bcd1c53e3da 100644
--- a/site/src/components/SignInForm/SignInForm.stories.tsx
+++ b/site/src/components/SignInForm/SignInForm.stories.tsx
@@ -29,7 +29,7 @@ Loading.args = {
   ...SignedOut.args,
   isLoading: true,
   authMethods: {
-    password: { enabled: true, hidden: false },
+    password: { enabled: true },
     github: { enabled: true },
     oidc: { enabled: false, signInText: "", iconUrl: "" },
   },
@@ -100,7 +100,7 @@ export const WithGithub = Template.bind({})
 WithGithub.args = {
   ...SignedOut.args,
   authMethods: {
-    password: { enabled: true, hidden: false },
+    password: { enabled: true },
     github: { enabled: true },
     oidc: { enabled: false, signInText: "", iconUrl: "" },
   },
@@ -110,7 +110,7 @@ export const WithOIDC = Template.bind({})
 WithOIDC.args = {
   ...SignedOut.args,
   authMethods: {
-    password: { enabled: true, hidden: false },
+    password: { enabled: true },
     github: { enabled: false },
     oidc: { enabled: true, signInText: "", iconUrl: "" },
   },
@@ -120,7 +120,7 @@ export const WithGithubAndOIDC = Template.bind({})
 WithGithubAndOIDC.args = {
   ...SignedOut.args,
   authMethods: {
-    password: { enabled: true, hidden: false },
+    password: { enabled: true },
     github: { enabled: true },
     oidc: { enabled: true, signInText: "", iconUrl: "" },
   },
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index 07c164239416a..8ebd1581173fe 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -2,19 +2,19 @@ import Box from "@material-ui/core/Box"
 import Button from "@material-ui/core/Button"
 import Link from "@material-ui/core/Link"
 import { makeStyles } from "@material-ui/core/styles"
+import Typography from "@material-ui/core/Typography"
 import TextField from "@material-ui/core/TextField"
 import GitHubIcon from "@material-ui/icons/GitHub"
 import KeyIcon from "@material-ui/icons/VpnKey"
 import { Stack } from "components/Stack/Stack"
 import { FormikContextType, FormikTouched, useFormik } from "formik"
-import { FC } from "react"
+import { FC, useState } from "react"
 import * as Yup from "yup"
 import { AuthMethods } from "../../api/typesGenerated"
 import { getFormHelpers, onChangeTrimmed } from "../../util/formUtils"
 import { LoadingButton } from "./../LoadingButton/LoadingButton"
 import { AlertBanner } from "components/AlertBanner/AlertBanner"
 import { useTranslation } from "react-i18next"
-import { useSearchParams } from "react-router-dom"
 
 /**
  * BuiltInAuthFormValues describes a form using built-in (email/password)
@@ -95,6 +95,12 @@ const useStyles = makeStyles((theme) => ({
     fontSize: 12,
     letterSpacing: 1,
   },
+  showPasswordLink: {
+    cursor: "pointer",
+    fontSize: 12,
+    color: theme.palette.text.secondary,
+    marginTop: 12,
+  }
 }))
 
 export interface SignInFormProps {
@@ -115,8 +121,10 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
   onSubmit,
   initialTouched,
 }) => {
+  const nonPasswordAuthEnabled = authMethods?.github.enabled || authMethods?.oidc.enabled
+
+  const [showPasswordAuth, setShowPasswordAuth] = useState(!nonPasswordAuthEnabled);
   const styles = useStyles()
-  const [searchParams] = useSearchParams()
   const form: FormikContextType<BuiltInAuthFormValues> =
     useFormik<BuiltInAuthFormValues>({
       initialValues: {
@@ -139,17 +147,13 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
   const commonTranslation = useTranslation("common")
   const loginPageTranslation = useTranslation("loginPage")
 
-  const passwordHidden = authMethods?.password.hidden
-  const urlParamOverride = searchParams.get("auth") === "password"
-  const showPasswordLogin = !passwordHidden || urlParamOverride
-
   return (
     <div className={styles.root}>
       <h1 className={styles.title}>
         {loginPageTranslation.t("signInTo")}{" "}
         <strong>{commonTranslation.t("coder")}</strong>
       </h1>
-      {showPasswordLogin && (
+      {showPasswordAuth && (
         <form onSubmit={form.handleSubmit}>
           <Stack>
             {Object.keys(loginErrors).map(
@@ -195,15 +199,15 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
           </Stack>
         </form>
       )}
-      {showPasswordLogin &&
-        (authMethods?.github.enabled || authMethods?.oidc.enabled) && (
+      {showPasswordAuth &&
+        (nonPasswordAuthEnabled) && (
           <div className={styles.divider}>
             <div className={styles.dividerLine} />
             <div className={styles.dividerLabel}>Or</div>
             <div className={styles.dividerLine} />
           </div>
         )}
-      {(authMethods?.github.enabled || authMethods?.oidc.enabled) && (
+      {(nonPasswordAuthEnabled) && (
         <Box display="grid" gridGap="16px">
           {authMethods.github.enabled && (
             <Link
@@ -255,6 +259,11 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
           )}
         </Box>
       )}
+      {!showPasswordAuth &&
+        <Typography className={styles.showPasswordLink} onClick={() => setShowPasswordAuth(true)}>
+          Show password login
+        </Typography>
+      }
     </div>
   )
 }

From 9480f8e08c76c46190d7c4154543e42c13e04632 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Mon, 16 Jan 2023 19:38:19 -0500
Subject: [PATCH 11/19] Ran prettier, updated goldenfiles and ran "make gen"

---
 cli/testdata/coder_server_--help.golden       |   6 +-
 coderd/apidoc/docs.go                         |  34 +++++-
 coderd/apidoc/swagger.json                    |  34 +++++-
 docs/api/general.md                           |  22 ++++
 docs/api/schemas.md                           | 102 ++++++++++++++++--
 docs/api/users.md                             |  14 ++-
 site/src/components/SignInForm/SignInForm.tsx |  35 +++---
 site/src/pages/LoginPage/LoginPage.test.tsx   |   2 +-
 site/src/testHelpers/entities.ts              |   2 +-
 9 files changed, 214 insertions(+), 37 deletions(-)

diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
index 4182f587a5d7d..a473599454dcc 100644
--- a/cli/testdata/coder_server_--help.golden
+++ b/cli/testdata/coder_server_--help.golden
@@ -128,12 +128,12 @@ Flags:
                                                      OIDC.
                                                      Consumes $CODER_OIDC_SCOPES (default
                                                      [openid,profile,email])
-      --oidc-username-field string                   OIDC claim field to use as the username.
-                                                     Consumes $CODER_OIDC_USERNAME_FIELD
-                                                     (default "preferred_username")
       --oidc-sign-in-text string                     The text to show on the OpenID Connect
                                                      sign in button
                                                      Consumes $CODER_OIDC_SIGN_IN_TEXT
+      --oidc-username-field string                   OIDC claim field to use as the username.
+                                                     Consumes $CODER_OIDC_USERNAME_FIELD
+                                                     (default "preferred_username")
       --postgres-url string                          URL of a PostgreSQL database. If empty,
                                                      PostgreSQL binaries will be downloaded
                                                      from Maven
diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
index 3281865849f36..ff2a06c7e09cf 100644
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@@ -5139,17 +5139,25 @@ const docTemplate = `{
                 }
             }
         },
+        "codersdk.AuthMethod": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "codersdk.AuthMethods": {
             "type": "object",
             "properties": {
                 "github": {
-                    "type": "boolean"
+                    "$ref": "#/definitions/codersdk.AuthMethod"
                 },
                 "oidc": {
-                    "type": "boolean"
+                    "$ref": "#/definitions/codersdk.OIDCMethod"
                 },
                 "password": {
-                    "type": "boolean"
+                    "$ref": "#/definitions/codersdk.AuthMethod"
                 }
             }
         },
@@ -6338,6 +6346,9 @@ const docTemplate = `{
                 "email_domain": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
                 },
+                "icon_url": {
+                    "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
+                },
                 "ignore_email_verified": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-bool"
                 },
@@ -6347,11 +6358,28 @@ const docTemplate = `{
                 "scopes": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
                 },
+                "sign_in_text": {
+                    "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
+                },
                 "username_field": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
                 }
             }
         },
+        "codersdk.OIDCMethod": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "iconUrl": {
+                    "type": "string"
+                },
+                "signInText": {
+                    "type": "string"
+                }
+            }
+        },
         "codersdk.Organization": {
             "type": "object",
             "required": [
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
index d97e53fe6be57..23cd982fef5c3 100644
--- a/coderd/apidoc/swagger.json
+++ b/coderd/apidoc/swagger.json
@@ -4549,17 +4549,25 @@
         }
       }
     },
+    "codersdk.AuthMethod": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      }
+    },
     "codersdk.AuthMethods": {
       "type": "object",
       "properties": {
         "github": {
-          "type": "boolean"
+          "$ref": "#/definitions/codersdk.AuthMethod"
         },
         "oidc": {
-          "type": "boolean"
+          "$ref": "#/definitions/codersdk.OIDCMethod"
         },
         "password": {
-          "type": "boolean"
+          "$ref": "#/definitions/codersdk.AuthMethod"
         }
       }
     },
@@ -5667,6 +5675,9 @@
         "email_domain": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
         },
+        "icon_url": {
+          "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
+        },
         "ignore_email_verified": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-bool"
         },
@@ -5676,11 +5687,28 @@
         "scopes": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
         },
+        "sign_in_text": {
+          "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
+        },
         "username_field": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
         }
       }
     },
+    "codersdk.OIDCMethod": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        },
+        "iconUrl": {
+          "type": "string"
+        },
+        "signInText": {
+          "type": "string"
+        }
+      }
+    },
     "codersdk.Organization": {
       "type": "object",
       "required": ["created_at", "id", "name", "updated_at"],
diff --git a/docs/api/general.md b/docs/api/general.md
index 578ad62ebc6e7..58013c8504bc3 100644
--- a/docs/api/general.md
+++ b/docs/api/general.md
@@ -518,6 +518,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
       "usage": "string",
       "value": ["string"]
     },
+    "icon_url": {
+      "default": "string",
+      "enterprise": true,
+      "flag": "string",
+      "hidden": true,
+      "name": "string",
+      "secret": true,
+      "shorthand": "string",
+      "usage": "string",
+      "value": "string"
+    },
     "ignore_email_verified": {
       "default": true,
       "enterprise": true,
@@ -551,6 +562,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
       "usage": "string",
       "value": ["string"]
     },
+    "sign_in_text": {
+      "default": "string",
+      "enterprise": true,
+      "flag": "string",
+      "hidden": true,
+      "name": "string",
+      "secret": true,
+      "shorthand": "string",
+      "usage": "string",
+      "value": "string"
+    },
     "username_field": {
       "default": "string",
       "enterprise": true,
diff --git a/docs/api/schemas.md b/docs/api/schemas.md
index cb36333e077cd..9fdc3d3970298 100644
--- a/docs/api/schemas.md
+++ b/docs/api/schemas.md
@@ -441,23 +441,45 @@
 | `audit_logs` | array of [codersdk.AuditLog](#codersdkauditlog) | false    |              |             |
 | `count`      | integer                                         | false    |              |             |
 
+## codersdk.AuthMethod
+
+```json
+{
+  "enabled": true
+}
+```
+
+### Properties
+
+| Name      | Type    | Required | Restrictions | Description |
+| --------- | ------- | -------- | ------------ | ----------- |
+| `enabled` | boolean | false    |              |             |
+
 ## codersdk.AuthMethods
 
 ```json
 {
-  "github": true,
-  "oidc": true,
-  "password": true
+  "github": {
+    "enabled": true
+  },
+  "oidc": {
+    "enabled": true,
+    "iconUrl": "string",
+    "signInText": "string"
+  },
+  "password": {
+    "enabled": true
+  }
 }
 ```
 
 ### Properties
 
-| Name       | Type    | Required | Restrictions | Description |
-| ---------- | ------- | -------- | ------------ | ----------- |
-| `github`   | boolean | false    |              |             |
-| `oidc`     | boolean | false    |              |             |
-| `password` | boolean | false    |              |             |
+| Name       | Type                                       | Required | Restrictions | Description |
+| ---------- | ------------------------------------------ | -------- | ------------ | ----------- |
+| `github`   | [codersdk.AuthMethod](#codersdkauthmethod) | false    |              |             |
+| `oidc`     | [codersdk.OIDCMethod](#codersdkoidcmethod) | false    |              |             |
+| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false    |              |             |
 
 ## codersdk.AuthorizationCheck
 
@@ -1591,6 +1613,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
       "usage": "string",
       "value": ["string"]
     },
+    "icon_url": {
+      "default": "string",
+      "enterprise": true,
+      "flag": "string",
+      "hidden": true,
+      "name": "string",
+      "secret": true,
+      "shorthand": "string",
+      "usage": "string",
+      "value": "string"
+    },
     "ignore_email_verified": {
       "default": true,
       "enterprise": true,
@@ -1624,6 +1657,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
       "usage": "string",
       "value": ["string"]
     },
+    "sign_in_text": {
+      "default": "string",
+      "enterprise": true,
+      "flag": "string",
+      "hidden": true,
+      "name": "string",
+      "secret": true,
+      "shorthand": "string",
+      "usage": "string",
+      "value": "string"
+    },
     "username_field": {
       "default": "string",
       "enterprise": true,
@@ -2977,6 +3021,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
     "usage": "string",
     "value": ["string"]
   },
+  "icon_url": {
+    "default": "string",
+    "enterprise": true,
+    "flag": "string",
+    "hidden": true,
+    "name": "string",
+    "secret": true,
+    "shorthand": "string",
+    "usage": "string",
+    "value": "string"
+  },
   "ignore_email_verified": {
     "default": true,
     "enterprise": true,
@@ -3010,6 +3065,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
     "usage": "string",
     "value": ["string"]
   },
+  "sign_in_text": {
+    "default": "string",
+    "enterprise": true,
+    "flag": "string",
+    "hidden": true,
+    "name": "string",
+    "secret": true,
+    "shorthand": "string",
+    "usage": "string",
+    "value": "string"
+  },
   "username_field": {
     "default": "string",
     "enterprise": true,
@@ -3032,11 +3098,31 @@ CreateParameterRequest is a structure used to create a new parameter value for a
 | `client_id`             | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `client_secret`         | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `email_domain`          | [codersdk.DeploymentConfigField-array_string](#codersdkdeploymentconfigfield-array_string) | false    |              |             |
+| `icon_url`              | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `ignore_email_verified` | [codersdk.DeploymentConfigField-bool](#codersdkdeploymentconfigfield-bool)                 | false    |              |             |
 | `issuer_url`            | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `scopes`                | [codersdk.DeploymentConfigField-array_string](#codersdkdeploymentconfigfield-array_string) | false    |              |             |
+| `sign_in_text`          | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `username_field`        | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 
+## codersdk.OIDCMethod
+
+```json
+{
+  "enabled": true,
+  "iconUrl": "string",
+  "signInText": "string"
+}
+```
+
+### Properties
+
+| Name         | Type    | Required | Restrictions | Description |
+| ------------ | ------- | -------- | ------------ | ----------- |
+| `enabled`    | boolean | false    |              |             |
+| `iconUrl`    | string  | false    |              |             |
+| `signInText` | string  | false    |              |             |
+
 ## codersdk.Organization
 
 ```json
diff --git a/docs/api/users.md b/docs/api/users.md
index a01027eea638c..0a354d17d40cd 100644
--- a/docs/api/users.md
+++ b/docs/api/users.md
@@ -141,9 +141,17 @@ curl -X GET http://coder-server:8080/api/v2/users/authmethods \
 
