* Add AuthNSvc reload handling
* Working, need to add test
* Remove commented out code
* Add Reload implementation to connectors
* Align and add tests, refactor
* Add more tests, linting
* Add extra checks + tests to oauth client
* Clean up based on reviews
* Move config instantiation into newSocialBase
* Use specific error
* AuthnSync: Rename files and structures
* AuthnSync: register rbac cloud role sync if feature toggle is enabled
* RBAC: Add new sync function to service interface
* RBAC: add common prefix and role names for cloud fixed roles
* AuthnSync+RBAC: implement rbac cloud role sync
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
* Refactor to prevent cyclic dependencies
* Move list authorization to the API layer
* Init connectors using the SSO settings service in case the ssoSettingsApi feature toggle is enabled
* wip, need to handle the cyclic dep
* Remove cyclic dependency
* Align tests + refactor
* Move back OAuthInfo to social
* Delete pkg/login/social/constants
* Move reloadable registration to the social providers
* Rename connectors.Error to connectors.SocialError
* AuthN: Check API Key is not trying to access another organization
* Revert local change
* Add test
* Discussed with Kalle we should set r.OrgID
* Syntax sugar
* Suggestion org-mismatch
* Move test to the db so we test the queries and not just testing the mock
* Remove unused function and dependencies
* Remove unused functions from the database
* Add some integration tests
* Use singleflight to prevent logging error if the token has already been refreshed
* Change order of error checks
* align tests, change error name
* Change sf key
* Update based on the review
* refactor
* Move rotate logic into its own function
* Move oauth token sync to session client
* Add user to the local cache if refresh tokens are not enabled for the provider so we can skip the check in other
requests
* Move errors to error file
* Move check for both empty username and email to user service
* Move check for empty email and username to user service Update
* Wrap inner error
* Set username in test
* IDForwarding: change audience to be prefixed by org and remove JTI
* IDForwarding: Construct new signer each time we want to sign a token.
* SigningKeys: Simplify storage layer and move logic to service
* SigningKeys: Add private key to local cache
* signing key wip
use db keyset storage
add signing_key table
add testing for key storage
add ES256 key tests
Remove caching and implement UpdateOrCreate
Stabilize interfaces
* Encrypt private keys
* Fixup signer
* Fixup ext_jwt
* Add GetOrCreatePrivate with automatic key rotation
* use GetOrCreate for ext_jwt
* use GetOrCreate in id
* catch invalid block type
* fix broken test
* remove key generator
* reduce public interface of signing service
* AuthN: Move identity struct to its own file
* IDForwarding: Add IDToken property to usr and identity structs and add GetIDToken to requester interface
* Inject IDService into background services
* IDForwarding: Register post auth hook when feature toggle is enabled
* remove API tagging method and authed tagging
* add anonstore
move debug to after cache
change test order
fix issue where mysql trims to second
* add old device cleanup
lint
utc-ize everything
trim whitespace
* remove dangling setting
* Add delete devices
* Move anonymous authnclient to anonimpl
* Add simple post login hook
* move registration of Background Service
cleanup
* add updated_at index
* do not untag device if login err
* add delete device integration test
* [LDAP] Disable removed users on login
* Fix tests
* Add test for user disabling
* Add tests for disabling user behind auth proxy
* Linting.
* Rename setup func
* Account for reviews comments
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
---------
Co-authored-by: Kalle Persson <kalle.persson@grafana.com>
* Authn: Add interface for external identity sync
This interface is implemented by authnimpl.Service and just triggers PostAuthHooks and skipping last seen update by default
* Authn: Add SyncIdentity to fake and add a new mock
