Auth: Update docs on use PKCE by default (#68638)

* Auth: Update docs on use PKCE by default. (#68073) Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> * Fix: docs review - from introduces to provides https://github.com/grafana/grafana/pull/68638/files#r1200506006 Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> * Fix docs - Remove note about a version https://github.com/grafana/grafana/pull/68638/files#r1200508038 Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> * Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md --------- Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
2025-08-01 04:21:50 +08:00 · 2023-05-31 01:17:45 +09:00
parent a61d828998
commit 345b7fadc9
5 changed files with 71 additions and 5 deletions
--- a/docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
+++ b/docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
@ -15,13 +15,23 @@ weight: 200

 You can configure many different OAuth2 authentication services with Grafana using the generic OAuth2 feature. Examples:

- [Generic OAuth authentication](#configure-generic-oauth-authentication)
+- [Configure generic OAuth authentication](#configure-generic-oauth-authentication)
+  - [Email address](#email-address)
+  - [Groups / Teams](#groups--teams)
+  - [Login](#login)
+  - [PKCE](#pkce)
+  - [Configure refresh token](#configure-refresh-token)
+  - [Configure automatic login](#configure-automatic-login)
  - [Set up OAuth2 with Auth0](#set-up-oauth2-with-auth0)
  - [Set up OAuth2 with Bitbucket](#set-up-oauth2-with-bitbucket)
  - [Set up OAuth2 with Centrify](#set-up-oauth2-with-centrify)
  - [Set up OAuth2 with OneLogin](#set-up-oauth2-with-onelogin)
-  - [Role mapping](#role-mapping)
+  - [Role Mapping](#role-mapping)
+    - [JMESPath examples](#jmespath-examples)
+      - [Map user organization role](#map-user-organization-role)
+      - [Map server administrator privileges](#map-server-administrator-privileges)
  - [Team synchronization](#team-synchronization)
+  - [Skip organization role sync](#skip-organization-role-sync)

 This callback URL must match the full HTTP address that you use in your browser to access Grafana, but with the suffixed path of `/login/generic_oauth`.

@ -106,7 +116,7 @@ You can set the user's display name with JMESPath using the `name_attribute_path
 > Available in Grafana v8.3 and later versions.

 IETF's [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636)
-introduces "proof key for code exchange" (PKCE) which introduces
+introduces "proof key for code exchange" (PKCE) which provides
 additional protection against some forms of authorization code
 interception attacks. PKCE will be required in [OAuth 2.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-03).