* Docs: Add a note about email being required and the usage of sub claim
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* add prompt param to AzureAD oauth config
* yarn i18n-extract
* validate auth prompt value
* make login_prompt available for all SSO providers
* use base authCodeURL for azure and google
* add docs for the new field for azure and generic oauth
* fix typo
* fix frontend unit test
* add prompt parameter to docs for the other providers
* remove prompt from okta
* add unit tests for the other providers
* address feedback
* add back translations for prompt labels
* Add access token as third source for user info extraction
- Add extractFromAccessToken method to extract user info from JWT access tokens
- Mutualize code by creating parseUserInfoFromJSON helper method
- Rename methods for clarity: extractFromToken -> extractFromIDToken, retrieveRawIDToken -> retrieveRawJWTPayload
- Update test suite to include comprehensive access token retrieval scenarios
- Support three sources in priority order: ID token, API response, access token
- Maintain backward compatibility while adding new functionality
* Update Generic OAuth documentation to reflect access token support
- Add access token as a third source for user information extraction
- Update configuration sections to mention access tokens alongside ID tokens and UserInfo endpoint
- Document the priority order: ID token → UserInfo endpoint → access token
- Update configuration option descriptions to reflect new functionality
- Maintain consistency with implementation changes
* Refactor access token test cases to use parameter instead of hardcoded logic
- Add AccessToken field to test case struct for explicit access token specification
- Remove hardcoded string matching logic that determined access token based on test name
- Update all access token test cases to include the AccessToken field with appropriate JWT values
- Improve test maintainability and clarity by making access tokens explicit parameters
- Remove unused strings import that was only needed for the hardcoded logic
* fix doc lint
* reduce cyclomatic complexity
* Docs: removing docs debt in install docs
* cleaning up set up docs debt
* fixing some vale errors
* fixing broken admonition shortcode
* fixing broken shortcode
* fixing broken shortcode
* working to the grafana authentication config
* updating some more files
* editing down to ldap in the repo
* editing ldap doc except final section with link needed
* Finishing doc debt cleanup through configure authetication
* fixing shortcodes reverted by merge conflict fix
* fixing admonition
* fixing more broken shortcodes
* adjusting some wordings ot make vale happy
* updating feature toggle info
* add note that support for Auth0 audience feature is not available
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
---------
Co-authored-by: Misi <mgyongyosi@users.noreply.github.com>
* Social: link to OrgRoleMapper
* OIDC: support Generic Oauth org to role mappings
Fixes: #73448
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Handle when getAllOrgs fails in the org_role_mapper
* Add more tests
* OIDC: ensure orgs are evaluated from API when not from token
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
* Extend docs
* Fix test, lint
---------
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
* initial changes for generic_oauth, okta
* updates
* add terraform examples for each provider
* add link to terraform registry for grafana_sso_settings resource
* remove auth_url, token_url and api_url from github, gitlab and google
* Add documentation for enabling email lookup
* Apply suggestions from code review
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Address review feedback
* Update TF provider version
* Apply suggestions from code review
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Use Azure AD for now
---------
Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com>
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* added Descope as an OAuth2 provider
Added docs for customers of ours that have asked us how to use Descope with Grafana. We wanted to make sure they can easily find these docs on both our website and Grafana's.
