added oauth2 support

2020-12-12 23:39:03 +01:00 · 2020-12-12 23:39:03 +01:00 · b279d0a9e2
commit b279d0a9e2
parent d958bac52e
2 changed files with 22 additions and 9 deletions
--- a/templates/grafana.ini.j2
+++ b/templates/grafana.ini.j2
@ -317,17 +317,19 @@ disable_gravatar = true

 #################################### Generic OAuth ##########################
 [auth.generic_oauth]
-;enabled = false
-;name = OAuth
-;allow_sign_up = true
-;client_id = some_id
-;client_secret = some_secret
-;scopes = user:email,read:org
+enabled = {{ grafana.config.oauth2.enabled }}
+name = {{ grafana.config.oauth2.name }}
+allow_sign_up = true
+client_id = {{ grafana.config.oauth2.client_id }}
+client_secret = {{ grafana.config.oauth2.client_secret }}
+scopes = {{ grafana.config.oauth2.scopes }}
 ;email_attribute_name = email:primary
 ;email_attribute_path =
-;auth_url = https://foo.bar/login/oauth/authorize
-;token_url = https://foo.bar/login/oauth/access_token
-;api_url = https://foo.bar/user
+
+auth_url = {{ grafana.config.oauth2.auth_url }}
+token_url = {{ grafana.config.oauth2.token_url }}
+api_url = {{ grafana.config.oauth2.api_url }}
+
 ;team_ids =
 ;allowed_organizations =
 ;tls_skip_verify_insecure = false
@ -335,6 +337,8 @@ disable_gravatar = true
 ;tls_client_key =
 ;tls_client_ca =

+role_attribute_path = {{ grafana.config.oauth2.role_attribute_path }}
+
 ; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
 ; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
 ;send_client_credentials_via_post = false