Auth: Support google OIDC and group fetching (#70140)

* Auth: Update Google OAuth default configuration based on /.well-known/openid-configuration #69520 Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> * add id_token parsing add legacy API distinction use google auth oidc connectors add group fetching support and tests * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * implement review feedback * indent docs --------- Signed-off-by: junya koyama <arukiidou@yahoo.co.jp> Co-authored-by: junya koyama <arukiidou@yahoo.co.jp> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2025-02-25 18:55:37 -06:00 · 2023-06-26 09:44:57 +02:00
parent 80226291a1
commit 11d196eb6e
6 changed files with 717 additions and 28 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -631,10 +631,10 @@ allow_sign_up = true
 auto_login = false
 client_id = some_client_id
 client_secret =
-scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-auth_url = https://accounts.google.com/o/oauth2/auth
-token_url = https://accounts.google.com/o/oauth2/token
-api_url = https://www.googleapis.com/oauth2/v1/userinfo
+scopes = openid email profile
+auth_url = https://accounts.google.com/o/oauth2/v2/auth
+token_url = https://oauth2.googleapis.com/token
+api_url = https://openidconnect.googleapis.com/v1/userinfo
 allowed_domains =
 hosted_domain =
 skip_org_role_sync = false