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
* Changed note to use admonition
* Prettier
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Ieva <vasiljeva.ieva@gmail.com>
Co-authored-by: lwandz13 <126723338+lwandz13@users.noreply.github.com>
Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
* Update all use of docs/shared in Grafana to use keyword arguments
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Add version inference to remaining Grafana docs/shared usage
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set every page to have defaults of 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration pages to have of 'Cloud', 'Enterprise', and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/enterprise-licensing pages to have 'Enterprise' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/organization-management pages to have 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/provisioning pages to have 'Enterprise' and 'Open source' labels
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/recorded-queries pages to have labels cloud,enterprise
* Set administration/roles-and-permissions/access-control pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set administration/stats-and-license pages to have labels cloud,enterprise
* Set alerting pages to have labels cloud,enterprise,oss
* Set breaking-changes pages to have labels cloud,enterprise,oss
* Set dashboards pages to have labels cloud,enterprise,oss
* Set datasources pages to have labels cloud,enterprise,oss
* Set explore pages to have labels cloud,enterprise,oss
* Set fundamentals pages to have labels cloud,enterprise,oss
* Set introduction/grafana-cloud pages to have labels cloud
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix introduction pages products
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set panels-visualizations pages to have labels cloud,enterprise,oss
* Set release-notes pages to have labels cloud,enterprise,oss
* Set search pages to have labels cloud,enterprise,oss
* Set setup-grafana/configure-security/audit-grafana pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/configure-authentication pages to have labels cloud,enterprise,oss
* Set setup-grafana/configure-security/configure-authentication/enhanced-ldap pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-authentication/saml pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-hashicorp-key-vault pages to have labels cloud,enterprise
* Set setup-grafana/configure-security/configure-request-security pages to have labels cloud,enterprise,oss
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/configure-team-sync pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set setup-grafana/configure-security/export-logs pages to have labels cloud,enterprise
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Set troubleshooting pages to have labels cloud,enterprise,oss
* Set whatsnew pages to have labels cloud,enterprise,oss
* Apply updated labels from review
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
* First changes
* WIP docs
* Align current tests
* Add test for UseRefreshToken
* Update docs
* Fix
* Remove unnecessary AuthCodeURL from generic_oauth
* Change GitHub to disable use_refresh_token by default
* github oauth doc improvements
* add skip_org_role_sync to config for github provider
* update links and section headings
* update the docs based on the first PR
* update references
* update generic OAuth docs
* some more fixes and corrections
* update examples and sync sections
* fix a link
* linting
* formatting and adding more links to OAuth integrations
* add a section with config walkthrough
* fix link
* move examples to the end of the doc
* extend role mapping
* small improvements
* add a before you begin section, clean up steps, remove some text
* remove unnecessary section
* merge main 2
* OAuth -> OAuth2
* remove Centrify example because it's likely outdated
* add shared intro content
* indentation
* add refresh token to tasks, clean up more sections
* linting
* linting
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* Update docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* indentation and small descriptions under headings
* add a table for config options
* clean up more sections
* rewrite email address section
* rewriting login and display name sections, plus adding line breaks
* clean up more sections
* update role mapping section
* indentation again
* update section names
* incorporates final edits
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* pr feedback
* Apply suggestions from code review
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
* PR feedback: rewording
---------
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
* Enable doc-validator for specific directories
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix one linting error to trigger CI
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Update doc-validator to latest release
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Update make-docs procedure
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Use doc-validator version from CI in local make target
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Revert to 1.11.0
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* adds missing descriptions
* Fix titles and headings
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix link formats
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix easy to resolve anchors
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove broken anchor link
This anchor appears to have been broken for a long time.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Use doc-validator image with support for numbered anchors
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Update make-docs procedure to support doc-validator 2.0.x
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix a bunch of broken anchors
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Ignore old whatsnew content
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Update doc-validator to v2.0.x and use reviewdog to report errors
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* removes broken links
---------
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>
* add: deprecaation notice for overall setting
* add: deprecation notice for configuration files
* chore: update docs with deprecation notice
* refactor: change to note the new setting instead
* Update pkg/setting/setting.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* refactor: based on review comments
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Use relative aliases for all non-current Grafana aliases
Prevents non-latest documentation "stealing" the page away from latest
and through permanent redirects for latest pages that no longer exist.
The redirected pages are indexed by search engines but our robots.txt
forbids them crawling the non-latest page.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove aliases from shared pages
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Rewrite all current latest aliases to be next
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Fix typo in latest alias
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Remove all current page aliases
find docs/sources -type f -name '*.md' -exec sed -z -i 's#\n *- /docs/grafana/next/[^\n]*\n#\n#' {} \;
find docs/sources -type f -name '*.md' -exec sed -Ez -i 's#\n((aliases:\n *-)|aliases:\n)#\n\2#' {} \;
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
* Prettier
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Vardan Torosyan
Andrew Hackmann
Eve Meelan
renovate[bot]
Mihai Doarna
Jacob Valdez
Misi
Jo
Jacob Hands
Ieva
Robby Milo
bo0tzz
colin-stuart
David Garcia
Karl Persson
Mathieu Parent
Fredrik Ekre
Aaron Godin
Kevin J Gao
Eric Leijonmarck
Jack Baldry
Jess Sartin
linoman
arukiidou
MichaelKo
Matt Dodson
Alexander Zobnin