 ```json
 {
-  "github": true,
-  "oidc": true,
-  "password": true
+  "github": {
+    "enabled": true
+  },
+  "oidc": {
+    "enabled": true,
+    "iconUrl": "string",
+    "signInText": "string"
+  },
+  "password": {
+    "enabled": true
+  }
 }
 ```
 
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index 8ebd1581173fe..b8414722af376 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -100,7 +100,7 @@ const useStyles = makeStyles((theme) => ({
     fontSize: 12,
     color: theme.palette.text.secondary,
     marginTop: 12,
-  }
+  },
 }))
 
 export interface SignInFormProps {
@@ -121,9 +121,12 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
   onSubmit,
   initialTouched,
 }) => {
-  const nonPasswordAuthEnabled = authMethods?.github.enabled || authMethods?.oidc.enabled
+  const nonPasswordAuthEnabled =
+    authMethods?.github.enabled || authMethods?.oidc.enabled
 
-  const [showPasswordAuth, setShowPasswordAuth] = useState(!nonPasswordAuthEnabled);
+  const [showPasswordAuth, setShowPasswordAuth] = useState(
+    !nonPasswordAuthEnabled,
+  )
   const styles = useStyles()
   const form: FormikContextType<BuiltInAuthFormValues> =
     useFormik<BuiltInAuthFormValues>({
@@ -199,15 +202,14 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
           </Stack>
         </form>
       )}
-      {showPasswordAuth &&
-        (nonPasswordAuthEnabled) && (
-          <div className={styles.divider}>
-            <div className={styles.dividerLine} />
-            <div className={styles.dividerLabel}>Or</div>
-            <div className={styles.dividerLine} />
-          </div>
-        )}
-      {(nonPasswordAuthEnabled) && (
+      {showPasswordAuth && nonPasswordAuthEnabled && (
+        <div className={styles.divider}>
+          <div className={styles.dividerLine} />
+          <div className={styles.dividerLabel}>Or</div>
+          <div className={styles.dividerLine} />
+        </div>
+      )}
+      {nonPasswordAuthEnabled && (
         <Box display="grid" gridGap="16px">
           {authMethods.github.enabled && (
             <Link
@@ -259,11 +261,14 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
           )}
         </Box>
       )}
-      {!showPasswordAuth &&
-        <Typography className={styles.showPasswordLink} onClick={() => setShowPasswordAuth(true)}>
+      {!showPasswordAuth && (
+        <Typography
+          className={styles.showPasswordLink}
+          onClick={() => setShowPasswordAuth(true)}
+        >
           Show password login
         </Typography>
-      }
+      )}
     </div>
   )
 }
diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx
index d0d4fe2a3388e..ea9290cff8d91 100644
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@@ -82,7 +82,7 @@ describe("LoginPage", () => {
 
   it("shows github authentication when enabled", async () => {
     const authMethods: TypesGen.AuthMethods = {
-      password: { enabled: true, hidden: false },
+      password: { enabled: true },
       github: { enabled: true },
       oidc: { enabled: true, signInText: "", iconUrl: "" },
     }
diff --git a/site/src/testHelpers/entities.ts b/site/src/testHelpers/entities.ts
index 02b6f987cbc37..e97fcfe4d0cfe 100644
--- a/site/src/testHelpers/entities.ts
+++ b/site/src/testHelpers/entities.ts
@@ -610,7 +610,7 @@ export const MockUserAgent: Types.UserAgent = {
 }
 
 export const MockAuthMethods: TypesGen.AuthMethods = {
-  password: { enabled: true, hidden: false },
+  password: { enabled: true },
   github: { enabled: false },
   oidc: { enabled: false, signInText: "", iconUrl: "" },
 }

From 475b2bfd4366d66625edbc747b1423380d417211 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Mon, 16 Jan 2023 20:01:26 -0500
Subject: [PATCH 12/19] Fixed and added LoginPage test

---
 site/src/pages/LoginPage/LoginPage.test.tsx | 30 ++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx
index ea9290cff8d91..427bdde86bda0 100644
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@@ -98,7 +98,7 @@ describe("LoginPage", () => {
     render(<LoginPage />)
 
     // Then
-    await screen.findByText(Language.passwordSignIn)
+    expect(await screen.queryByText(Language.passwordSignIn)).not.toBeInTheDocument()
     await screen.findByText(Language.githubSignIn)
   })
 
@@ -121,4 +121,32 @@ describe("LoginPage", () => {
     // Then
     await screen.findByText("Setup")
   })
+
+  it("hides password authentication if OIDC/GitHub is enabled and displays on click", async () => {
+    const authMethods: TypesGen.AuthMethods = {
+      password: { enabled: true },
+      github: { enabled: true },
+      oidc: { enabled: true, signInText: "", iconUrl: "" },
+    }
+
+    // Given
+    server.use(
+      rest.get("/api/v2/users/authmethods", async (req, res, ctx) => {
+        return res(ctx.status(200), ctx.json(authMethods))
+      }),
+    )
+
+    // When
+    render(<LoginPage />)
+
+    // Then
+    expect(await screen.queryByText(Language.passwordSignIn)).not.toBeInTheDocument()
+    await screen.findByText(Language.githubSignIn)
+
+    const showPasswordAuthLink = screen.getByText("Show password login")
+    await userEvent.click(showPasswordAuthLink);
+
+    await screen.findByText(Language.passwordSignIn)
+    await screen.findByText(Language.githubSignIn)
+  })
 })

From 77b230cc878f11aac65cc5b35de8899e86da1e77 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Mon, 16 Jan 2023 20:04:50 -0500
Subject: [PATCH 13/19] Ran prettier

---
 site/src/pages/LoginPage/LoginPage.test.tsx | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx
index 427bdde86bda0..b5eb6e4b41c6f 100644
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@@ -98,7 +98,9 @@ describe("LoginPage", () => {
     render(<LoginPage />)
 
     // Then
-    expect(await screen.queryByText(Language.passwordSignIn)).not.toBeInTheDocument()
+    expect(
+      await screen.queryByText(Language.passwordSignIn),
+    ).not.toBeInTheDocument()
     await screen.findByText(Language.githubSignIn)
   })
 
@@ -140,11 +142,13 @@ describe("LoginPage", () => {
     render(<LoginPage />)
 
     // Then
-    expect(await screen.queryByText(Language.passwordSignIn)).not.toBeInTheDocument()
+    expect(
+      await screen.queryByText(Language.passwordSignIn),
+    ).not.toBeInTheDocument()
     await screen.findByText(Language.githubSignIn)
 
     const showPasswordAuthLink = screen.getByText("Show password login")
-    await userEvent.click(showPasswordAuthLink);
+    await userEvent.click(showPasswordAuthLink)
 
     await screen.findByText(Language.passwordSignIn)
     await screen.findByText(Language.githubSignIn)

From 77f0fb26100c6d054d7d1be8b30f3cc9d09a7678 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Thu, 19 Jan 2023 22:16:05 -0500
Subject: [PATCH 14/19] PR Feedback and split up SignInForm.tsx

---
 cli/deployment/config.go                      |   7 +-
 coderd/userauth.go                            |   2 +-
 codersdk/users.go                             |   8 +-
 site/src/api/typesGenerated.ts                |  14 +-
 .../components/SignInForm/OAuthSignInForm.tsx |  83 ++++++++
 .../SignInForm/PasswordSignInForm.tsx         |  99 +++++++++
 site/src/components/SignInForm/SignInForm.tsx | 192 +++---------------
 .../components/SignInForm/SignInForm.types.ts |   9 +
 site/src/i18n/en/loginPage.json               |   3 +-
 site/src/pages/LoginPage/LoginPage.test.tsx   |   2 +-
 10 files changed, 241 insertions(+), 178 deletions(-)
 create mode 100644 site/src/components/SignInForm/OAuthSignInForm.tsx
 create mode 100644 site/src/components/SignInForm/PasswordSignInForm.tsx
 create mode 100644 site/src/components/SignInForm/SignInForm.types.ts

