Add endpointOIDC expiresAt metadata (#35)

johnmaguire · web-flow · commit ff7ea2bb03ea · 2025-11-25T10:36:53.000-05:00
diff --git a/client.go b/client.go
@@ -108,7 +108,8 @@ type ConfigHost struct {
 }
 
 type ConfigEndpointOIDC struct {
-	Email string
+	Email     string
+	ExpiresAt *time.Time
 }
 
 // Enroll issues an enrollment request against the REST API using the given enrollment code, passing along a locally
@@ -185,7 +186,8 @@ func (c *Client) Enroll(ctx context.Context, logger logrus.FieldLogger, code str
 
 	if r.EndpointOIDCMeta != nil {
 		meta.EndpointOIDC = &ConfigEndpointOIDC{
-			Email: r.EndpointOIDCMeta.Email,
+			Email:     r.EndpointOIDCMeta.Email,
+			ExpiresAt: r.EndpointOIDCMeta.ExpiresAt,
 		}
 	}
 
@@ -369,7 +371,8 @@ func (c *Client) DoUpdate(ctx context.Context, creds keys.Credentials) ([]byte,
 
 	if result.EndpointOIDCMeta != nil {
 		meta.EndpointOIDC = &ConfigEndpointOIDC{
-			Email: result.EndpointOIDCMeta.Email,
+			Email:     result.EndpointOIDCMeta.Email,
+			ExpiresAt: result.EndpointOIDCMeta.ExpiresAt,
 		}
 	}
 
diff --git a/client_test.go b/client_test.go
@@ -51,6 +51,7 @@ func TestEnroll(t *testing.T) {
 	hostName := "foo host"
 	hostIP := "192.168.100.1"
 	oidcEmail := "demo@defined.net"
+	oidcExpiresAt := time.Now()
 	counter := uint(5)
 	ca, _ := dnapitest.NebulaCACert()
 	caPEM, err := ca.MarshalToPEM()
@@ -94,7 +95,8 @@ func TestEnroll(t *testing.T) {
 					IPAddress: hostIP,
 				},
 				EndpointOIDCMeta: &message.HostEndpointOIDCMetadata{
-					Email: oidcEmail,
+					Email:     oidcEmail,
+					ExpiresAt: &oidcExpiresAt,
 				},
 			},
 		})
@@ -144,6 +146,7 @@ func TestEnroll(t *testing.T) {
 	assert.Equal(t, hostName, meta.Host.Name)
 	assert.Equal(t, hostIP, meta.Host.IPAddress)
 	assert.Equal(t, oidcEmail, meta.EndpointOIDC.Email)
+	assert.WithinDuration(t, oidcExpiresAt, *meta.EndpointOIDC.ExpiresAt, 1*time.Second)
 
 	// Test error handling
 	errorMsg := "invalid enrollment code"
@@ -407,7 +410,8 @@ func TestDoUpdate(t *testing.T) {
 				IPAddress: hostIP,
 			},
 			EndpointOIDCMeta: &message.HostEndpointOIDCMetadata{
-				Email: oidcEmail,
+				Email:     oidcEmail,
+				ExpiresAt: nil,
 			},
 		}
 		rawRes := jsonMarshal(newConfigResponse)
@@ -437,6 +441,7 @@ func TestDoUpdate(t *testing.T) {
 	assert.Equal(t, hostName, meta.Host.Name)
 	assert.Equal(t, hostIP, meta.Host.IPAddress)
 	assert.Equal(t, oidcEmail, meta.EndpointOIDC.Email)
+	assert.Nil(t, meta.EndpointOIDC.ExpiresAt)
 
 }
 
diff --git a/message/message.go b/message/message.go
@@ -220,7 +220,8 @@ type HostHostMetadata struct {
 
 // HostEndpointOIDCMetadata is included in EnrollResponseData.
 type HostEndpointOIDCMetadata struct {
-	Email string `json:"email"`
+	Email     string     `json:"email"`
+	ExpiresAt *time.Time `json:"expiresAt"`
 }
 
 // PreAuthEndpoint is called when starting an OIDC auth flow.

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,8 @@ type ConfigHost struct {`
`108`	`108`	`}`
`109`	`109`
`110`	`110`	`type ConfigEndpointOIDC struct {`
`111`		`- Email string`
	`111`	`+ Email string`
	`112`	`+ ExpiresAt *time.Time`
`112`	`113`	`}`
`113`	`114`
`114`	`115`	`// Enroll issues an enrollment request against the REST API using the given enrollment code, passing along a locally`
`@@ -185,7 +186,8 @@ func (c *Client) Enroll(ctx context.Context, logger logrus.FieldLogger, code str`
`185`	`186`
`186`	`187`	`if r.EndpointOIDCMeta != nil {`
`187`	`188`	`meta.EndpointOIDC = &ConfigEndpointOIDC{`
`188`		`- Email: r.EndpointOIDCMeta.Email,`
	`189`	`+ Email: r.EndpointOIDCMeta.Email,`
	`190`	`+ ExpiresAt: r.EndpointOIDCMeta.ExpiresAt,`
`189`	`191`	`}`
`190`	`192`	`}`
`191`	`193`
`@@ -369,7 +371,8 @@ func (c *Client) DoUpdate(ctx context.Context, creds keys.Credentials) ([]byte,`
`369`	`371`
`370`	`372`	`if result.EndpointOIDCMeta != nil {`
`371`	`373`	`meta.EndpointOIDC = &ConfigEndpointOIDC{`
`372`		`- Email: result.EndpointOIDCMeta.Email,`
	`374`	`+ Email: result.EndpointOIDCMeta.Email,`
	`375`	`+ ExpiresAt: result.EndpointOIDCMeta.ExpiresAt,`
`373`	`376`	`}`
`374`	`377`	`}`
`375`	`378`
Original file line number	Diff line number	Diff line change
`@@ -220,7 +220,8 @@ type HostHostMetadata struct {`
`220`	`220`
`221`	`221`	`// HostEndpointOIDCMetadata is included in EnrollResponseData.`
`222`	`222`	`type HostEndpointOIDCMetadata struct {`
`223`		- Email string `json:"email"`
	`223`	+ Email string `json:"email"`
	`224`	+ ExpiresAt *time.Time `json:"expiresAt"`
`224`	`225`	`}`
`225`	`226`
`226`	`227`	`// PreAuthEndpoint is called when starting an OIDC auth flow.`