iFargle
commented
1 year ago This seems more of an issue with Headscale than headscale-webui, no?
This UI does nothing with the ACL's in Headscale yet.
Open vbrandl opened 1 year ago
iFargle
commented
1 year ago This seems more of an issue with Headscale than headscale-webui, no?
This UI does nothing with the ACL's in Headscale yet.
vbrandl
commented
1 year ago Maybe I misunderstood the OIDC auth. I thought it is used to make only user specific settings available. But since an API key is used to call the headscale API, the permissions of that API key are used for everyone
iFargle
commented
1 year ago Yep, it's pretty simplistic :) OIDC auth is only for auth to headscale-webui itself -- Completely detached from headscale currently.
I'm using Authelia as OIDC provider to authenticate in headscale-webui. In my headscale ACL, I configured a non-existent user as the tagOwner for
testtag:Then I logged into headscale-webui and tagged a device with
testtag. I would expect this to fail but the tag was created.