add expiration from OIDC token to machine

grpcv1.go

@@ -176,6 +176,7 @@ func (api headscaleV1APIServer) RegisterMachine(
 	machine, err := api.h.RegisterMachineFromAuthCallback(
 		request.GetKey(),
 		request.GetNamespace(),
+		nil,
 		RegisterMethodCLI,
 	)
 	if err != nil {

machine.go

@@ -852,6 +852,7 @@ func getTags(
 func (h *Headscale) RegisterMachineFromAuthCallback(
 	nodeKeyStr string,
 	namespaceName string,
+	machineExpiry *time.Time,
 	registrationMethod string,
 ) (*Machine, error) {
 	nodeKey := key.NodePublic{}
@@ -885,6 +886,10 @@ func (h *Headscale) RegisterMachineFromAuthCallback(
 			registrationMachine.NamespaceID = namespace.ID
 			registrationMachine.RegisterMethod = registrationMethod
 
+			if machineExpiry != nil {
+				registrationMachine.Expiry = machineExpiry
+			}
+
 			machine, err := h.RegisterMachine(
 				registrationMachine,
 			)

oidc.go

@@ -236,7 +236,7 @@ func (h *Headscale) OIDCCallback(
 		return
 	}
 
-	if err := h.registerMachineForOIDCCallback(writer, namespace, nodeKey); err != nil {
+	if err := h.registerMachineForOIDCCallback(writer, namespace, nodeKey, idToken.Expiry); err != nil {
 		return
 	}
 
@@ -679,10 +679,12 @@ func (h *Headscale) registerMachineForOIDCCallback(
 	writer http.ResponseWriter,
 	namespace *Namespace,
 	nodeKey *key.NodePublic,
+	expiry time.Time,
 ) error {
 	if _, err := h.RegisterMachineFromAuthCallback(
 		nodeKey.String(),
 		namespace.Name,
+		&expiry,
 		RegisterMethodOIDC,
 	); err != nil {
 		log.Error().