From 1a7bafb9b8ee8531d2da839761f270520d9214fb Mon Sep 17 00:00:00 2001 From: Saibotk Date: Sun, 2 Jul 2023 18:21:53 +0200 Subject: [PATCH] monitoring: Adjust oauth settings --- roles/monitoring/templates/docker-compose.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/monitoring/templates/docker-compose.yml b/roles/monitoring/templates/docker-compose.yml index c1c6d0b..6ccc5eb 100644 --- a/roles/monitoring/templates/docker-compose.yml +++ b/roles/monitoring/templates/docker-compose.yml @@ -35,14 +35,17 @@ services: - "GF_UNIFIED_ALERTING_ENABLED=true" {% if monitoring_grafana_oauth is defined and monitoring_grafana_oauth.enabled %} - - "GF_AUTH_OAUTH_AUTO_LOGIN=true" + - "GF_AUTH_DISABLE_LOGIN_FORM=true" - "GF_AUTH_SIGNOUT_REDIRECT_URL={{ monitoring_grafana_oauth.signout_url }}" - "GF_AUTH_GENERIC_OAUTH_ENABLED=true" - "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP={{ monitoring_grafana_oauth.allow_sign_up }}" + - "GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN=true" + - "GF_AUTH_GENERIC_OAUTH_USE_PKCE=true" + - "GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false" - "GF_AUTH_GENERIC_OAUTH_NAME={{ monitoring_grafana_oauth.name }}" - "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ monitoring_grafana_oauth.client_id }}" - "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ monitoring_grafana_oauth.client_secret }}" - - "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile" + - "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile roles offline_access" - "GF_AUTH_GENERIC_OAUTH_AUTH_URL={{ monitoring_grafana_oauth.auth_url }}" - "GF_AUTH_GENERIC_OAUTH_TOKEN_URL={{ monitoring_grafana_oauth.token_url }}" - "GF_AUTH_GENERIC_OAUTH_API_URL={{ monitoring_grafana_oauth.api_url }}"