IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add separate token handling for OAuth providers (#76461)

Browse Source 
* Add separate token handling for OAuth providers

* Fixed version syntax

* Added release date

---------

Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
This commit is contained in:
Isabel
2023-10-25 09:51:31 -04:00
committed by GitHub
parent 85468d2a67
commit ba9c22f51b
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docs/sources/whatsnew/whats-new-next/index.md
View File

@@ -39,6 +39,27 @@ _Generally available in Grafana Cloud_
Use Alerting insights to monitor your alerting data, discover key trends about your organizations alert management performance, and find patterns in why things go wrong.
## Configure refresh token handling separately for OAuth providers
<!-- Mihaly Gyongyosi -->
<!-- already in on-prem -->
October 24, 2023
_Generally available in Grafana Cloud_
With Grafana v9.3, we introduced a feature toggle called `accessTokenExpirationCheck`. It improves the security of Grafana by checking the expiration of the access token and automatically refreshing the expired access token when a user is logged in using one of the OAuth providers.
With the current release, we've introduced a new configuration option for each OAuth provider called `use_refresh_token` that allows you to configure whether the particular OAuth integration should use refresh tokens to automatically refresh access tokens when they expire. In addition, to further improve security and provide secure defaults, `use_refresh_token` is enabled by default for providers that support either refreshing tokens automatically or client-controlled fetching of refresh tokens. It's enabled by default for the following OAuth providers: `AzureAD`, `GitLab`, `Google`.
For more information on how to set up refresh token handling, please refer to [the documentation of the particular OAuth provider.](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/).
{{% admonition type="note" %}}
The `use_refresh_token` configuration must be used in conjunction with the `accessTokenExpirationCheck` feature toggle. If you disable the `accessTokenExpirationCheck` feature toggle, Grafana won't check the expiration of the access token and won't automatically refresh the expired access token, even if the `use_refresh_token` configuration is set to `true`.
The `accessTokenExpirationCheck` feature toggle will be removed in Grafana v10.3.
{{% /admonition %}}
## Use AI to generate dashboard titles, descriptions, and change summaries
<!-- Nathan Marrs -->