IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AzureAD: Fallback to no groups if user does not have permission to query groups from azure (#49506)

Browse Source 
* If GroupMemver.Read.All permissions is not configured return no groups

* fix log
This commit is contained in:
Karl Persson 2022-05-24 17:55:39 +02:00 committed by GitHub
parent 4124294011
commit 624f8ef40d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/login/social/azuread_oauth.go
View File

@ -213,7 +213,8 @@ func extractGroups(client *http.Client, claims azureClaims, token *oauth2.Token)
if res.StatusCode != http.StatusOK { if res.StatusCode != http.StatusOK {
if res.StatusCode == http.StatusForbidden { if res.StatusCode == http.StatusForbidden {
logger.Error("AzureAD OAuth: failed to fetch user groups. Token need User.Read and GroupMember.Read.All permission") logger.Warn("AzureAD OAuh: Token need GroupMember.Read.All permission to fetch all groups")
return []string{}, nil
} }
return nil, errors.New("error fetching groups") return nil, errors.New("error fetching groups")
} }