dahjah/headplane
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

feat: allow setting OIDC_CLIENT_SECRET_METHOD

Browse Source
This commit is contained in:
Aarnav Tale 2024-11-30 15:00:51 -05:00
parent a7d127c7bf
commit da0ee1382b
No known key found for this signature in database
3 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/utils/config/headplane.ts
View File

@ -28,6 +28,7 @@ export interface HeadplaneContext {
client: string
secret: string
rootKey: string
method: string
disableKeyLogin: boolean
}
}
@ -143,6 +144,7 @@ async function checkOidc(config?: HeadscaleConfig) {
let issuer = process.env.OIDC_ISSUER
let client = process.env.OIDC_CLIENT_ID
let secret = process.env.OIDC_CLIENT_SECRET
let method = process.env.OIDC_CLIENT_SECRET_METHOD ?? 'client_secret_basic'
log.debug('CTXT', 'Checking OIDC environment variables')
log.debug('CTXT', 'Issuer: %s', issuer)
@ -161,6 +163,7 @@ async function checkOidc(config?: HeadscaleConfig) {
issuer,
client,
secret,
method,
rootKey,
disableKeyLogin,
}
@ -204,6 +207,7 @@ async function checkOidc(config?: HeadscaleConfig) {
client,
secret,
rootKey,
method,
disableKeyLogin,
}
}

4
app/utils/oidc.ts
View File

@ -36,7 +36,7 @@ export async function startOidc(oidc: OidcConfig, req: Request) {
const issuerUrl = new URL(oidc.issuer)
const oidcClient = {
client_id: oidc.client,
token_endpoint_auth_method: 'client_secret_basic',
token_endpoint_auth_method: oidc.method,
} satisfies Client
const response = await discoveryRequest(issuerUrl)
@ -91,7 +91,7 @@ export async function finishOidc(oidc: OidcConfig, req: Request) {
const oidcClient = {
client_id: oidc.client,
client_secret: oidc.secret,
token_endpoint_auth_method: 'client_secret_basic',
token_endpoint_auth_method: oidc.method,
} satisfies Client
const response = await discoveryRequest(issuerUrl)

1
docs/Configuration.md
View File

@ -34,6 +34,7 @@ If you use the Headscale configuration integration, these are not required.
- **`OIDC_ISSUER`**: The issuer URL of your OIDC provider.
- **`OIDC_CLIENT_ID`**: The client ID of your OIDC provider.
- **`OIDC_CLIENT_SECRET`**: The client secret of your OIDC provider.
- **`OIDC_CLIENT_SECRET_METHOD`**: The method used to send the client secret (default: `client_secret_basic`).
- **`ROOT_API_KEY`**: An API key used to issue new ones for sessions (keep expiry fairly long).
- **`DISABLE_API_KEY_LOGIN`**: If you want to disable API key login, set this to `true`.