New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth: add the missing fields for all SSO providers #83813
Changes from 1 commit
c4e09b9
5d68d0b
7c91a3e
c643ee5
a7fa069
eb0e280
cdcf35d
063772f
51fa914
60f2e5d
9196315
dfb97cb
4a90197
7f7c11c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,21 +11,7 @@ import { isUrlValid } from './utils/url'; | |
|
||
/** Map providers to their settings */ | ||
export const fields: Record<SSOProvider['provider'], Array<keyof SSOProvider['settings']>> = { | ||
github: ['name', 'clientId', 'clientSecret', 'teamIds', 'allowedOrganizations'], | ||
google: ['name', 'clientId', 'clientSecret', 'allowedDomains'], | ||
gitlab: ['name', 'clientId', 'clientSecret', 'allowedOrganizations', 'teamIds'], | ||
azuread: ['name', 'clientId', 'clientSecret', 'authUrl', 'tokenUrl', 'scopes', 'allowedGroups', 'allowedDomains'], | ||
okta: [ | ||
'name', | ||
'clientId', | ||
'clientSecret', | ||
'authUrl', | ||
'tokenUrl', | ||
'apiUrl', | ||
'roleAttributePath', | ||
'allowedGroups', | ||
'allowedDomains', | ||
], | ||
}; | ||
|
||
type Section = Record< | ||
|
@@ -94,6 +80,130 @@ export const sectionFields: Section = { | |
], | ||
}, | ||
], | ||
google: [ | ||
{ | ||
name: 'General settings', | ||
id: 'general', | ||
fields: ['name', 'clientId', 'clientSecret', 'scopes', 'allowSignUp', 'autoLogin', 'signoutRedirectUrl'], | ||
}, | ||
{ | ||
name: 'User mapping', | ||
id: 'user', | ||
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'], | ||
}, | ||
{ | ||
name: 'Extra security measures', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you please add the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I added the new field |
||
id: 'extra', | ||
fields: [ | ||
'allowedDomains', | ||
'allowedGroups', | ||
'usePkce', | ||
'useRefreshToken', | ||
'tlsSkipVerifyInsecure', | ||
'tlsClientCert', | ||
'tlsClientKey', | ||
'tlsClientCa', | ||
], | ||
}, | ||
], | ||
github: [ | ||
{ | ||
name: 'General settings', | ||
id: 'general', | ||
fields: ['name', 'clientId', 'clientSecret', 'scopes', 'allowSignUp', 'autoLogin', 'signoutRedirectUrl'], | ||
}, | ||
{ | ||
name: 'User mapping', | ||
id: 'user', | ||
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'], | ||
}, | ||
{ | ||
name: 'Extra security measures', | ||
id: 'extra', | ||
fields: [ | ||
'allowedOrganizations', | ||
'allowedDomains', | ||
'teamIds', | ||
'usePkce', | ||
'useRefreshToken', | ||
'tlsSkipVerifyInsecure', | ||
'tlsClientCert', | ||
'tlsClientKey', | ||
'tlsClientCa', | ||
], | ||
}, | ||
], | ||
gitlab: [ | ||
{ | ||
name: 'General settings', | ||
id: 'general', | ||
fields: [ | ||
'name', | ||
'clientId', | ||
'clientSecret', | ||
'scopes', | ||
'authStyle', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not needed. |
||
'allowSignUp', | ||
'autoLogin', | ||
'signoutRedirectUrl', | ||
], | ||
}, | ||
{ | ||
name: 'User mapping', | ||
id: 'user', | ||
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'], | ||
}, | ||
{ | ||
name: 'Extra security measures', | ||
id: 'extra', | ||
fields: [ | ||
'allowedDomains', | ||
'allowedGroups', | ||
'usePkce', | ||
'useRefreshToken', | ||
'tlsSkipVerifyInsecure', | ||
'tlsClientCert', | ||
'tlsClientKey', | ||
'tlsClientCa', | ||
], | ||
}, | ||
], | ||
okta: [ | ||
{ | ||
name: 'General settings', | ||
id: 'general', | ||
fields: [ | ||
'name', | ||
'clientId', | ||
'clientSecret', | ||
'scopes', | ||
'authStyle', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not needed. |
||
'authUrl', | ||
'tokenUrl', | ||
'apiUrl', | ||
'signoutRedirectUrl', | ||
], | ||
}, | ||
{ | ||
name: 'User mapping', | ||
id: 'user', | ||
fields: ['allowAssignGrafanaAdmin', 'roleAttributePath', 'roleAttributeStrict', 'skipOrgRoleSync'], | ||
}, | ||
{ | ||
name: 'Extra security measures', | ||
id: 'extra', | ||
fields: [ | ||
'allowedDomains', | ||
'allowedGroups', | ||
'usePkce', | ||
'useRefreshToken', | ||
'tlsSkipVerifyInsecure', | ||
'tlsClientCert', | ||
'tlsClientKey', | ||
'tlsClientCa', | ||
], | ||
}, | ||
], | ||
}; | ||
|
||
/** | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix the order of these in each of the new configurations. The order should be (based on generic_oauth): 'roleAttributePath', 'roleAttributeStrict','allowAssignGrafanaAdmin','skipOrgRoleSync'.
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed this for all providers.