From 5fa373840caa5f9667255bcbe007e3007ba5b516 Mon Sep 17 00:00:00 2001 From: HugoCasa Date: Mon, 8 Dec 2025 12:19:18 +0100 Subject: [PATCH 1/3] feat: add query arg for oidc expiration --- backend/ee-repo-ref.txt | 2 +- backend/windmill-api/openapi.yaml | 4 ++++ python-client/wmill/wmill/client.py | 7 +++++-- typescript-client/client.ts | 4 +++- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/backend/ee-repo-ref.txt b/backend/ee-repo-ref.txt index 2b19bb4da9e59..5da1f17f5ecf7 100644 --- a/backend/ee-repo-ref.txt +++ b/backend/ee-repo-ref.txt @@ -1 +1 @@ -9501f6dc030f4235984286cf00762ab4bb54c846 \ No newline at end of file +38b82b729b6b98eb516060dbf78448604f1ced64 \ No newline at end of file diff --git a/backend/windmill-api/openapi.yaml b/backend/windmill-api/openapi.yaml index 44bdee8d115f1..36fa8869619d0 100644 --- a/backend/windmill-api/openapi.yaml +++ b/backend/windmill-api/openapi.yaml @@ -3449,6 +3449,10 @@ paths: required: true schema: type: string + - name: expires_in + in: query + schema: + type: number responses: "200": diff --git a/python-client/wmill/wmill/client.py b/python-client/wmill/wmill/client.py index cf6d1f9d51944..eaad83b25ea5e 100644 --- a/python-client/wmill/wmill/client.py +++ b/python-client/wmill/wmill/client.py @@ -413,8 +413,11 @@ def get_root_job_id(self, job_id: str | None = None) -> dict: job_id = job_id or os.environ.get("WM_JOB_ID") return self.get(f"/w/{self.workspace}/jobs_u/get_root_job_id/{job_id}").json() - def get_id_token(self, audience: str) -> str: - return self.post(f"/w/{self.workspace}/oidc/token/{audience}").text + def get_id_token(self, audience: str, expires_in: int | None = None) -> str: + params = {} + if expires_in is not None: + params["expires_in"] = expires_in + return self.post(f"/w/{self.workspace}/oidc/token/{audience}", params=params).text def get_job_status(self, job_id: str) -> JobStatus: job = self.get_job(job_id) diff --git a/typescript-client/client.ts b/typescript-client/client.ts index ab1c232ca6077..03f6f51a2f750 100644 --- a/typescript-client/client.ts +++ b/typescript-client/client.ts @@ -945,13 +945,15 @@ export function getResumeEndpoints(approver?: string): Promise<{ /** * Get an OIDC jwt token for auth to external services (e.g: Vault, AWS) (ee only) * @param audience audience of the token + * @param expiresIn Optional number of seconds until the token expires * @returns jwt token */ -export async function getIdToken(audience: string): Promise { +export async function getIdToken(audience: string, expiresIn?: number): Promise { const workspace = getWorkspace(); return await OidcService.getOidcToken({ workspace, audience, + expiresIn, }); } From c0cabc0fde5be94ce84eb8263a7d4f9007eb8627 Mon Sep 17 00:00:00 2001 From: "windmill-internal-app[bot]" Date: Mon, 8 Dec 2025 16:37:39 +0000 Subject: [PATCH 2/3] Update ee-repo-ref.txt --- backend/ee-repo-ref.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/ee-repo-ref.txt b/backend/ee-repo-ref.txt index 547d1e747e3bb..5430424f14d55 100644 --- a/backend/ee-repo-ref.txt +++ b/backend/ee-repo-ref.txt @@ -1 +1 @@ -38b82b729b6b98eb516060dbf78448604f1ced64 +de78abe61d92cdbc705be6dc2ef292957eb81b78 From b28c2add28b31e7e35e1eeb1e1cef35e14426c23 Mon Sep 17 00:00:00 2001 From: "windmill-internal-app[bot]" Date: Mon, 8 Dec 2025 16:51:54 +0000 Subject: [PATCH 3/3] Update ee-repo-ref.txt --- backend/ee-repo-ref.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/ee-repo-ref.txt b/backend/ee-repo-ref.txt index 5430424f14d55..8c6e6d7338194 100644 --- a/backend/ee-repo-ref.txt +++ b/backend/ee-repo-ref.txt @@ -1 +1 @@ -de78abe61d92cdbc705be6dc2ef292957eb81b78 +0d72102809e766d5285a162dcc30055847700ee2