* add prompt param to AzureAD oauth config
* yarn i18n-extract
* validate auth prompt value
* make login_prompt available for all SSO providers
* use base authCodeURL for azure and google
* add docs for the new field for azure and generic oauth
* fix typo
* fix frontend unit test
* add prompt parameter to docs for the other providers
* remove prompt from okta
* add unit tests for the other providers
* address feedback
* add back translations for prompt labels
* Add access token as third source for user info extraction
- Add extractFromAccessToken method to extract user info from JWT access tokens
- Mutualize code by creating parseUserInfoFromJSON helper method
- Rename methods for clarity: extractFromToken -> extractFromIDToken, retrieveRawIDToken -> retrieveRawJWTPayload
- Update test suite to include comprehensive access token retrieval scenarios
- Support three sources in priority order: ID token, API response, access token
- Maintain backward compatibility while adding new functionality
* Update Generic OAuth documentation to reflect access token support
- Add access token as a third source for user information extraction
- Update configuration sections to mention access tokens alongside ID tokens and UserInfo endpoint
- Document the priority order: ID token → UserInfo endpoint → access token
- Update configuration option descriptions to reflect new functionality
- Maintain consistency with implementation changes
* Refactor access token test cases to use parameter instead of hardcoded logic
- Add AccessToken field to test case struct for explicit access token specification
- Remove hardcoded string matching logic that determined access token based on test name
- Update all access token test cases to include the AccessToken field with appropriate JWT values
- Improve test maintainability and clarity by making access tokens explicit parameters
- Remove unused strings import that was only needed for the hardcoded logic
* fix doc lint
* reduce cyclomatic complexity
* Docs: SAML docs refactoring
* Cleanup the root page
* Update the root file
* Refactor Azure AD guide
* Change the order of the tree
* Remove the index file again, back from main
* SAML UI page review and editing
* Review and edit SAML config options page
* SAML signing and encryption edit/review
* Remaining pages and aliases
* Fix PR comments
* More fixes
* Update _index.md
* Update _index.md
* Update _index.md
* Apply suggestions from code review
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Handle PR comments
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Docs: removing docs debt in install docs
* cleaning up set up docs debt
* fixing some vale errors
* fixing broken admonition shortcode
* fixing broken shortcode
* fixing broken shortcode
* working to the grafana authentication config
* updating some more files
* editing down to ldap in the repo
* editing ldap doc except final section with link needed
* Finishing doc debt cleanup through configure authetication
* fixing shortcodes reverted by merge conflict fix
* fixing admonition
* fixing more broken shortcodes
* adjusting some wordings ot make vale happy
* updating feature toggle info
* replace relrefs and minor edits
* add new content and links
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* changes from linter and content suggestions
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* run prettier
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Irene Rodriguez <irene.rodriguez@grafana.com>
* Updating SAML for Azure specific attribute structures
Adding additional context surrounding SAML via Azure where the full attribute URL needs to be specified or it will not map correctly.
This generates a lot of support contacts and isn't documented causing friction when organizations can't set it up themselves or lack the technical staff to self manage.
* run prettier
---------
Co-authored-by: Irene Rodriguez <irene.rodriguez@grafana.com>
* added backend support for client_secret_jwt
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* added backend support for client_secret_jwt
* added all logic to the exchange function (overloaded social exchange in azuread_oauth to handle managed identity client id)
* ran yarn install to update lock file
* added support for client_secret_jwt when managed_identity_client_id is null
* added audience flag and changed exchange to directly access oauth config using .info
* added logic in setting oauth.Config for supported client authentication values
* added client_authentication, managed_identity_client_id, and audience to sample.ini file
* using provided ctx in ManagedIdentityCallback function
* added frontend support for federated identity credential auth
* added client authentication field
* added Azure AD documentation for Grafana
* added bold font to "Add" keyword in documentation
* minor wording change relating to previous commit
* addressed changing audience to federated_credential_audience, moving validation, and changing managedIdentityCallback to private function
* correction to audience name changing
* fixed orgMappingClientAuthentication function name, and added in logic into validateFederatedCredentialAudience function
* Change docs
* Add iam team as owner of azcore pkg
* updated yarn lock file
* updated doc for correction
* removed wrong changes in pkg directory
* removed newline in dashboard-generate.yaml and unified.ts
* updated yarn.lock to match upstream
* Lint
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* removing unwanted changes
* added back removed newline
* fixed failing test in azuread_oauth_test.go
* Update azuread_oauth.go
removed unnecessary newline, fixed lint
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* add note that support for Auth0 audience feature is not available
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
