diff --git a/machine.go b/machine.go index 0b38f52c..90ddb958 100644 --- a/machine.go +++ b/machine.go @@ -873,6 +873,7 @@ func (h *Headscale) RegisterMachineFromAuthCallback( Str("nodeKey", nodeKey.ShortString()). Str("namespaceName", namespaceName). Str("registrationMethod", registrationMethod). + Str("expiresAt", fmt.Sprintf("%v", machineExpiry)). Msg("Registering machine from API/CLI or auth callback") if machineInterface, ok := h.registrationCache.Get(NodePublicKeyStripPrefix(nodeKey)); ok { diff --git a/oidc.go b/oidc.go index 8c7e8304..e321ef58 100644 --- a/oidc.go +++ b/oidc.go @@ -218,7 +218,7 @@ func (h *Headscale) OIDCCallback( return } - nodeKey, machineExists, err := h.validateMachineForOIDCCallback(writer, state, claims) + nodeKey, machineExists, err := h.validateMachineForOIDCCallback(writer, state, claims, idToken.Expiry) if err != nil || machineExists { return } @@ -476,6 +476,7 @@ func (h *Headscale) validateMachineForOIDCCallback( writer http.ResponseWriter, state string, claims *IDTokenClaims, + expiry time.Time, ) (*key.NodePublic, bool, error) { // retrieve machinekey from state cache nodeKeyIf, nodeKeyFound := h.registrationCache.Get(state) @@ -546,7 +547,7 @@ func (h *Headscale) validateMachineForOIDCCallback( Str("machine", machine.Hostname). Msg("machine already registered, reauthenticating") - err := h.RefreshMachine(machine, time.Time{}) + err := h.RefreshMachine(machine, expiry) if err != nil { log.Error(). Caller(). @@ -560,6 +561,10 @@ func (h *Headscale) validateMachineForOIDCCallback( return nil, true, err } + log.Debug(). + Str("machine", machine.Hostname). + Str("expiresAt", fmt.Sprintf("%v", expiry)). + Msg("successfully refreshed machine") var content bytes.Buffer if err := oidcCallbackTemplate.Execute(&content, oidcCallbackTemplateConfig{