opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-31 14:22:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
60,541 Commits 2,376 Branches 619 Tags
Commit Graph

37 Commits

Author SHA1 Message Date
Misi
1f3dc0533c Auth: Add tracing to auth clients and AuthToken service (#107878) 
* Add tracing to auth clients + authtoken svc

* Fix span names

* Fix ext_jwt.go

* Fix idimpl/service

* Update wire_gen.go

* Add tracing to JWT client

* Lint
 2025-07-10 15:41:00 +02:00
Karl Persson
be60ef0500 IDToken: cache invalidation (#100592) 
* Make org role part of id token cache key. This way we will always sign a new token when it changes

* Remove calls to remove id token
 2025-02-13 14:10:58 +01:00
Misi
ee0a1391df Auth: Add OrgRole to ID token (#100383) 
* Changes for Users and ServiceAccounts

* Align tests
 2025-02-12 05:51:29 -08:00
Ryan McKinley
680e6bc1f8 Authlib: Use types package rather than claims (#99243) 2025-01-21 12:06:55 +03:00
Karl Persson
3a17d0c927 IAM: align AuthInfo interface (#97228) 
* Update to use updated interface
 2024-12-03 15:11:17 +01:00
Karl Persson
76f052e8de Requester: Remove duplicated function (#97038) 
* Remove duplicated function

* Remove GetDisplayName from interface

* Use GetName
 2024-11-26 15:29:31 +01:00
Karl Persson
3bcbf231ee IDToken: fix namespace format (#95341) 
* Bump authlib version

* Remove temporary formatter and start signing tokens with `stacks-` prefix

* update workspace
 2024-11-04 09:33:03 +01:00
Ryan McKinley
82417c916f K8s: Use stacks plural not singular in grafana namespaces (#92550) 2024-08-29 14:15:00 +03:00
Charandas
4f024d94d8 Authn: resolve issues with setting up a nil identity (#92620) 2024-08-29 00:49:41 +03:00
Ryan McKinley
2e60f28044 Auth: remove id token flag (#92209) 2024-08-21 16:30:17 +03:00
Karl Persson
8d36111420 IDForwarding: Set identity type and uid (#91830) 
* Set identity type and uid

* Set uid without prefix

* Update authlib version

* Update to new claim name
 2024-08-14 10:51:44 +02:00
Karl Persson
8bcd9c2594 Identity: Remove typed id (#91801) 
* Refactor identity struct to store type in separate field

* Update ResolveIdentity to take string representation of typedID

* Add IsIdentityType to requester interface

* Use IsIdentityType from interface

* Remove usage of TypedID

* Remote typedID struct

* fix GetInternalID
 2024-08-13 10:18:28 +02:00
Ryan McKinley
21d4a4f49e Auth: use IdentityType from authlib (#91763) 2024-08-12 09:26:53 +03:00
Karl Persson
bcfb66b416 Identity: remove GetTypedID (#91745) 2024-08-09 18:20:24 +03:00
Claudiu Dragalina-Paraipan
e2435f92f1 [authn]: add GetIDClaims() to Requester (#91387) 
* authn: add GetIDClaims() to Requester

Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>

* authn: update StaticRequester

Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>

* update auth/idtest/mock

Co-Authored-By: Gabriel MABILLE <gamab@users.noreply.github.com>

* Fix test

Co-authored-by: Claudiu Dragalina-Paraipan <claudiu.dragalina@grafana.com>

---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: gamab <gabriel.mabille@grafana.com>
 2024-08-02 12:36:02 +03:00
colin-stuart
057c04ed9d IDToken: Add current user's DisplayName to the ID token (#90992) 
Set claims.Rest.DisplayName from the IDService
 2024-07-31 09:11:37 -04:00
Ryan McKinley
728150bdbd Identity: extend k8s user.Info (#90937) 2024-07-30 08:27:23 +03:00
Ryan McKinley
9db3bc926e Identity: Rename "namespace" to "type" in the requester interface (#90567) 2024-07-25 12:52:14 +03:00
Misi
69c5fa8361 IDToken: Add current user's Username and UID to the ID token (#90240) 
* Set claims.Rest.Login from the IDService

* Add UID to the ID token
 2024-07-11 14:25:30 +02:00
Ryan McKinley
99d8025829 Chore: Move identity and errutil to apimachinery module (#89116) 2024-06-13 07:11:35 +03:00
Karl Persson
2d8570e85e IDToken: Reuse claims from authlib (#87437) 
* bump authlib version

