* OAuth: clarify role & group paths prefer id_token over userinfo api (#39066)
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Kevin Minehart <kmineh0151@gmail.com>
Added group mapping to support team sync in the Generic OAuth provider.
Co-authored-by: Leonard Gram <leo@xlson.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: Dan Cech <dan@aussiedan.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
* add parameter empty_scopes to override scope parameter with empty value and thus be able to authenticate against IdPs without scopes. Issue #27503
Update docs/sources/auth/generic-oauth.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* updated check according to feedback
* Update generic-oauth.md
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
* OAuth: Add strict role mapping
By default the user is assigned the role Viewer if role_attribute_path
doesn't return a role, which is not always desirable. This commit adds a
strict mode, which deny the user access if a role isn't returned.
Fix#26626
* Update docs/sources/auth/generic-oauth.md
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
* Update docs/sources/auth/generic-oauth.md
* Update .gitignore file with WAN
* Removed WAN from .gitignore
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: achatterjee-grafana <70489351+achatterjee-grafana@users.noreply.github.com>
Co-authored-by: achatterjee-grafana <aparajita.chatterjee@grafana.com>
* Changes. to metadata in Manage users
* changes to install section
* Added titile
* More changes.
* Updated administration folder metadata, moved 2 files from installation folder.
* Added links to Administration landing page, other metadata changes worked out.
* Updated alerting section metadata.
* Updated metadata of Auth section. Broke index and created separate Grafana Authentication section.
* Added correct weight.
* Updated metadata for the Best practices section.
* Updated metadata in templates, broke Overview topic.
* Updated subment Variable types metadata
* Fixed yaml file and H1 description of Variables syntax topic.
* Couple more metadata changes.
* Added aliases files, as suggested by Diana.
* Fix list of sample providers
The sample providers on this page has changed, so the list at the top of the page is no longer correct. Also link to Octo and Azure AD pages from here, since they are also OAuth2 providers.
* Fix misspelled Okta
* Make bullet list of OAuth2 providers
* Sort list of OAuth2 providers alphabetically
* Correction in abbreviation
* Minor correction in abbreviation
* Correcting abbreviation
* Correction in abbreviation
* Correcting abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Update stack_guide_graphite.md
* Update whats-new-in-v4-6.md
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Update ldap.md
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Correction in abbreviation
* Update docs/sources/guides/whats-new-in-v5.md
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
* Couple of changes to the document
Correcting a typo in line 53
Line 226 should be re-written as "To easily configure"
* Update docs/sources/auth/generic-oauth.md
Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
Removes send_client_credentials_via_post oauth setting and
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors
Ref #8968
Updates the docs to work with the website repo - mainly
relative link updates.
Adds a menu.yaml file to build the sidebar menu (no longer
using front matter weight).
Adds support for Generic OAuth role mapping. A new
configuration setting for generic oauth is added named
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.
Closes#9766
Update Azure AD instructions to follow heading changes in Azure Portal.
> In the legacy experience, an app had Keys page. In the new experience, it has been renamed to Certificates & secrets. In addition, Public keys are referred to as Certificates and Passwords are referred to as Client secrets.
Source: https://docs.microsoft.com/en-us/azure/active-directory/develop/app-registrations-training-guide#keyscertificates--secrets
I verified by logging in Azure AD and walking through the steps.
* Allow oauth email attribute name to be configurable
Signed-off-by: Bob Shannon <bshannon@palantir.com>
* Document e-mail determination steps for generic oauth
* Add reference to email_attribute_name
* Re-add e-mail determination docs to new generic-oauth page
* Inherit default e-mail attribute from defaults.ini
