From 624f8ef40de6d2855911752bd0e0c716d477d213 Mon Sep 17 00:00:00 2001
From: Karl Persson <kalle.persson@grafana.com>
Date: Tue, 24 May 2022 17:55:39 +0200
Subject: [PATCH] AzureAD: Fallback to no groups if user does not have
 permission to query groups from azure  (#49506)

* If GroupMemver.Read.All permissions is not configured return no groups

* fix log
---
 pkg/login/social/azuread_oauth.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/login/social/azuread_oauth.go b/pkg/login/social/azuread_oauth.go
index ff1d51a7a4e..774e7bdfa55 100644
--- a/pkg/login/social/azuread_oauth.go
+++ b/pkg/login/social/azuread_oauth.go
@@ -213,7 +213,8 @@ func extractGroups(client *http.Client, claims azureClaims, token *oauth2.Token)
 
 	if res.StatusCode != http.StatusOK {
 		if res.StatusCode == http.StatusForbidden {
-			logger.Error("AzureAD OAuth: failed to fetch user groups. Token need User.Read and GroupMember.Read.All permission")
+			logger.Warn("AzureAD OAuh: Token need GroupMember.Read.All permission to fetch all groups")
+			return []string{}, nil
 		}
 		return nil, errors.New("error fetching groups")
 	}