diff --git a/cli/deployment/config.go b/cli/deployment/config.go
index d68c64dd190b6..d78efe61068e4 100644
--- a/cli/deployment/config.go
+++ b/cli/deployment/config.go
@@ -255,9 +255,10 @@ func newConfig() *codersdk.DeploymentConfig {
 				Default: "preferred_username",
 			},
 			SignInText: &codersdk.DeploymentConfigField[string]{
-				Name:  "OpenID Connect sign in text",
-				Usage: "The text to show on the OpenID Connect sign in button",
-				Flag:  "oidc-sign-in-text",
+				Name:    "OpenID Connect sign in text",
+				Usage:   "The text to show on the OpenID Connect sign in button",
+				Flag:    "oidc-sign-in-text",
+				Default: "OpenID Connect",
 			},
 			IconURL: &codersdk.DeploymentConfigField[string]{
 				Name:  "OpenID connect icon URL",
diff --git a/coderd/userauth.go b/coderd/userauth.go
index ea49db546307a..7a62db27f5f11 100644
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@@ -64,7 +64,7 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
 		Password: codersdk.AuthMethod{Enabled: true},
 		Github:   codersdk.AuthMethod{Enabled: api.GithubOAuth2Config != nil},
-		OIDC: codersdk.OIDCMethod{
+		OIDC: codersdk.OIDCAuthMethod{
 			AuthMethod: codersdk.AuthMethod{Enabled: api.OIDCConfig != nil},
 			SignInText: signInText,
 			IconURL:    iconURL,
diff --git a/codersdk/users.go b/codersdk/users.go
index ca12654057857..7dd67a0b8c6e2 100644
--- a/codersdk/users.go
+++ b/codersdk/users.go
@@ -107,16 +107,16 @@ type CreateOrganizationRequest struct {
 
 // AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc.
 type AuthMethods struct {
-	Password AuthMethod `json:"password"`
-	Github   AuthMethod `json:"github"`
-	OIDC     OIDCMethod `json:"oidc"`
+	Password AuthMethod     `json:"password"`
+	Github   AuthMethod     `json:"github"`
+	OIDC     OIDCAuthMethod `json:"oidc"`
 }
 
 type AuthMethod struct {
 	Enabled bool `json:"enabled"`
 }
 
-type OIDCMethod struct {
+type OIDCAuthMethod struct {
 	AuthMethod
 	SignInText string `json:"signInText"`
 	IconURL    string `json:"iconUrl"`
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
index 5269bd84c8837..442d92a779c95 100644
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@@ -98,7 +98,7 @@ export interface AuthMethod {
 export interface AuthMethods {
   readonly password: AuthMethod
   readonly github: AuthMethod
-  readonly oidc: OIDCMethod
+  readonly oidc: OIDCAuthMethod
 }
 
 // From codersdk/authorization.go
@@ -461,6 +461,12 @@ export interface OAuth2GithubConfig {
   readonly enterprise_base_url: DeploymentConfigField<string>
 }
 
+// From codersdk/users.go
+export interface OIDCAuthMethod extends AuthMethod {
+  readonly signInText: string
+  readonly iconUrl: string
+}
+
 // From codersdk/deploymentconfig.go
 export interface OIDCConfig {
   readonly allow_signups: DeploymentConfigField<boolean>
@@ -475,12 +481,6 @@ export interface OIDCConfig {
   readonly icon_url: DeploymentConfigField<string>
 }
 
-// From codersdk/users.go
-export interface OIDCMethod extends AuthMethod {
-  readonly signInText: string
-  readonly iconUrl: string
-}
-
 // From codersdk/organizations.go
 export interface Organization {
   readonly id: string
diff --git a/site/src/components/SignInForm/OAuthSignInForm.tsx b/site/src/components/SignInForm/OAuthSignInForm.tsx
new file mode 100644
index 0000000000000..6a75dc99a8842
--- /dev/null
+++ b/site/src/components/SignInForm/OAuthSignInForm.tsx
@@ -0,0 +1,83 @@
+import Link from "@material-ui/core/Link"
+import Button from "@material-ui/core/Button"
+import GitHubIcon from "@material-ui/icons/GitHub"
+import KeyIcon from "@material-ui/icons/VpnKey"
+import Box from "@material-ui/core/Box"
+import { Language } from "./SignInForm"
+import { AuthMethods } from "../../api/typesGenerated"
+import { FC } from "react"
+import { makeStyles } from "@material-ui/core/styles"
+
+type OAuthSignInFormProps = {
+  isLoading: boolean
+  redirectTo: string
+  authMethods?: AuthMethods
+}
+
+const useStyles = makeStyles(() => ({
+  buttonIcon: {
+    width: 14,
+    height: 14,
+  },
+}))
+
+export const OAuthSignInForm: FC<OAuthSignInFormProps> = ({
+  isLoading,
+  redirectTo,
+  authMethods,
+}) => {
+  const styles = useStyles()
+
+  return (
+    <Box display="grid" gridGap="16px">
+      {authMethods?.github.enabled && (
+        <Link
+          underline="none"
+          href={`/api/v2/users/oauth2/github/callback?redirect=${encodeURIComponent(
+            redirectTo,
+          )}`}
+        >
+          <Button
+            startIcon={<GitHubIcon className={styles.buttonIcon} />}
+            disabled={isLoading}
+            fullWidth
+            type="submit"
+            variant="contained"
+          >
+            {Language.githubSignIn}
+          </Button>
+        </Link>
+      )}
+
+      {authMethods?.oidc.enabled && (
+        <Link
+          underline="none"
+          href={`/api/v2/users/oidc/callback?redirect=${encodeURIComponent(
+            redirectTo,
+          )}`}
+        >
+          <Button
+            startIcon={
+              authMethods.oidc.iconUrl ? (
+                <img
+                  alt="Open ID Connect icon"
+                  src={authMethods.oidc.iconUrl}
+                  width="24"
+                  height="24"
+                />
+              ) : (
+                <KeyIcon className={styles.buttonIcon} />
+              )
+            }
+            disabled={isLoading}
+            fullWidth
+            type="submit"
+            variant="contained"
+          >
+            {authMethods.oidc.signInText || Language.oidcSignIn}
+          </Button>
+        </Link>
+      )}
+    </Box>
+  )
+}
diff --git a/site/src/components/SignInForm/PasswordSignInForm.tsx b/site/src/components/SignInForm/PasswordSignInForm.tsx
new file mode 100644
index 0000000000000..ba6606f26da21
--- /dev/null
+++ b/site/src/components/SignInForm/PasswordSignInForm.tsx
@@ -0,0 +1,99 @@
+import { Stack } from "../Stack/Stack"
+import { AlertBanner } from "../AlertBanner/AlertBanner"
+import TextField from "@material-ui/core/TextField"
+import { getFormHelpers, onChangeTrimmed } from "../../util/formUtils"
+import { LoadingButton } from "../LoadingButton/LoadingButton"
+import { Language, LoginErrors } from "./SignInForm"
+import { FormikContextType, FormikTouched, useFormik } from "formik"
+import * as Yup from "yup"
+import { FC } from "react"
+import { BuiltInAuthFormValues } from "./SignInForm.types"
+
+type PasswordSignInFormProps = {
+  loginErrors: Partial<Record<LoginErrors, Error | unknown>>
+  onSubmit: (credentials: { email: string; password: string }) => void
+  initialTouched?: FormikTouched<BuiltInAuthFormValues>
+  isLoading: boolean
+}
+
+export const PasswordSignInForm: FC<PasswordSignInFormProps> = ({
+  loginErrors,
+  onSubmit,
+  initialTouched,
+  isLoading,
+}) => {
+  const validationSchema = Yup.object({
+    email: Yup.string()
+      .trim()
+      .email(Language.emailInvalid)
+      .required(Language.emailRequired),
+    password: Yup.string(),
+  })
+
+  const form: FormikContextType<BuiltInAuthFormValues> =
+    useFormik<BuiltInAuthFormValues>({
+      initialValues: {
+        email: "",
+        password: "",
+      },
+      validationSchema,
+      // The email field has an autoFocus, but users may log in with a button click.
+      // This is set to `false` in order to keep the autoFocus, validateOnChange
+      // and Formik experience friendly. Validation will kick in onChange (any
+      // field), or after a submission attempt.
+      validateOnBlur: false,
+      onSubmit,
+      initialTouched,
+    })
+  const getFieldHelpers = getFormHelpers<BuiltInAuthFormValues>(
+    form,
+    loginErrors.authError,
