From c50c3f03137cf13a75c2e6d415416216428969ae Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Thu, 8 Apr 2021 22:26:27 -0700
Subject: [PATCH] tailcfg: document new RegisterRequest.Expiry behavior

Deployed to control server.

For upcoming "logout" command and fixes.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 tailcfg/tailcfg.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go
index 2a05d9e9a..f1b07cb1d 100644
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@@ -591,8 +591,12 @@ type RegisterRequest struct {
 		Oauth2Token         *Oauth2Token
 		AuthKey             string
 	}
-	Expiry   time.Time // requested key expiry, server policy may override
-	Followup string    // response waits until AuthURL is visited
+	// Expiry optionally specifies the requested key expiry.
+	// The server policy may override.
+	// As a special case, if Expiry is in the past and NodeKey is
+	// the node's current key, the key is expired.
+	Expiry   time.Time
+	Followup string // response waits until AuthURL is visited
 	Hostinfo *Hostinfo
 
 	// The following fields are not used for SignatureNone and are required for