From 61ebb713f298564db76c43ef14046ed5d0b597ab Mon Sep 17 00:00:00 2001 From: Adrien Raffin-Caboisse Date: Fri, 18 Mar 2022 09:32:07 +0100 Subject: [PATCH 1/3] fix(oidc): Reset expiry for reauthentication The previous code resetted the expiry time to be expired. So the machine was never reauthenticated --- oidc.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oidc.go b/oidc.go index 29ce351f..65e2807f 100644 --- a/oidc.go +++ b/oidc.go @@ -10,6 +10,7 @@ import ( "html/template" "net/http" "strings" + "time" "github.com/coreos/go-oidc/v3/oidc" "github.com/gin-gonic/gin" @@ -229,7 +230,7 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) { Str("machine", machine.Name). Msg("machine already registered, reauthenticating") - h.RefreshMachine(machine, *machine.Expiry) + h.RefreshMachine(machine, time.Time{}) var content bytes.Buffer if err := oidcCallbackTemplate.Execute(&content, oidcCallbackTemplateConfig{ From 882c0c34c11596e2442a4fb4ab2034323d437215 Mon Sep 17 00:00:00 2001 From: Adrien Raffin-Caboisse Date: Fri, 18 Mar 2022 09:34:18 +0100 Subject: [PATCH 2/3] chore(changelog): update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ce0c35b..6c943940 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ - Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374) - Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371) - Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations [#363](https://github.com/juanfont/headscale/issues/363) +- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508) ## 0.14.0 (2022-02-24) From 2e04abf4bb1f75d81726f04dc8ab5fc39ed4d183 Mon Sep 17 00:00:00 2001 From: Adrien Raffin-Caboisse Date: Fri, 18 Mar 2022 09:40:12 +0100 Subject: [PATCH 3/3] feat(oidc): add debug log --- oidc.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/oidc.go b/oidc.go index 29ce351f..e9f9d302 100644 --- a/oidc.go +++ b/oidc.go @@ -129,6 +129,10 @@ func (h *Headscale) OIDCCallback(ctx *gin.Context) { oauth2Token, err := h.oauth2Config.Exchange(context.Background(), code) if err != nil { + log.Error(). + Err(err). + Caller(). + Msg("Could not exchange code for token") ctx.String(http.StatusBadRequest, "Could not exchange code for token") return