+  )
+
+  return (
+    <form onSubmit={form.handleSubmit}>
+      <Stack>
+        {Object.keys(loginErrors).map(
+          (errorKey: string) =>
+            Boolean(loginErrors[errorKey as LoginErrors]) && (
+              <AlertBanner
+                key={errorKey}
+                severity="error"
+                error={loginErrors[errorKey as LoginErrors]}
+                text={Language.errorMessages[errorKey as LoginErrors]}
+              />
+            ),
+        )}
+        <TextField
+          {...getFieldHelpers("email")}
+          onChange={onChangeTrimmed(form)}
+          autoFocus
+          autoComplete="email"
+          fullWidth
+          label={Language.emailLabel}
+          type="email"
+          variant="outlined"
+        />
+        <TextField
+          {...getFieldHelpers("password")}
+          autoComplete="current-password"
+          fullWidth
+          id="password"
+          label={Language.passwordLabel}
+          type="password"
+          variant="outlined"
+        />
+        <div>
+          <LoadingButton
+            loading={isLoading}
+            fullWidth
+            type="submit"
+            variant="contained"
+          >
+            {isLoading ? "" : Language.passwordSignIn}
+          </LoadingButton>
+        </div>
+      </Stack>
+    </form>
+  )
+}
diff --git a/site/src/components/SignInForm/SignInForm.tsx b/site/src/components/SignInForm/SignInForm.tsx
index b8414722af376..d900372002747 100644
--- a/site/src/components/SignInForm/SignInForm.tsx
+++ b/site/src/components/SignInForm/SignInForm.tsx
@@ -1,30 +1,13 @@
-import Box from "@material-ui/core/Box"
-import Button from "@material-ui/core/Button"
-import Link from "@material-ui/core/Link"
 import { makeStyles } from "@material-ui/core/styles"
 import Typography from "@material-ui/core/Typography"
-import TextField from "@material-ui/core/TextField"
-import GitHubIcon from "@material-ui/icons/GitHub"
-import KeyIcon from "@material-ui/icons/VpnKey"
-import { Stack } from "components/Stack/Stack"
-import { FormikContextType, FormikTouched, useFormik } from "formik"
+import { FormikTouched } from "formik"
 import { FC, useState } from "react"
-import * as Yup from "yup"
 import { AuthMethods } from "../../api/typesGenerated"
-import { getFormHelpers, onChangeTrimmed } from "../../util/formUtils"
-import { LoadingButton } from "./../LoadingButton/LoadingButton"
-import { AlertBanner } from "components/AlertBanner/AlertBanner"
 import { useTranslation } from "react-i18next"
-
-/**
- * BuiltInAuthFormValues describes a form using built-in (email/password)
- * authentication. This form may not always be present depending on external
- * auth providers available and administrative configurations
- */
-interface BuiltInAuthFormValues {
-  email: string
-  password: string
-}
+import { Maybe } from "../Conditionals/Maybe"
+import { PasswordSignInForm } from "./PasswordSignInForm"
+import { OAuthSignInForm } from "./OAuthSignInForm"
+import { BuiltInAuthFormValues } from "./SignInForm.types"
 
 export enum LoginErrors {
   AUTH_ERROR = "authError",
@@ -49,14 +32,6 @@ export const Language = {
   oidcSignIn: "OpenID Connect",
 }
 
-const validationSchema = Yup.object({
-  email: Yup.string()
-    .trim()
-    .email(Language.emailInvalid)
-    .required(Language.emailRequired),
-  password: Yup.string(),
-})
-
 const useStyles = makeStyles((theme) => ({
   root: {
     width: "100%",
@@ -72,10 +47,6 @@ const useStyles = makeStyles((theme) => ({
       fontWeight: 600,
     },
   },
-  buttonIcon: {
-    width: 14,
-    height: 14,
-  },
   divider: {
     paddingTop: theme.spacing(3),
     paddingBottom: theme.spacing(3),
@@ -121,32 +92,14 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
   onSubmit,
   initialTouched,
 }) => {
-  const nonPasswordAuthEnabled =
-    authMethods?.github.enabled || authMethods?.oidc.enabled
-
-  const [showPasswordAuth, setShowPasswordAuth] = useState(
-    !nonPasswordAuthEnabled,
+  const oAuthEnabled = Boolean(
+    authMethods?.github.enabled || authMethods?.oidc.enabled,
   )
+
+  // Hide password auth by default if any OAuth method is enabled
+  const [showPasswordAuth, setShowPasswordAuth] = useState(!oAuthEnabled)
   const styles = useStyles()
-  const form: FormikContextType<BuiltInAuthFormValues> =
-    useFormik<BuiltInAuthFormValues>({
-      initialValues: {
-        email: "",
-        password: "",
-      },
-      validationSchema,
-      // The email field has an autoFocus, but users may login with a button click.
-      // This is set to `false` in order to keep the autoFocus, validateOnChange
-      // and Formik experience friendly. Validation will kick in onChange (any
-      // field), or after a submission attempt.
-      validateOnBlur: false,
-      onSubmit,
-      initialTouched,
-    })
-  const getFieldHelpers = getFormHelpers<BuiltInAuthFormValues>(
-    form,
-    loginErrors.authError,
-  )
+
   const commonTranslation = useTranslation("common")
   const loginPageTranslation = useTranslation("loginPage")
 
@@ -156,119 +109,36 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
         {loginPageTranslation.t("signInTo")}{" "}
         <strong>{commonTranslation.t("coder")}</strong>
       </h1>
-      {showPasswordAuth && (
-        <form onSubmit={form.handleSubmit}>
-          <Stack>
-            {Object.keys(loginErrors).map(
-              (errorKey: string) =>
-                Boolean(loginErrors[errorKey as LoginErrors]) && (
-                  <AlertBanner
-                    key={errorKey}
-                    severity="error"
-                    error={loginErrors[errorKey as LoginErrors]}
-                    text={Language.errorMessages[errorKey as LoginErrors]}
-                  />
-                ),
-            )}
-            <TextField
-              {...getFieldHelpers("email")}
-              onChange={onChangeTrimmed(form)}
-              autoFocus
-              autoComplete="email"
-              fullWidth
-              label={Language.emailLabel}
-              type="email"
-              variant="outlined"
-            />
-            <TextField
-              {...getFieldHelpers("password")}
-              autoComplete="current-password"
-              fullWidth
-              id="password"
-              label={Language.passwordLabel}
-              type="password"
-              variant="outlined"
-            />
-            <div>
-              <LoadingButton
-                loading={isLoading}
-                fullWidth
-                type="submit"
-                variant="contained"
-              >
-                {isLoading ? "" : Language.passwordSignIn}
-              </LoadingButton>
-            </div>
-          </Stack>
-        </form>
-      )}
-      {showPasswordAuth && nonPasswordAuthEnabled && (
+      <Maybe condition={showPasswordAuth}>
+        <PasswordSignInForm
+          loginErrors={loginErrors}
+          onSubmit={onSubmit}
+          initialTouched={initialTouched}
+          isLoading={isLoading}
+        />
+      </Maybe>
+      <Maybe condition={showPasswordAuth && oAuthEnabled}>
         <div className={styles.divider}>
           <div className={styles.dividerLine} />
           <div className={styles.dividerLabel}>Or</div>
           <div className={styles.dividerLine} />
         </div>
-      )}
-      {nonPasswordAuthEnabled && (
-        <Box display="grid" gridGap="16px">
-          {authMethods.github.enabled && (
-            <Link
-              underline="none"
-              href={`/api/v2/users/oauth2/github/callback?redirect=${encodeURIComponent(
-                redirectTo,
-              )}`}
