[PR #1067] [MERGED] OIDC: Expire machines/nodes after token expiry #1852

New Issue

adam · 2025-12-29T02:31:58+01:00

adam commented

2025-12-29 02:31:58 +01:00

📋 Pull Request Information

Original PR: https://github.com/juanfont/headscale/pull/1067
Author: @evenh
Created: 12/15/2022
Status: ✅ Merged
Merged: 1/4/2023
Merged by: @kradalby

Base: main ← Head: oidc-expire-nodes

📝 Commits (5)

a4d2d2f add expiration from OIDC token to machine
f687b3c expire machines after db expiry
bcae0a3 oidc: add test for expiring nodes after token expiration
4466b53 oidc: add basic docs
e1d9404 oidc: update changelog

📊 Changes

10 files changed (+342 additions, -30 deletions)

View changed files

📝 CHANGELOG.md (+1 -0)
📝 app.go (+57 -0)
📝 cmd/headscale/cli/mockoidc.go (+12 -1)
📝 docs/README.md (+1 -0)
➕ docs/oidc.md (+137 -0)
📝 grpcv1.go (+1 -0)
📝 integration/auth_oidc_test.go (+107 -28)
📝 integration/dockertestutil/network.go (+18 -0)
📝 machine.go (+5 -0)
📝 oidc.go (+3 -1)

📄 Description

read the CONTRIBUTING guidelines
raised a GitHub issue or discussed it on the projects chat beforehand
added unit tests
added integration tests
updated documentation if needed
updated CHANGELOG.md

This PR seems to work (at least headscale mockoidc and Azure AD) for my use case.

Fixes #935.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/juanfont/headscale/pull/1067 **Author:** [@evenh](https://github.com/evenh) **Created:** 12/15/2022 **Status:** ✅ Merged **Merged:** 1/4/2023 **Merged by:** [@kradalby](https://github.com/kradalby) **Base:** `main` ← **Head:** `oidc-expire-nodes` --- ### 📝 Commits (5) - [`a4d2d2f`](https://github.com/juanfont/headscale/commit/a4d2d2f913a5de2940eb93062ab30495e04fb799) add expiration from OIDC token to machine - [`f687b3c`](https://github.com/juanfont/headscale/commit/f687b3c99ff41f69af0b47b85d59c3e8f6a0ec89) expire machines after db expiry - [`bcae0a3`](https://github.com/juanfont/headscale/commit/bcae0a3225e52039c9137fa2e7025552098ea455) oidc: add test for expiring nodes after token expiration - [`4466b53`](https://github.com/juanfont/headscale/commit/4466b5354521e6267346f7f59d5ace3f71083d3b) oidc: add basic docs - [`e1d9404`](https://github.com/juanfont/headscale/commit/e1d940450e07bab6723d2dc4806cd63afaf8fdbc) oidc: update changelog ### 📊 Changes **10 files changed** (+342 additions, -30 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+1 -0) 📝 `app.go` (+57 -0) 📝 `cmd/headscale/cli/mockoidc.go` (+12 -1) 📝 `docs/README.md` (+1 -0) ➕ `docs/oidc.md` (+137 -0) 📝 `grpcv1.go` (+1 -0) 📝 `integration/auth_oidc_test.go` (+107 -28) 📝 `integration/dockertestutil/network.go` (+18 -0) 📝 `machine.go` (+5 -0) 📝 `oidc.go` (+3 -1) </details> ### 📄 Description  - [x] read the [CONTRIBUTING guidelines](README.md#contributing) - [x] raised a GitHub issue or discussed it on the projects chat beforehand - [ ] added unit tests - [x] added integration tests - [x] updated documentation if needed - [x] updated CHANGELOG.md  ![expires-soon](https://user-images.githubusercontent.com/2701536/207783887-6f325fc1-6717-4102-a267-65678b4673e8.png) ![expired](https://user-images.githubusercontent.com/2701536/207783909-4111b8c8-27f0-4053-81e0-b1ca0fb8b781.png) This PR seems to work (at least `headscale mockoidc` and Azure AD) for my use case. Fixes #935. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 02:31:58 +01:00

adam closed this issue

2025-12-29 02:31:58 +01:00

adam referenced this issue

2025-12-29 03:20:53 +01:00

[PR #1854] [MERGED] docs: Add FAQ question about using the same machine as server and client #2351

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#1852