[PR #2752] [CLOSED] fix: return valid AuthUrl in followup request on expired reg id #2836

New Issue

adam · 2025-12-29T04:19:15+01:00

adam commented

2025-12-29 04:19:15 +01:00

📋 Pull Request Information

Original PR: https://github.com/juanfont/headscale/pull/2752
Author: @bobelev
Created: 8/29/2025
Status: ❌ Closed

Base: main ← Head: bblv/auth-followup

📝 Commits (2)

2174f6d chore: make reg cache expiry tunable
75217c4 fix: return valid AuthUrl in followup request on expired reg id

📊 Changes

6 files changed (+183 additions, -9 deletions)

View changed files

📝 hscontrol/app.go (+1 -0)
📝 hscontrol/auth.go (+38 -5)
📝 hscontrol/oidc.go (+13 -2)
📝 hscontrol/state/state.go (+22 -2)
📝 hscontrol/types/config.go (+4 -0)
📝 integration/auth_oidc_test.go (+105 -0)

📄 Description

chore: make reg cache expiry tunable
fix: return valid AuthUrl in followup request on expired reg id

have read the CONTRIBUTING.md file
raised a GitHub issue or discussed it on the projects chat beforehand
added unit tests
added integration tests
updated documentation if needed
updated CHANGELOG.md

Info:

tailscale client gets a new AuthUrl and sets entry in the regcache
regcache entry expires
client doesn't know about that
client always polls followup request а gets error

When user clicks "Login" in the app (after cache expiry), they visit
invalid URL and get "node not found in registration cache". Some clients
on Windows for e.g. can't get a new AuthUrl without restart the app.

To fix that we can issue a new reg id and return user a new valid
AuthUrl.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/juanfont/headscale/pull/2752 **Author:** [@bobelev](https://github.com/bobelev) **Created:** 8/29/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `bblv/auth-followup` --- ### 📝 Commits (2) - [`2174f6d`](https://github.com/juanfont/headscale/commit/2174f6d0b982a4b7787b86319f236d8eeb9b923b) chore: make reg cache expiry tunable - [`75217c4`](https://github.com/juanfont/headscale/commit/75217c4579a6915b5ad7ada1b47c8160b2f3d561) fix: return valid AuthUrl in followup request on expired reg id ### 📊 Changes **6 files changed** (+183 additions, -9 deletions) <details> <summary>View changed files</summary> 📝 `hscontrol/app.go` (+1 -0) 📝 `hscontrol/auth.go` (+38 -5) 📝 `hscontrol/oidc.go` (+13 -2) 📝 `hscontrol/state/state.go` (+22 -2) 📝 `hscontrol/types/config.go` (+4 -0) 📝 `integration/auth_oidc_test.go` (+105 -0) </details> ### 📄 Description - **chore: make reg cache expiry tunable** - **fix: return valid AuthUrl in followup request on expired reg id**  - [x] have read the [CONTRIBUTING.md](./CONTRIBUTING.md) file - [ ] raised a GitHub issue or discussed it on the projects chat beforehand - [ ] added unit tests - [x] added integration tests - [ ] updated documentation if needed - [ ] updated CHANGELOG.md Info: - tailscale client gets a new AuthUrl and sets entry in the regcache - regcache entry expires - client doesn't know about that - client always polls followup request а gets error When user clicks "Login" in the app (after cache expiry), they visit invalid URL and get "node not found in registration cache". Some clients on Windows for e.g. can't get a new AuthUrl without restart the app. To fix that we can issue a new reg id and return user a new valid AuthUrl. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 04:19:15 +01:00

adam closed this issue

2025-12-29 04:19:15 +01:00

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#2836