Using Grafana 7.3.1 here
I use Auth0 as the Oauth supplier, which actually refuses to add claims to the /userinfo
endpoint (and the id token) unless it’s prefixed with a URL-type (e.g., https://grafana.my-domain.com/
) namespace scheme. So basically I’ve been forced to provide my role info as such:
{
...
"https://grafana.my-domain.com/role": "Editor"
...
}
However, I can’t for the life of me figure out how to get this parsed with the JMESpath spec used by role_attribute_path
. I’ve tried role_attribute_path = "https://grafana.my-domain.com/role"
which results in a “Failed to extract role” error complaining about the syntax of the expression. The only expression I’ve got accepted was role_attribute_path = "\"https://grafana.my-domain.com/role"\"
which doesn’t complain about syntax, but unfortunately doesn’t seem to have found the field correctly either, as I’m still getting “Not syncing organization roles since external user doesn’t have any” despite seeing the claim in the API response from the debug log. I’m kind of running out of ideas here. Have anyone ran into this kind of issue before?