-            >
-              <Button
-                startIcon={<GitHubIcon className={styles.buttonIcon} />}
-                disabled={isLoading}
-                fullWidth
-                type="submit"
-                variant="contained"
-              >
-                {Language.githubSignIn}
-              </Button>
-            </Link>
-          )}
-
-          {authMethods.oidc.enabled && (
-            <Link
-              underline="none"
-              href={`/api/v2/users/oidc/callback?redirect=${encodeURIComponent(
-                redirectTo,
-              )}`}
-            >
-              <Button
-                startIcon={
-                  authMethods.oidc.iconUrl ? (
-                    <img
-                      alt="Open ID Connect icon"
-                      src={authMethods.oidc.iconUrl}
-                      width="24"
-                      height="24"
-                    />
-                  ) : (
-                    <KeyIcon className={styles.buttonIcon} />
-                  )
-                }
-                disabled={isLoading}
-                fullWidth
-                type="submit"
-                variant="contained"
-              >
-                {authMethods.oidc.signInText || Language.oidcSignIn}
-              </Button>
-            </Link>
-          )}
-        </Box>
-      )}
-      {!showPasswordAuth && (
+      </Maybe>
+      <Maybe condition={oAuthEnabled}>
+        <OAuthSignInForm
+          isLoading={isLoading}
+          redirectTo={redirectTo}
+          authMethods={authMethods}
+        />
+      </Maybe>
+      <Maybe condition={!showPasswordAuth}>
         <Typography
           className={styles.showPasswordLink}
           onClick={() => setShowPasswordAuth(true)}
         >
-          Show password login
+          {loginPageTranslation.t("showPassword")}
         </Typography>
-      )}
+      </Maybe>
     </div>
   )
 }
diff --git a/site/src/components/SignInForm/SignInForm.types.ts b/site/src/components/SignInForm/SignInForm.types.ts
new file mode 100644
index 0000000000000..8965458bd8953
--- /dev/null
+++ b/site/src/components/SignInForm/SignInForm.types.ts
@@ -0,0 +1,9 @@
+/**
+ * BuiltInAuthFormValues describes a form using built-in (email/password)
+ * authentication. This form may not always be present depending on external
+ * auth providers available and administrative configurations
+ */
+export interface BuiltInAuthFormValues {
+  email: string
+  password: string
+}
diff --git a/site/src/i18n/en/loginPage.json b/site/src/i18n/en/loginPage.json
index 329dc925a2e8e..187f6a4d141d6 100644
--- a/site/src/i18n/en/loginPage.json
+++ b/site/src/i18n/en/loginPage.json
@@ -1,3 +1,4 @@
 {
-  "signInTo": "Sign in to"
+  "signInTo": "Sign in to",
+  "showPassword": "Show password login"
 }
diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx
index b5eb6e4b41c6f..930a801af6532 100644
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@@ -10,7 +10,7 @@ import {
 } from "../../testHelpers/renderHelpers"
 import { server } from "../../testHelpers/server"
 import { LoginPage } from "./LoginPage"
-import * as TypesGen from "../../api/typesGenerated"
+import * as TypesGen from "api/typesGenerated"
 
 describe("LoginPage", () => {
   beforeEach(() => {

From 1ed7911809be7b88189b51102655abfdc01db1d6 Mon Sep 17 00:00:00 2001
From: Arthur <arthur@normand.space>
Date: Thu, 19 Jan 2023 23:32:52 -0500
Subject: [PATCH 15/19] Updated golden files

---
 cli/testdata/coder_server_--help.golden | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
index a473599454dcc..2529c1eb12b61 100644
--- a/cli/testdata/coder_server_--help.golden
+++ b/cli/testdata/coder_server_--help.golden
@@ -131,6 +131,7 @@ Flags:
       --oidc-sign-in-text string                     The text to show on the OpenID Connect
                                                      sign in button
                                                      Consumes $CODER_OIDC_SIGN_IN_TEXT
+                                                     (default "OpenID Connect")
       --oidc-username-field string                   OIDC claim field to use as the username.
                                                      Consumes $CODER_OIDC_USERNAME_FIELD
                                                      (default "preferred_username")

From e31a37e1199c984e578a1069d84ea8b8be378b98 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Sun, 22 Jan 2023 21:21:35 -0500
Subject: [PATCH 16/19] Fix auto-genned-files

---
 coderd/apidoc/docs.go      |  4 ++--
 coderd/apidoc/swagger.json |  4 ++--
 docs/api/schemas.md        | 12 ++++++------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
index ff2a06c7e09cf..15eb644388b43 100644
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@@ -5154,7 +5154,7 @@ const docTemplate = `{
                     "$ref": "#/definitions/codersdk.AuthMethod"
                 },
                 "oidc": {
-                    "$ref": "#/definitions/codersdk.OIDCMethod"
+                    "$ref": "#/definitions/codersdk.OIDCAuthMethod"
                 },
                 "password": {
                     "$ref": "#/definitions/codersdk.AuthMethod"
@@ -6366,7 +6366,7 @@ const docTemplate = `{
                 }
             }
         },
-        "codersdk.OIDCMethod": {
+        "codersdk.OIDCAuthMethod": {
             "type": "object",
             "properties": {
                 "enabled": {
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
index 23cd982fef5c3..c5123cd27be7a 100644
--- a/coderd/apidoc/swagger.json
+++ b/coderd/apidoc/swagger.json
@@ -4564,7 +4564,7 @@
           "$ref": "#/definitions/codersdk.AuthMethod"
         },
         "oidc": {
-          "$ref": "#/definitions/codersdk.OIDCMethod"
+          "$ref": "#/definitions/codersdk.OIDCAuthMethod"
         },
         "password": {
           "$ref": "#/definitions/codersdk.AuthMethod"
@@ -5695,7 +5695,7 @@
         }
       }
     },
-    "codersdk.OIDCMethod": {
+    "codersdk.OIDCAuthMethod": {
       "type": "object",
       "properties": {
         "enabled": {
diff --git a/docs/api/schemas.md b/docs/api/schemas.md
index 9fdc3d3970298..8bc1fa681e2ce 100644
--- a/docs/api/schemas.md
+++ b/docs/api/schemas.md
@@ -475,11 +475,11 @@
 
 ### Properties
 
-| Name       | Type                                       | Required | Restrictions | Description |
-| ---------- | ------------------------------------------ | -------- | ------------ | ----------- |
-| `github`   | [codersdk.AuthMethod](#codersdkauthmethod) | false    |              |             |
-| `oidc`     | [codersdk.OIDCMethod](#codersdkoidcmethod) | false    |              |             |
-| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false    |              |             |
+| Name       | Type                                               | Required | Restrictions | Description |
+| ---------- | -------------------------------------------------- | -------- | ------------ | ----------- |
+| `github`   | [codersdk.AuthMethod](#codersdkauthmethod)         | false    |              |             |
+| `oidc`     | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false    |              |             |
+| `password` | [codersdk.AuthMethod](#codersdkauthmethod)         | false    |              |             |
 
 ## codersdk.AuthorizationCheck
 
@@ -3105,7 +3105,7 @@ CreateParameterRequest is a structure used to create a new parameter value for a
 | `sign_in_text`          | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `username_field`        | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 
-## codersdk.OIDCMethod
+## codersdk.OIDCAuthMethod
 
