starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-24 17:48:49 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

types: add node.expiry config, deprecate oidc.expiry

Browse Source 
Introduce a structured NodeConfig that replaces the flat
EphemeralNodeInactivityTimeout field with a nested Node section.

Add node.expiry config (default: no expiry) as the unified default key
expiry for all non-tagged nodes regardless of registration method.

Remove oidc.expiry entirely — node.expiry now applies to OIDC nodes
the same as all other registration methods. Using oidc.expiry in the
config is a hard error. determineNodeExpiry() returns nil (no expiry)
unless use_expiry_from_token is enabled, letting state.go apply the
node.expiry default uniformly.

The old ephemeral_node_inactivity_timeout key is preserved for
backwards compatibility.

Updates #1711
This commit is contained in:
Kristoffer Dalby
2026-03-01 22:53:26 +00:00
parent 23a5f1b628
commit 4d0b273b90
7 changed files with 171 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hscontrol/oidc.go
View File

@@ -383,12 +383,12 @@ func (a *AuthProviderOIDC) OIDCCallbackHandler(
}
}
func (a *AuthProviderOIDC) determineNodeExpiry(idTokenExpiration time.Time) time.Time {
func (a *AuthProviderOIDC) determineNodeExpiry(idTokenExpiration time.Time) *time.Time {
if a.cfg.UseExpiryFromToken {
return idTokenExpiration
return &idTokenExpiration
}
return time.Now().Add(a.cfg.Expiry)
return nil
}
func extractCodeAndStateParamFromRequest(
@@ -602,12 +602,12 @@ func (a *AuthProviderOIDC) createOrUpdateUserFromClaim(
func (a *AuthProviderOIDC) handleRegistration(
user *types.User,
registrationID types.AuthID,
expiry time.Time,
expiry *time.Time,
) (bool, error) {
node, nodeChange, err := a.h.state.HandleNodeFromAuthPath(
registrationID,
types.UserID(user.ID),
&expiry,
expiry,
util.RegisterMethodOIDC,
)
if err != nil {