feat: add query arg for oidc expiration (#7312)

hugocasa · windmill-internal-app[bot] · web-flow · commit e6adf16fc9e8 · 2025-12-08T18:00:51.000Z
* feat: add query arg for oidc expiration

* Update ee-repo-ref.txt

* Update ee-repo-ref.txt

---------

Co-authored-by: windmill-internal-app[bot] &lt;windmill-internal-app[bot]@users.noreply.github.com&gt;
diff --git a/backend/ee-repo-ref.txt b/backend/ee-repo-ref.txt
@@ -1 +1 @@
-c559aa1896dafc98a5000ce1a77bd28a9e087363
+0d72102809e766d5285a162dcc30055847700ee2
diff --git a/backend/windmill-api/openapi.yaml b/backend/windmill-api/openapi.yaml
@@ -3467,6 +3467,10 @@ paths:
           required: true
           schema:
             type: string
+        - name: expires_in
+          in: query
+          schema:
+            type: number
 
       responses:
         "200":
diff --git a/python-client/wmill/wmill/client.py b/python-client/wmill/wmill/client.py
@@ -413,8 +413,11 @@ def get_root_job_id(self, job_id: str | None = None) -> dict:
         job_id = job_id or os.environ.get("WM_JOB_ID")
         return self.get(f"/w/{self.workspace}/jobs_u/get_root_job_id/{job_id}").json()
 
-    def get_id_token(self, audience: str) -> str:
-        return self.post(f"/w/{self.workspace}/oidc/token/{audience}").text
+    def get_id_token(self, audience: str, expires_in: int | None = None) -> str:
+        params = {}
+        if expires_in is not None:
+            params["expires_in"] = expires_in
+        return self.post(f"/w/{self.workspace}/oidc/token/{audience}", params=params).text
 
     def get_job_status(self, job_id: str) -> JobStatus:
         job = self.get_job(job_id)
diff --git a/typescript-client/client.ts b/typescript-client/client.ts
@@ -945,13 +945,15 @@ export function getResumeEndpoints(approver?: string): Promise<{
 /**
  * Get an OIDC jwt token for auth to external services (e.g: Vault, AWS) (ee only)
  * @param audience audience of the token
+ * @param expiresIn Optional number of seconds until the token expires
  * @returns jwt token
  */
-export async function getIdToken(audience: string): Promise<string> {
+export async function getIdToken(audience: string, expiresIn?: number): Promise<string> {
   const workspace = getWorkspace();
   return await OidcService.getOidcToken({
     workspace,
     audience,
+    expiresIn,
   });
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-c559aa1896dafc98a5000ce1a77bd28a9e087363`
	`1`	`+0d72102809e766d5285a162dcc30055847700ee2`