* Reuse claims from authlib
 2024-05-07 16:46:43 +02:00
Karl Persson
37af1ae58e IDToken: Set typ header (#87430) 
TokenSigning: Set typ header
 2024-05-07 13:59:23 +02:00
Dan Cech
41bee274fd Chore: Fix error handling in postDashboard, remove UserDisplayDTO, fix live redis client initialization (#87206) 
* clean up error handling in postDashboard and remove UserDisplayDTO

* replace GetUserUID with GetUID and GetNamespacedUID, enforce namespace constant type

* lint fix

* lint fix

* more lint fixes
 2024-05-06 14:17:34 -04:00
Karl Persson
a22350f8f4 IDToken: add namespace (#87242) 2024-05-02 18:55:28 -07:00
Karl Persson
895222725c Session: set authID and authenticatedBy (#85806) 
* Authn: Resolve authenticate by and auth id when fethcing signed in user

* Change logout client interface to only take Requester interface

* Session: Fetch external auth info when authenticating sessions

* Use authenticated by from identity

* Move call to get auth-info into session client and use GetAuthenticatedBy in various places
 2024-04-11 10:25:29 +02:00
Karl Persson
ba41954854 Email: trigger email verification flow (#85587) 
* Add email and email_verified to id token if identity is a user

* Add endpoint to trigger email verification for user

* Add function to clear stored id tokens and use it when email verification is completed
 2024-04-05 12:05:46 +02:00
Karl Persson
2f5e3023c2 IDFowrarding: ignore logging context canceled errors (#85141) 2024-03-26 11:36:44 +01:00
Karl Persson
28bb6979f5 IDForwading: cache based on expires in (#81136) 
* IDFowarding: Cache based on expires in

* IDFowarding: Change default expires in

---------

Co-authored-by: Victor Cinaglia <victor@grafana.com>
 2024-01-24 13:56:44 +01:00
Karl Persson
43b6b6b2a4 IDForwarding: add "authenticatedBy" to id token (#80622) 
* IDForwading: Set authenticated by for users
 2024-01-17 09:52:05 +01:00
Vardan Torosyan
63cd5a5625 Chore: Cleanup namespace and ID resolution (#79360) 
* Chore: Cleanup namespace ID resolution

* Check for negative userID when relevant

* Reuse existing function for parsing ID as int

* Fix imports
 2023-12-21 20:42:05 +01:00
Ryan McKinley
f69fd3726b FeatureToggles: Add context and and an explicit global check (#78081) 2023-11-14 12:50:27 -08:00
Karl Persson
e2ba399e30 IDForwarding: Use single flight for SignIdentity (#76530) 
* IDForwarding: Use single flight for SignIdentity

* Update cache inside single flight call
 2023-10-13 14:32:53 +02:00
Karl Persson
ea741dda6b Signingkeys: Add local cache (#76234) 
* IDForwarding: change audience to be prefixed by org and remove JTI

* IDForwarding: Construct new signer each time we want to sign a token.

* SigningKeys: Simplify storage layer and move logic to service

* SigningKeys: Add private key to local cache
 2023-10-10 14:17:16 +02:00
Karl Persson
a2d4ce18ad IDForwarding: Add basic metrics (#75798) 
* IDService: Add basic metrics

* IDService: Add more metrics
---------

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
 2023-10-05 09:17:40 +02:00
Karl Persson
fd2235b5ad AuthN: Implement requester interface for identity (#75618) 
* AuthN: Implement identity.Requester interface for authn.Identity

* AuthN: Replace OrgRole with GetOrgRole

* IDForwarding: skip converting to SignedInUser

* Pass identity directly in permission sync hook
 2023-09-28 16:37:32 +02:00
Karl Persson
b9b4246432 IDForwarding: Add auth hook to generate id token (#75555) 
* AuthN: Move identity struct to its own file

* IDForwarding: Add IDToken property to usr and identity structs and add GetIDToken to requester interface

* Inject IDService into background services

* IDForwarding: Register post auth hook when feature toggle is enabled
 2023-09-28 09:22:05 +02:00
Karl Persson
b50f1e15a8 IDForwarding: Add service and a local signer (#75423) 
* IDForwarding: Add service for handling id token and create a local signer
---------

Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
 2023-09-27 11:36:23 +02:00