Skip to content

Link OIDC users to Headscale users via providerId#479

Open
drifterza wants to merge 1 commit intotale:mainfrom
drifterza:fix/issue-387-oidc-reconciliation
Open

Link OIDC users to Headscale users via providerId#479
drifterza wants to merge 1 commit intotale:mainfrom
drifterza:fix/issue-387-oidc-reconciliation

Conversation

@drifterza
Copy link
Contributor

@drifterza drifterza commented Feb 27, 2026
edited
Loading

Related to #387

When oidc.integrate_headscale is enabled, Headplane matches the OIDC subject to Headscale users by extracting the subject from their providerId field (format: oidc/subject123). The matched Headscale user ID is stored in the database for future permission assignment.

Changes:

  • Added headscale_user_id column to users table via migration
  • Added integrate_headscale config option under oidc section
  • OIDC callback queries Headscale API to find matching users
  • Links are stored and updated on each login

API key authentication continues to work without onboarding (handled by existing shell loader check).

This PR handles the backend OIDC linking. See #481 for the complementary onboarding UI changes.

@drifterza drifterza requested a review from tale as a code owner February 27, 2026 10:37
@drifterza drifterza force-pushed the fix/issue-387-oidc-reconciliation branch 4 times, most recently from 54c3717 to 1d502bb Compare February 27, 2026 11:01
@drifterza drifterza force-pushed the fix/issue-387-oidc-reconciliation branch from 1d502bb to b4a99cd Compare February 27, 2026 11:09
This was referenced Feb 27, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tale tale Awaiting requested review from tale tale is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@drifterza