Removes send_client_credentials_via_post oauth setting and
use auto-detect mechanism instead.
By these changes also fixes statichcheck errors
Ref #8968
Adds support for Generic OAuth role mapping. A new
configuration setting for generic oauth is added named
role_attribute_path which accepts a JMESPath expression.
Only Grafana roles named Viewer, Editor or Admin are
accepted.
Closes#9766
* Allow oauth email attribute name to be configurable
Signed-off-by: Bob Shannon <bshannon@palantir.com>
* Document e-mail determination steps for generic oauth
* Add reference to email_attribute_name
* Re-add e-mail determination docs to new generic-oauth page
* Inherit default e-mail attribute from defaults.ini
TLS was not being verified in a number of places:
- connections to grafana.com
- connections to OAuth providers when TLS client authentication was
enabled
- connections to self-hosted Grafana installations when using the CLI
tool
TLS should always be verified unless the user explicitly enables an
option to skip verification.
Removes some instances where `InsecureSkipVerify` is explicitly set to
`false`, the default, to help avoid confusion and make it more difficult
to regress on this fix by accident.
Adds a `--insecure` flag to `grafana-cli` to skip TLS verification.
Adds a `tls_skip_verify_insecure` setting for OAuth.
Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]`
section.
I'm not super happy with the way the global setting is used by
`pkg/api/app_routes.go` but that seems to be the existing pattern used.
* break out go and js build commands
* support oauth providers that return errors via redirect
* remove extra call to get grafana.net org membership
* removed GitHub specifics from generic OAuth
* readded ability to name generic source
* revert to a backward-compatible state, refactor and clean up
* streamline oauth user creation, make generic oauth support more generic
