Mapping OAuth Users to specific group

I would like to use our existing OAuth infrastructure to assign specific OAuth users to (Grafana-) Admins roles based on information inside the auth_token like the LDAP Admin binding configuration.

Unfortunately I have neither found any information about this on the docs or on this forum.

This is supported or planed for a future release?

this is currently not possible. There is an open feature request for this. Not something the core team is working on but is likely to be implemented some day

Thanks for the info.

Could you link the feature request? I might look into this since it would be really useful for me.

Hi,

Has there been any progress in this regard?

I was just trying to achieve similar functionality through Auth0. I can provide some user metadata through Auth0 and I see they are included in the id_token that Grafana receives. However, Grafana does not seem to parse those metadata or make any use of them. Specifically I included metadata defining the “Company” or the “Role”.

t=2018-04-18T12:54:27+0000 lvl=dbug msg="Received id_token" logger=oauth.generic_oauth json="{\"email\":\"************************\",\"email_verified\":true,\"user_id\":\"auth0|**********************\",\"clientID\":\"************\",\"picture\":\"https://s.gravatar.com/avatar/*************************?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fel.png\",\"nickname\":\"************\",\"identities\":[{\"user_id\":\"************\",\"provider\":\"auth0\",\"connection\":\"ammp\",\"isSocial\":false}],\"updated_at\":\"2018-04-18T12:54:27.061Z\",\"created_at\":\"2018-04-17T13:03:44.401Z\",\"name\":\"*****************\",\"user_metadata\":{\"Company\":[\"1\"]},\"app_metadata\":{},\"iss\":\"https://************/\",\"sub\":\"auth0|**************\",\"aud\":\"****************\",\"iat\":1524056067,\"exp\":1524092067}" data="&{Name:********** DisplayName: Login: Username: Email:**********: Attributes:map[]}"

This is what Grafana reads in the end. The "Company"and “Role” fields remain empty:

t=2018-04-18T12:54:27+0000 lvl=dbug msg="OAuthLogin got user info" logger=oauth userInfo="&{Name:*********** Email:**************** Login:*********** Company: Role:}"

Thanks,

Elton