feat: add OAuth client secret authentication support #66
Conversation
DAcodedBEAT
force-pushed
the
feat/tailscale-oauth-client-support
branch
2 times, most recently
from
afe2d94 to
bc48a02
Compare
tsidp-server.go
Outdated
|
|
||
| // Configure OAuth client secret and advertise tags if provided via environment variables | ||
| if oauthClientSecret != "" { | ||
| if advertiseTags == "" { |
There was a problem hiding this comment.
You can also omit this check (which you'd have to do if you implement my other suggestion) because ts.Up() will eventually perform that check
|
Also, if you change "Relates to" to "Updates" that would fit our commit guidelines better 😄 |
- Add OAuth client secret authentication as alternative to traditional auth keys - Update documentation with OAuth configuration and minor cleanup - Upgrade to Golang 1.25.1 (required for upgraded tailscale dep for oauth support) Signed-off-by: Arun Philip <[email protected]>
DAcodedBEAT
force-pushed
the
feat/tailscale-oauth-client-support
branch
from
bc48a02 to
2bca504
Compare
@mikeodr It looks like Tailscale v1.88.1 (released Sep 11, 2025) updated Go to 1.25.1, and the OAuth support in tsnet authkeys was merged on Sep 19, 2025 and released in v1.88.3 (Sep 25, 2025). Should this PR align with the Go version currently used by Tailscale? (Mainly asking to better understand the development process.) |
|
It's fine to want to align them. But it should be a separate PR. Isolation of changes if we need to revert etc. |
|
btw @remyguercio flagged for me that there's some issues that cause Go 1.25 to fail govulncheck (golang/go#73871). we've apparently fixed this in our fork (tailscale/go#133) so we probably need to wait until either a fix is in upstream or we start using the forked compiler here |
@mikeodr I don't see how we can update the tailscale package without updating the Golang version. From the module information for this version: {
"Path": "tailscale.com",
"Version": "v1.88.3",
"Time": "2025-09-25T13:04:46Z",
"Dir": "/Users/Arun/go/1.25.0/pkg/mod/[email protected]",
"GoMod": "/Users/Arun/go/1.25.0/pkg/mod/cache/download/tailscale.com/@v/v1.88.3.mod",
"GoVersion": "1.25.1",
"Sum": "h1:OiE6iVqzykhbITxmIKjH8d00cw0LsJFO3TuFd4jQVXU=",
"GoModSum": "h1:LHaTiwRgzebPDLgZ6RQQVzX+1SR5fbNl51fzm7UtMaw=",
"Origin": {
"VCS": "git",
"URL": "https://github.com/tailscale/tailscale",
"Hash": "9961c097b1781891e3c6b96e5e1194355ff06a6d",
"Ref": "refs/tags/v1.88.3"
}
}Even checking the earlier version: {
"Path": "tailscale.com",
"Version": "v1.88.1",
"Time": "2025-09-11T19:13:06Z",
"GoMod": "/Users/Arun/go/1.25.0/pkg/mod/cache/download/tailscale.com/@v/v1.88.1.mod",
"GoVersion": "1.25.1",
"Origin": {
"VCS": "git",
"URL": "https://github.com/tailscale/tailscale",
"Hash": "0d95d67a807222c4d5bf4fdcfc1a391683cc1501",
"Ref": "refs/tags/v1.88.1"
}
}And the original version used prior to this PR: {
"Path": "tailscale.com",
"Version": "v1.86.5",
"Time": "2025-08-22T16:30:19Z",
"Dir": "/Users/Arun/go/1.25.0/pkg/mod/[email protected]",
"GoMod": "/Users/Arun/go/1.25.0/pkg/mod/cache/download/tailscale.com/@v/v1.86.5.mod",
"GoVersion": "1.24.4",
"Origin": {
"VCS": "git",
"URL": "https://github.com/tailscale/tailscale",
"Hash": "db392aed39630023f969e1961fcbced785d09358",
"Ref": "refs/tags/v1.86.5"
}
}
and every time I try to downgrade and re-install the package, @tendstofortytwo understood and thanks for the update, feel free to do whatever you want with this PR - this was primary to hopefully alleviate the tailscale team of the dev work and to express interest in this feature :) |
|
I think what Mike is asking for there is for there to first be a PR updating Go 1.25 (which has the caveats as I said), and then this PR can rebase onto that and merge with just the relevant change. It's nice to split the two so that if there's a problem we can revert only the problematic part |
3 participants
Closes #49
Updates tailscale/tailscale#17191