2023-09-27 11:36:23 +02:00
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
|
|
|
|
|
"github.com/go-jose/go-jose/v3/jwt"
|
2023-10-27 08:30:33 +02:00
|
|
|
|
2023-09-27 11:36:23 +02:00
|
|
|
"github.com/grafana/grafana/pkg/services/auth/identity"
|
2023-10-27 08:30:33 +02:00
|
|
|
"github.com/grafana/grafana/pkg/services/datasources"
|
2023-09-27 11:36:23 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type IDService interface {
|
|
|
|
|
// SignIdentity signs a id token for provided identity that can be forwarded to plugins and external services
|
|
|
|
|
SignIdentity(ctx context.Context, identity identity.Requester) (string, error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type IDSigner interface {
|
|
|
|
|
SignIDToken(ctx context.Context, claims *IDClaims) (string, error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type IDClaims struct {
|
|
|
|
|
jwt.Claims
|
|
|
|
|
}
|
2023-10-27 08:30:33 +02:00
|
|
|
|
2023-10-27 10:20:49 +02:00
|
|
|
const settingsKey = "forwardGrafanaIdToken"
|
2023-10-27 08:30:33 +02:00
|
|
|
|
|
|
|
|
func IsIDForwardingEnabledForDataSource(ds *datasources.DataSource) bool {
|
|
|
|
|
return ds.JsonData != nil && ds.JsonData.Get(settingsKey).MustBool()
|
|
|
|
|
}
|
