IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Extended JWT client for OBO and Service Authentication (#83814)

Browse Source 
* reenable ext-jwt-client

* fixup settings struct

* add user and service auth

* lint up

* add user auth to grafana ext

* fixes

* Populate token permissions

Co-authored-by: jguer <joao.guerreiro@grafana.com>

* fix tests

* fix lint

* small prealloc

* small prealloc

* use special namespace for access policies

* fix access policy auth

* fix tests

* fix uncalled settings expander

* add feature toggle

* small feedback fixes

* rename entitlements to permissions

* add authlibn

* allow viewing the signed in user info for non user namespace

* fix invalid namespacedID

* use authlib as verifier for tokens

* Update pkg/services/authn/clients/ext_jwt.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Update pkg/services/authn/clients/ext_jwt_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* fix parameter names

* change asserts to normal package

* add rule for assert

* fix ownerships

* Local diff

* test and lint

* Fix test

* Fix ac test

* Fix pluginproxy test

* Revert testdata changes

* Force revert on test data

---------

Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This commit is contained in:
Jo
2024-04-02 17:45:15 +02:00
committed by GitHub
parent ac6e51c94a
commit 5340a6e548
28 changed files with 443 additions and 326 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/services/user/identity.go
View File

@@ -35,7 +35,8 @@ type SignedInUser struct {
Permissions map[int64]map[string][]string `json:"-"`
// IDToken is a signed token representing the identity that can be forwarded to plugins and external services.
// Will only be set when featuremgmt.FlagIdForwarding is enabled.
IDToken string `json:"-" xorm:"-"`
IDToken string `json:"-" xorm:"-"`
NamespacedID string
}
func (u *SignedInUser) ShouldUpdateLastSeenAt() bool {
@@ -205,8 +206,7 @@ func (u *SignedInUser) GetID() string {
return namespacedID(identity.NamespaceRenderService, 0)
}
// backwards compatibility
return namespacedID(identity.NamespaceUser, u.UserID)
return u.NamespacedID
}
// GetNamespacedID returns the namespace and ID of the active entity
@@ -214,6 +214,10 @@ func (u *SignedInUser) GetID() string {
func (u *SignedInUser) GetNamespacedID() (string, string) {
parts := strings.Split(u.GetID(), ":")
// Safety: GetID always returns a ':' separated string
if len(parts) != 2 {
return "", ""
}
return parts[0], parts[1]
}