 ```json
 {

From 9207175ed6a51dc8e31d98850cf5a4e94bb975c8 Mon Sep 17 00:00:00 2001
From: Arthur <arthur@normand.space>
Date: Wed, 25 Jan 2023 23:01:39 -0500
Subject: [PATCH 17/19] make gen -B

---
 coderd/apidoc/docs.go                       | 28 ++++++++--------
 coderd/apidoc/swagger.json                  | 28 ++++++++--------
 docs/api/schemas.md                         | 36 ++++++++++-----------
 provisionerd/proto/provisionerd.pb.go       |  9 ++----
 provisionerd/proto/provisionerd_drpc.pb.go  |  2 +-
 provisionersdk/proto/provisioner.pb.go      |  8 ++---
 provisionersdk/proto/provisioner_drpc.pb.go |  2 +-
 7 files changed, 53 insertions(+), 60 deletions(-)

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
index 15eb644388b43..8366a86b6d914 100644
--- a/coderd/apidoc/docs.go
+++ b/coderd/apidoc/docs.go
@@ -6331,6 +6331,20 @@ const docTemplate = `{
                 }
             }
         },
+        "codersdk.OIDCAuthMethod": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "iconUrl": {
+                    "type": "string"
+                },
+                "signInText": {
+                    "type": "string"
+                }
+            }
+        },
         "codersdk.OIDCConfig": {
             "type": "object",
             "properties": {
@@ -6366,20 +6380,6 @@ const docTemplate = `{
                 }
             }
         },
-        "codersdk.OIDCAuthMethod": {
-            "type": "object",
-            "properties": {
-                "enabled": {
-                    "type": "boolean"
-                },
-                "iconUrl": {
-                    "type": "string"
-                },
-                "signInText": {
-                    "type": "string"
-                }
-            }
-        },
         "codersdk.Organization": {
             "type": "object",
             "required": [
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
index c5123cd27be7a..07a2ca5cd3c32 100644
--- a/coderd/apidoc/swagger.json
+++ b/coderd/apidoc/swagger.json
@@ -5660,6 +5660,20 @@
         }
       }
     },
+    "codersdk.OIDCAuthMethod": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        },
+        "iconUrl": {
+          "type": "string"
+        },
+        "signInText": {
+          "type": "string"
+        }
+      }
+    },
     "codersdk.OIDCConfig": {
       "type": "object",
       "properties": {
@@ -5695,20 +5709,6 @@
         }
       }
     },
-    "codersdk.OIDCAuthMethod": {
-      "type": "object",
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        },
-        "iconUrl": {
-          "type": "string"
-        },
-        "signInText": {
-          "type": "string"
-        }
-      }
-    },
     "codersdk.Organization": {
       "type": "object",
       "required": ["created_at", "id", "name", "updated_at"],
diff --git a/docs/api/schemas.md b/docs/api/schemas.md
index 8bc1fa681e2ce..4b7f6c4ee8aef 100644
--- a/docs/api/schemas.md
+++ b/docs/api/schemas.md
@@ -2973,6 +2973,24 @@ CreateParameterRequest is a structure used to create a new parameter value for a
 | `client_secret`       | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `enterprise_base_url` | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 
+## codersdk.OIDCAuthMethod
+
+```json
+{
+  "enabled": true,
+  "iconUrl": "string",
+  "signInText": "string"
+}
+```
+
+### Properties
+
+| Name         | Type    | Required | Restrictions | Description |
+| ------------ | ------- | -------- | ------------ | ----------- |
+| `enabled`    | boolean | false    |              |             |
+| `iconUrl`    | string  | false    |              |             |
+| `signInText` | string  | false    |              |             |
+
 ## codersdk.OIDCConfig
 
 ```json
@@ -3105,24 +3123,6 @@ CreateParameterRequest is a structure used to create a new parameter value for a
 | `sign_in_text`          | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 | `username_field`        | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string)             | false    |              |             |
 
-## codersdk.OIDCAuthMethod
-
-```json
-{
-  "enabled": true,
-  "iconUrl": "string",
-  "signInText": "string"
-}
-```
-
-### Properties
-
-| Name         | Type    | Required | Restrictions | Description |
-| ------------ | ------- | -------- | ------------ | ----------- |
-| `enabled`    | boolean | false    |              |             |
-| `iconUrl`    | string  | false    |              |             |
-| `signInText` | string  | false    |              |             |
-
 ## codersdk.Organization
 
 ```json
diff --git a/provisionerd/proto/provisionerd.pb.go b/provisionerd/proto/provisionerd.pb.go
index ee6f8f9e01cd2..ceb2208df7c15 100644
--- a/provisionerd/proto/provisionerd.pb.go
+++ b/provisionerd/proto/provisionerd.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.5
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.19.4
 // source: provisionerd/proto/provisionerd.proto
 
 package proto
@@ -119,7 +119,6 @@ type AcquiredJob struct {
 	UserName              string `protobuf:"bytes,4,opt,name=user_name,json=userName,proto3" json:"user_name,omitempty"`
 	TemplateSourceArchive []byte `protobuf:"bytes,5,opt,name=template_source_archive,json=templateSourceArchive,proto3" json:"template_source_archive,omitempty"`
 	// Types that are assignable to Type:
-	//
 	//	*AcquiredJob_WorkspaceBuild_
 	//	*AcquiredJob_TemplateImport_
 	//	*AcquiredJob_TemplateDryRun_
@@ -251,7 +250,6 @@ type FailedJob struct {
 	JobId string `protobuf:"bytes,1,opt,name=job_id,json=jobId,proto3" json:"job_id,omitempty"`
 	Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
 	// Types that are assignable to Type:
-	//
 	//	*FailedJob_WorkspaceBuild_
 	//	*FailedJob_TemplateImport_
 	//	*FailedJob_TemplateDryRun_
@@ -362,7 +360,6 @@ type CompletedJob struct {
 
 	JobId string `protobuf:"bytes,1,opt,name=job_id,json=jobId,proto3" json:"job_id,omitempty"`
 	// Types that are assignable to Type:
-	//
 	//	*CompletedJob_WorkspaceBuild_
 	//	*CompletedJob_TemplateImport_
 	//	*CompletedJob_TemplateDryRun_
@@ -514,7 +511,7 @@ func (x *Log) GetLevel() proto.LogLevel {
 	if x != nil {
 		return x.Level
 	}
-	return proto.LogLevel_TRACE
+	return proto.LogLevel(0)
 }
 
 func (x *Log) GetCreatedAt() int64 {
diff --git a/provisionerd/proto/provisionerd_drpc.pb.go b/provisionerd/proto/provisionerd_drpc.pb.go
index 6d73176475490..058af595809b8 100644
--- a/provisionerd/proto/provisionerd_drpc.pb.go
+++ b/provisionerd/proto/provisionerd_drpc.pb.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go-drpc. DO NOT EDIT.
-// protoc-gen-go-drpc version: v0.0.26
+// protoc-gen-go-drpc version: (devel)
 // source: provisionerd/proto/provisionerd.proto
 
 package proto
diff --git a/provisionersdk/proto/provisioner.pb.go b/provisionersdk/proto/provisioner.pb.go
index d968dbf510e0f..0742cf54cf993 100644
--- a/provisionersdk/proto/provisioner.pb.go
+++ b/provisionersdk/proto/provisioner.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.5
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.19.4
 // source: provisionersdk/proto/provisioner.proto
 
