starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-11 11:50:30 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

[PR #2020] [MERGED] Redo OIDC configuration #2454

New Issue
Closed
opened 2025-12-29 03:21:21 +01:00 by adam · 0 comments
adam commented 2025-12-29 03:21:21 +01:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/juanfont/headscale/pull/2020
Author: @kradalby
Created: 7/19/2024
Status: Merged
Merged: 10/2/2024
Merged by: @kradalby

Base: mainHead: kradalby/oidc

📝 Commits (1)

  • 2055f3d implement auth as provider interface, dry oidc

📊 Changes

32 files changed (+606 additions, -895 deletions)

View changed files

📝 CHANGELOG.md (+14 -0)
📝 flake.nix (+1 -1)
📝 go.mod (+1 -2)
📝 go.sum (+2 -10)
📝 hscontrol/app.go (+26 -12)
📝 hscontrol/auth.go (+10 -31)
📝 hscontrol/db/db.go (+20 -8)
📝 hscontrol/db/db_test.go (+7 -1)
📝 hscontrol/db/node.go (+30 -38)
📝 hscontrol/db/preauth_keys.go (+4 -2)
📝 hscontrol/db/routes.go (+1 -1)
📝 hscontrol/db/routes_test.go (+1 -0)
📝 hscontrol/db/suite_test.go (+1 -0)
📝 hscontrol/db/users.go (+44 -8)
📝 hscontrol/db/users_test.go (+3 -3)
📝 hscontrol/grpcv1.go (+15 -15)
📝 hscontrol/handlers.go (+20 -2)
📝 hscontrol/mapper/mapper.go (+3 -30)
📝 hscontrol/mapper/mapper_test.go (+6 -8)
📝 hscontrol/mapper/tail.go (+1 -1)

...and 12 more files

📄 Description

thoughts

Copy of Changelog:

  • Remove dns.use_username_in_magic_dns configuration option #2020
    • Having usernames in magic DNS is no longer possible.
  • Redo OpenID Connect configuration #2020
    • strip_email_domain has been removed, domain is always part of the username for OIDC.
    • Users are now identified by sub claim in the ID token instead of username, allowing the username, name and email to be updated.
    • User has been extended to store username, display name, profile picture url and email.
      • These fields are forwarded to the client, and shows up nicely in the user switcher.
      • These fields can be made available via the API/CLI for non-OIDC users in the future.

Related issues:

Closes #1990
Closes #1980
Closes #1981
Closes #1997
Closes #1594
Closes #938

These are closed as we will not support custom features outside of the OIDC standard.
Closes #1858
Closes #1934

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features

    • Enhanced user management with additional fields for display names, email addresses, and profile pictures.
    • Significant updates to OpenID Connect configuration, including the removal of strip_email_domain and a shift to using the sub claim for user identification.

  • Bug Fixes

    • Improved error handling throughout authentication and user management processes.

  • Refactor

    • Simplified authentication mechanisms by introducing an AuthProvider interface.
    • Streamlined user identification methods and removed deprecated configurations for clarity.
    • Adjusted DNS configuration handling by eliminating the use of usernames in MagicDNS.

  • Documentation

    • Updated CHANGELOG.md to reflect changes in configuration and user identification mechanisms.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/juanfont/headscale/pull/2020 **Author:** [@kradalby](https://github.com/kradalby) **Created:** 7/19/2024 **Status:** ✅ Merged **Merged:** 10/2/2024 **Merged by:** [@kradalby](https://github.com/kradalby) **Base:** `main` ← **Head:** `kradalby/oidc` --- ### 📝 Commits (1) - [`2055f3d`](https://github.com/juanfont/headscale/commit/2055f3d3a8805d5f11ffb2f0d8af39f52cfb4a26) implement auth as provider interface, dry oidc ### 📊 Changes **32 files changed** (+606 additions, -895 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+14 -0) 📝 `flake.nix` (+1 -1) 📝 `go.mod` (+1 -2) 📝 `go.sum` (+2 -10) 📝 `hscontrol/app.go` (+26 -12) 📝 `hscontrol/auth.go` (+10 -31) 📝 `hscontrol/db/db.go` (+20 -8) 📝 `hscontrol/db/db_test.go` (+7 -1) 📝 `hscontrol/db/node.go` (+30 -38) 📝 `hscontrol/db/preauth_keys.go` (+4 -2) 📝 `hscontrol/db/routes.go` (+1 -1) 📝 `hscontrol/db/routes_test.go` (+1 -0) 📝 `hscontrol/db/suite_test.go` (+1 -0) 📝 `hscontrol/db/users.go` (+44 -8) 📝 `hscontrol/db/users_test.go` (+3 -3) 📝 `hscontrol/grpcv1.go` (+15 -15) 📝 `hscontrol/handlers.go` (+20 -2) 📝 `hscontrol/mapper/mapper.go` (+3 -30) 📝 `hscontrol/mapper/mapper_test.go` (+6 -8) 📝 `hscontrol/mapper/tail.go` (+1 -1) _...and 12 more files_ </details> ### 📄 Description [thoughts](https://docs.google.com/document/d/1X85PMxIaVWDF6T_UPji3OeeUqVBcGj_uHRM5CI-AwlY) Copy of Changelog: - Remove `dns.use_username_in_magic_dns` configuration option [#2020](https://github.com/juanfont/headscale/pull/2020) - Having usernames in magic DNS is no longer possible. - Redo OpenID Connect configuration [#2020](https://github.com/juanfont/headscale/pull/2020) - `strip_email_domain` has been removed, domain is _always_ part of the username for OIDC. - Users are now identified by `sub` claim in the ID token instead of username, allowing the username, name and email to be updated. - User has been extended to store username, display name, profile picture url and email. - These fields are forwarded to the client, and shows up nicely in the user switcher. - These fields can be made available via the API/CLI for non-OIDC users in the future. Related issues: Closes #1990 Closes #1980 Closes #1981 Closes #1997 Closes #1594 Closes #938 These are closed as we will not support custom features outside of the OIDC standard. Closes #1858 Closes #1934 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit - **New Features** - Enhanced user management with additional fields for display names, email addresses, and profile pictures. - Significant updates to OpenID Connect configuration, including the removal of `strip_email_domain` and a shift to using the `sub` claim for user identification. - **Bug Fixes** - Improved error handling throughout authentication and user management processes. - **Refactor** - Simplified authentication mechanisms by introducing an `AuthProvider` interface. - Streamlined user identification methods and removed deprecated configurations for clarity. - Adjusted DNS configuration handling by eliminating the use of usernames in MagicDNS. - **Documentation** - Updated `CHANGELOG.md` to reflect changes in configuration and user identification mechanisms. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
adam added the pull-request label 2025-12-29 03:21:21 +01:00
adam closed this issue 2025-12-29 03:21:21 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#2454
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?