Skip to content

Add endpointOIDC expiresAt metadata #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
johnmaguire merged 1 commit into from
Nov 25, 2025
Merged

Add endpointOIDC expiresAt metadata #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,8 @@ type ConfigHost struct {
}

type ConfigEndpointOIDC struct {
Email string
Email string
ExpiresAt *time.Time
}

// Enroll issues an enrollment request against the REST API using the given enrollment code, passing along a locally
Expand Down Expand Up @@ -185,7 +186,8 @@ func (c *Client) Enroll(ctx context.Context, logger logrus.FieldLogger, code str

if r.EndpointOIDCMeta != nil {
meta.EndpointOIDC = &ConfigEndpointOIDC{
Email: r.EndpointOIDCMeta.Email,
Email: r.EndpointOIDCMeta.Email,
ExpiresAt: r.EndpointOIDCMeta.ExpiresAt,
}
}

Expand Down Expand Up @@ -369,7 +371,8 @@ func (c *Client) DoUpdate(ctx context.Context, creds keys.Credentials) ([]byte,

if result.EndpointOIDCMeta != nil {
meta.EndpointOIDC = &ConfigEndpointOIDC{
Email: result.EndpointOIDCMeta.Email,
Email: result.EndpointOIDCMeta.Email,
ExpiresAt: result.EndpointOIDCMeta.ExpiresAt,
}
}

Expand Down
9 changes: 7 additions & 2 deletions client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ func TestEnroll(t *testing.T) {
hostName := "foo host"
hostIP := "192.168.100.1"
oidcEmail := "demo@defined.net"
oidcExpiresAt := time.Now()
counter := uint(5)
ca, _ := dnapitest.NebulaCACert()
caPEM, err := ca.MarshalToPEM()
Expand Down Expand Up @@ -94,7 +95,8 @@ func TestEnroll(t *testing.T) {
IPAddress: hostIP,
},
EndpointOIDCMeta: &message.HostEndpointOIDCMetadata{
Email: oidcEmail,
Email: oidcEmail,
ExpiresAt: &oidcExpiresAt,
},
},
})
Expand Down Expand Up @@ -144,6 +146,7 @@ func TestEnroll(t *testing.T) {
assert.Equal(t, hostName, meta.Host.Name)
assert.Equal(t, hostIP, meta.Host.IPAddress)
assert.Equal(t, oidcEmail, meta.EndpointOIDC.Email)
assert.WithinDuration(t, oidcExpiresAt, *meta.EndpointOIDC.ExpiresAt, 1*time.Second)

// Test error handling
errorMsg := "invalid enrollment code"
Expand Down Expand Up @@ -407,7 +410,8 @@ func TestDoUpdate(t *testing.T) {
IPAddress: hostIP,
},
EndpointOIDCMeta: &message.HostEndpointOIDCMetadata{
Email: oidcEmail,
Email: oidcEmail,
ExpiresAt: nil,
},
}
rawRes := jsonMarshal(newConfigResponse)
Expand Down Expand Up @@ -437,6 +441,7 @@ func TestDoUpdate(t *testing.T) {
assert.Equal(t, hostName, meta.Host.Name)
assert.Equal(t, hostIP, meta.Host.IPAddress)
assert.Equal(t, oidcEmail, meta.EndpointOIDC.Email)
assert.Nil(t, meta.EndpointOIDC.ExpiresAt)

}

Expand Down
3 changes: 2 additions & 1 deletion message/message.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,8 @@ type HostHostMetadata struct {

// HostEndpointOIDCMetadata is included in EnrollResponseData.
type HostEndpointOIDCMetadata struct {
Email string `json:"email"`
Email string `json:"email"`
ExpiresAt *time.Time `json:"expiresAt"`
}

// PreAuthEndpoint is called when starting an OIDC auth flow.
Expand Down
Loading