headscale icon indicating copy to clipboard operation
headscale copied to clipboard

Published 20 hours ago verified publisher icon juanfont

[Feature] OIDC DisplayName and ProfilePicURL support

Open adipierro opened this issue 8 months ago • 0 comments

Use case

Mostly improves appearance, but probably also usability for users with multiple tailnets.

Description

DisplayName, ProfilePicURL and Email (optional) are used and pushed to clients if user is logged in from OIDC

Contribution

  • [X] I can write the design doc for this feature
  • [X] I can contribute this feature

How can it be implemented?

After OIDC login, if ProfilePicUrl and/or DisplayName is provided, it is set in DB in case it differs from saved state, then pushed to clients.

Currently DisplayName on macOS and Windows is only displayed in IPN settings, while LoginName ([email protected]) is used as primary identifier for Fast User Switching UI.

LoginName in UserProfile in tailcfg is expected to be an email in SaaS, which is not the case how it works in Headscale now, if username is stripped from email domain after login, it is just a username. However, if username email domain stripping is enabled, MagicDNS is not working correctly ('@' appears in FQDN), but I should probably create another issue for this.

I have implemented and tested experimental support for this (except Email) in my fork, but I don't have good programming skills, and probably might need help with design doc, as I'm sure my implementation is not ideal.

Draft PR is here https://github.com/juanfont/headscale/pull/1981.

macOS Windows
macOS Windows

adipierro avatar Jun 17 '24 01:06 adipierro