mirror of
https://github.com/grafana/grafana.git
synced 2025-02-12 08:35:43 -06:00
102 lines
3.2 KiB
Markdown
102 lines
3.2 KiB
Markdown
+++
|
|
title = "GitHub OAuth2 Authentication"
|
|
description = "Grafana OAuthentication Guide "
|
|
keywords = ["grafana", "configuration", "documentation", "oauth"]
|
|
type = "docs"
|
|
[menu.docs]
|
|
name = "GitHub"
|
|
identifier = "github_oauth2"
|
|
parent = "authentication"
|
|
weight = 4
|
|
+++
|
|
|
|
# GitHub OAuth2 Authentication
|
|
|
|
To enable the GitHub OAuth2 you must register your application with GitHub. GitHub will generate a client ID and secret key for you to use.
|
|
|
|
## Configure GitHub OAuth application
|
|
|
|
You need to create a GitHub OAuth application (you find this under the GitHub
|
|
settings page). When you create the application you will need to specify
|
|
a callback URL. Specify this as callback:
|
|
|
|
```bash
|
|
http://<my_grafana_server_name_or_ip>:<grafana_server_port>/login/github
|
|
```
|
|
|
|
This callback URL must match the full HTTP address that you use in your
|
|
browser to access Grafana, but with the prefix path of `/login/github`.
|
|
When the GitHub OAuth application is created you will get a Client ID and a
|
|
Client Secret. Specify these in the Grafana configuration file. For
|
|
example:
|
|
|
|
## Enable GitHub in Grafana
|
|
|
|
```bash
|
|
[auth.github]
|
|
enabled = true
|
|
allow_sign_up = true
|
|
client_id = YOUR_GITHUB_APP_CLIENT_ID
|
|
client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
|
|
scopes = user:email,read:org
|
|
auth_url = https://github.com/login/oauth/authorize
|
|
token_url = https://github.com/login/oauth/access_token
|
|
api_url = https://api.github.com/user
|
|
team_ids =
|
|
allowed_organizations =
|
|
```
|
|
|
|
You may have to set the `root_url` option of `[server]` for the callback URL to be
|
|
correct. For example in case you are serving Grafana behind a proxy.
|
|
|
|
Restart the Grafana back-end. You should now see a GitHub login button
|
|
on the login page. You can now login or sign up with your GitHub
|
|
accounts.
|
|
|
|
You may allow users to sign-up via GitHub authentication by setting the
|
|
`allow_sign_up` option to `true`. When this option is set to `true`, any
|
|
user successfully authenticating via GitHub authentication will be
|
|
automatically signed up.
|
|
|
|
### team_ids
|
|
|
|
Require an active team membership for at least one of the given teams on
|
|
GitHub. If the authenticated user isn't a member of at least one of the
|
|
teams they will not be able to register or authenticate with your
|
|
Grafana instance. For example:
|
|
|
|
```bash
|
|
[auth.github]
|
|
enabled = true
|
|
client_id = YOUR_GITHUB_APP_CLIENT_ID
|
|
client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
|
|
scopes = user:email,read:org
|
|
team_ids = 150,300
|
|
auth_url = https://github.com/login/oauth/authorize
|
|
token_url = https://github.com/login/oauth/access_token
|
|
api_url = https://api.github.com/user
|
|
allow_sign_up = true
|
|
```
|
|
|
|
### allowed_organizations
|
|
|
|
Require an active organization membership for at least one of the given
|
|
organizations on GitHub. If the authenticated user isn't a member of at least
|
|
one of the organizations they will not be able to register or authenticate with
|
|
your Grafana instance. For example
|
|
|
|
```bash
|
|
[auth.github]
|
|
enabled = true
|
|
client_id = YOUR_GITHUB_APP_CLIENT_ID
|
|
client_secret = YOUR_GITHUB_APP_CLIENT_SECRET
|
|
scopes = user:email,read:org
|
|
auth_url = https://github.com/login/oauth/authorize
|
|
token_url = https://github.com/login/oauth/access_token
|
|
api_url = https://api.github.com/user
|
|
allow_sign_up = true
|
|
# space-delimited organization names
|
|
allowed_organizations = github google
|
|
```
|
|
|