OAuh2 gitlab role_attribute_path JMESpath

copolycube · July 29, 2022, 8:28pm

Hello,

I am trying to understand which API is called during the gitlab Oauth authentication, to determine the gitlab groups and gitlab roles memberships.

My goal be able to configure role_attribute_path to apply a matching between Oauth gitlab group role membership and grafana role matching rule.

gitlab	grafana
admin, owner	Admin
maintainer, dev	Editor
guest	Viewer

I explored and tried around from the following docs without success :

links to docs on grafana side :
Configure generic OAuth authentication | Grafana documentation
Configure GitLab OAuth2 Authentication | Grafana documentation

GF_AUTH_GITLAB_ROLE_ATTRIBUTE_PATH: (contains(info.access_level[*], '50') || contains(info.roles[*], 'admin' || is_admin) ) && 'Admin' || (contains(info.access_level[*], '40') || contains(info.roles[*], 'editor')) && 'Editor' || 'Viewer'

but so far no luck…

Thanks for any suggestion !

agoyalg · August 25, 2022, 7:16am

Any update on this? as I am also trying to pull out groups from Dex (OIDC) to the grafana and assigned roles based on the groups. it looks like there seems to be no way so far.

jangaraj · August 25, 2022, 2:39pm

Make sure you have Grafana v9.1.0-beta1+ version - OAuth: Allow role mapping from GitHub and GitLab groups by Jguer · Pull Request #52407 · grafana/grafana · GitHub

Topic		Replies	Views
OAuth2 (gitlab) & roles matching (JSMEpath) Authentication login , auth , oauth , grafana-roles	1	671	August 10, 2022
Please support role_attribute_path for Github Oauth Authentication	2	936	October 10, 2022
Is it possible to match organization with `role_attribute_path` and GitHub oAuth2? Authentication auth , oauth	9	220	June 6, 2023
Cannot get Oauth role_attribute_path working with strict OIDC namespaces	1	1026	November 1, 2020
Grafana admin authorization with Gitlab Authentication	0	405	August 24, 2022

OAuh2 gitlab role_attribute_path JMESpath

Related topics