Preserve current behaviour with a config flag

Add a configuration flag (default true to preserve current behaviour) to allow headscale to start without OIDC being able to initialise. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-10-28 10:51:44 +01:00 · 2022-09-26 09:57:28 +02:00 · 2022-09-26 09:57:28 +02:00 · fb25a06a66
commit fb25a06a66
parent dbe58e53e4
2 changed files with 16 additions and 9 deletions
--- a/app.go
+++ b/app.go
@ -192,7 +192,9 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {

 	if cfg.OIDC.Issuer != "" {
 		err = app.initOIDC()
-		if err != nil {
+		if err != nil && cfg.OIDC.OnlyStartIfOIDCIsAvailable {
+			return nil, err
+		} else {
 			log.Warn().Err(err).Msg("failed to set up OIDC provider, falling back to CLI based authentication")
 		}
 	}
--- a/config.go
+++ b/config.go
@ -90,14 +90,15 @@ type LetsEncryptConfig struct {
 }

 type OIDCConfig struct {
-	Issuer           string
-	ClientID         string
-	ClientSecret     string
-	Scope            []string
-	ExtraParams      map[string]string
-	AllowedDomains   []string
-	AllowedUsers     []string
-	StripEmaildomain bool
+	OnlyStartIfOIDCIsAvailable bool
+	Issuer                     string
+	ClientID                   string
+	ClientSecret               string
+	Scope                      []string
+	ExtraParams                map[string]string
+	AllowedDomains             []string
+	AllowedUsers               []string
+	StripEmaildomain           bool
 }

 type DERPConfig struct {
@ -174,6 +175,7 @@ func LoadConfig(path string, isFile bool) error {

 	viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
 	viper.SetDefault("oidc.strip_email_domain", true)
+	viper.SetDefault("oidc.only_start_if_oidc_is_available", true)

 	viper.SetDefault("logtail.enabled", false)
 	viper.SetDefault("randomize_client_port", false)
@ -559,6 +561,9 @@ func GetHeadscaleConfig() (*Config, error) {
 		UnixSocketPermission: GetFileMode("unix_socket_permission"),

 		OIDC: OIDCConfig{
+			OnlyStartIfOIDCIsAvailable: viper.GetBool(
+				"oidc.only_start_if_oidc_is_available",
+			),
 			Issuer:           viper.GetString("oidc.issuer"),
 			ClientID:         viper.GetString("oidc.client_id"),
 			ClientSecret:     viper.GetString("oidc.client_secret"),