 package proto
@@ -762,7 +762,6 @@ type Agent struct {
 	Directory       string            `protobuf:"bytes,7,opt,name=directory,proto3" json:"directory,omitempty"`
 	Apps            []*App            `protobuf:"bytes,8,rep,name=apps,proto3" json:"apps,omitempty"`
 	// Types that are assignable to Auth:
-	//
 	//	*Agent_Token
 	//	*Agent_InstanceId
 	Auth                     isAgent_Auth `protobuf_oneof:"auth"`
@@ -1449,7 +1448,6 @@ type Parse_Response struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Type:
-	//
 	//	*Parse_Response_Log
 	//	*Parse_Response_Complete
 	Type isParse_Response_Type `protobuf_oneof:"type"`
@@ -1838,7 +1836,6 @@ type Provision_Request struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Type:
-	//
 	//	*Provision_Request_Plan
 	//	*Provision_Request_Apply
 	//	*Provision_Request_Cancel
@@ -2004,7 +2001,6 @@ type Provision_Response struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Type:
-	//
 	//	*Provision_Response_Log
 	//	*Provision_Response_Complete
 	Type isProvision_Response_Type `protobuf_oneof:"type"`
diff --git a/provisionersdk/proto/provisioner_drpc.pb.go b/provisionersdk/proto/provisioner_drpc.pb.go
index c990f6f645b7f..d307402447c78 100644
--- a/provisionersdk/proto/provisioner_drpc.pb.go
+++ b/provisionersdk/proto/provisioner_drpc.pb.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go-drpc. DO NOT EDIT.
-// protoc-gen-go-drpc version: v0.0.26
+// protoc-gen-go-drpc version: (devel)
 // source: provisionersdk/proto/provisioner.proto
 
 package proto

From 201d424e40f965cde1c9221d85611b8902126901 Mon Sep 17 00:00:00 2001
From: Arthur <arthur@normand.space>
Date: Wed, 25 Jan 2023 23:13:20 -0500
Subject: [PATCH 18/19] Revert provisioner files?

---
 provisionerd/proto/provisionerd.pb.go       | 9 ++++++---
 provisionerd/proto/provisionerd_drpc.pb.go  | 2 +-
 provisionersdk/proto/provisioner.pb.go      | 8 ++++++--
 provisionersdk/proto/provisioner_drpc.pb.go | 2 +-
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/provisionerd/proto/provisionerd.pb.go b/provisionerd/proto/provisionerd.pb.go
index ceb2208df7c15..ee6f8f9e01cd2 100644
--- a/provisionerd/proto/provisionerd.pb.go
+++ b/provisionerd/proto/provisionerd.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.19.4
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.21.5
 // source: provisionerd/proto/provisionerd.proto
 
 package proto
@@ -119,6 +119,7 @@ type AcquiredJob struct {
 	UserName              string `protobuf:"bytes,4,opt,name=user_name,json=userName,proto3" json:"user_name,omitempty"`
 	TemplateSourceArchive []byte `protobuf:"bytes,5,opt,name=template_source_archive,json=templateSourceArchive,proto3" json:"template_source_archive,omitempty"`
 	// Types that are assignable to Type:
+	//
 	//	*AcquiredJob_WorkspaceBuild_
 	//	*AcquiredJob_TemplateImport_
 	//	*AcquiredJob_TemplateDryRun_
@@ -250,6 +251,7 @@ type FailedJob struct {
 	JobId string `protobuf:"bytes,1,opt,name=job_id,json=jobId,proto3" json:"job_id,omitempty"`
 	Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
 	// Types that are assignable to Type:
+	//
 	//	*FailedJob_WorkspaceBuild_
 	//	*FailedJob_TemplateImport_
 	//	*FailedJob_TemplateDryRun_
@@ -360,6 +362,7 @@ type CompletedJob struct {
 
 	JobId string `protobuf:"bytes,1,opt,name=job_id,json=jobId,proto3" json:"job_id,omitempty"`
 	// Types that are assignable to Type:
+	//
 	//	*CompletedJob_WorkspaceBuild_
 	//	*CompletedJob_TemplateImport_
 	//	*CompletedJob_TemplateDryRun_
@@ -511,7 +514,7 @@ func (x *Log) GetLevel() proto.LogLevel {
 	if x != nil {
 		return x.Level
 	}
-	return proto.LogLevel(0)
+	return proto.LogLevel_TRACE
 }
 
 func (x *Log) GetCreatedAt() int64 {
diff --git a/provisionerd/proto/provisionerd_drpc.pb.go b/provisionerd/proto/provisionerd_drpc.pb.go
index 058af595809b8..6d73176475490 100644
--- a/provisionerd/proto/provisionerd_drpc.pb.go
+++ b/provisionerd/proto/provisionerd_drpc.pb.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go-drpc. DO NOT EDIT.
-// protoc-gen-go-drpc version: (devel)
+// protoc-gen-go-drpc version: v0.0.26
 // source: provisionerd/proto/provisionerd.proto
 
 package proto
diff --git a/provisionersdk/proto/provisioner.pb.go b/provisionersdk/proto/provisioner.pb.go
index 0742cf54cf993..d968dbf510e0f 100644
--- a/provisionersdk/proto/provisioner.pb.go
+++ b/provisionersdk/proto/provisioner.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.19.4
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.21.5
 // source: provisionersdk/proto/provisioner.proto
 
 package proto
@@ -762,6 +762,7 @@ type Agent struct {
 	Directory       string            `protobuf:"bytes,7,opt,name=directory,proto3" json:"directory,omitempty"`
 	Apps            []*App            `protobuf:"bytes,8,rep,name=apps,proto3" json:"apps,omitempty"`
 	// Types that are assignable to Auth:
+	//
 	//	*Agent_Token
 	//	*Agent_InstanceId
 	Auth                     isAgent_Auth `protobuf_oneof:"auth"`
@@ -1448,6 +1449,7 @@ type Parse_Response struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Type:
+	//
 	//	*Parse_Response_Log
 	//	*Parse_Response_Complete
 	Type isParse_Response_Type `protobuf_oneof:"type"`
@@ -1836,6 +1838,7 @@ type Provision_Request struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Type:
+	//
 	//	*Provision_Request_Plan
 	//	*Provision_Request_Apply
 	//	*Provision_Request_Cancel
@@ -2001,6 +2004,7 @@ type Provision_Response struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Type:
+	//
 	//	*Provision_Response_Log
 	//	*Provision_Response_Complete
 	Type isProvision_Response_Type `protobuf_oneof:"type"`
diff --git a/provisionersdk/proto/provisioner_drpc.pb.go b/provisionersdk/proto/provisioner_drpc.pb.go
index d307402447c78..c990f6f645b7f 100644
--- a/provisionersdk/proto/provisioner_drpc.pb.go
+++ b/provisionersdk/proto/provisioner_drpc.pb.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-go-drpc. DO NOT EDIT.
-// protoc-gen-go-drpc version: (devel)
+// protoc-gen-go-drpc version: v0.0.26
 // source: provisionersdk/proto/provisioner.proto
 
 package proto

From 7ce525e41628467da6149ff4731d2e9a04d96af0 Mon Sep 17 00:00:00 2001
From: Arthur Normand <arthur@normand.space>
Date: Mon, 30 Jan 2023 00:39:00 -0500
Subject: [PATCH 19/19] Fix lint error

---
 site/src/pages/LoginPage/LoginPage.test.tsx | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/site/src/pages/LoginPage/LoginPage.test.tsx b/site/src/pages/LoginPage/LoginPage.test.tsx
index 930a801af6532..f272f9198c5ac 100644
--- a/site/src/pages/LoginPage/LoginPage.test.tsx
+++ b/site/src/pages/LoginPage/LoginPage.test.tsx
@@ -98,9 +98,7 @@ describe("LoginPage", () => {
     render(<LoginPage />)
 
     // Then
-    expect(
-      await screen.queryByText(Language.passwordSignIn),
-    ).not.toBeInTheDocument()
+    expect(screen.queryByText(Language.passwordSignIn)).not.toBeInTheDocument()
     await screen.findByText(Language.githubSignIn)
   })
 
@@ -142,9 +140,7 @@ describe("LoginPage", () => {
     render(<LoginPage />)
 
     // Then
-    expect(
-      await screen.queryByText(Language.passwordSignIn),
-    ).not.toBeInTheDocument()
+    expect(screen.queryByText(Language.passwordSignIn)).not.toBeInTheDocument()
     await screen.findByText(Language.githubSignIn)
 
     const showPasswordAuthLink = screen.getByText("Show password login")