IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Extended JWT client for OBO and Service Authentication (#83814)

Browse Source 
* reenable ext-jwt-client

* fixup settings struct

* add user and service auth

* lint up

* add user auth to grafana ext

* fixes

* Populate token permissions

Co-authored-by: jguer <joao.guerreiro@grafana.com>

* fix tests

* fix lint

* small prealloc

* small prealloc

* use special namespace for access policies

* fix access policy auth

* fix tests

* fix uncalled settings expander

* add feature toggle

* small feedback fixes

* rename entitlements to permissions

* add authlibn

* allow viewing the signed in user info for non user namespace

* fix invalid namespacedID

* use authlib as verifier for tokens

* Update pkg/services/authn/clients/ext_jwt.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* Update pkg/services/authn/clients/ext_jwt_test.go

Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>

* fix parameter names

* change asserts to normal package

* add rule for assert

* fix ownerships

* Local diff

* test and lint

* Fix test

* Fix ac test

* Fix pluginproxy test

* Revert testdata changes

* Force revert on test data

---------

Co-authored-by: gamab <gabriel.mabille@grafana.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This commit is contained in:
Jo
2024-04-02 17:45:15 +02:00
committed by GitHub
parent ac6e51c94a
commit 5340a6e548
28 changed files with 443 additions and 326 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/setting/setting_jwt.go
View File

@@ -25,6 +25,22 @@ type AuthJWTSettings struct {
UsernameAttributePath string
}
type ExtJWTSettings struct {
Enabled bool
ExpectIssuer string
ExpectAudience string
JWKSUrl string
}
func (cfg *Cfg) readAuthExtJWTSettings() {
authExtendedJWT := cfg.SectionWithEnvOverrides("auth.extended_jwt")
jwtSettings := ExtJWTSettings{}
jwtSettings.Enabled = authExtendedJWT.Key("enabled").MustBool(false)
jwtSettings.ExpectAudience = authExtendedJWT.Key("expect_audience").MustString("")
jwtSettings.JWKSUrl = authExtendedJWT.Key("jwks_url").MustString("")
cfg.ExtJWTAuth = jwtSettings
}
func (cfg *Cfg) readAuthJWTSettings() {
jwtSettings := AuthJWTSettings{}
authJWT := cfg.Raw.Section("auth.jwt")