OAuh2 gitlab role_attribute_path JMESpath

copolycube · July 29, 2022, 8:28pm

Hello,

I am trying to understand which API is called during the gitlab Oauth authentication, to determine the gitlab groups and gitlab roles memberships.

My goal be able to configure role_attribute_path to apply a matching between Oauth gitlab group role membership and grafana role matching rule.

gitlab	grafana
admin, owner	Admin
maintainer, dev	Editor
guest	Viewer

I explored and tried around from the following docs without success :

links to docs on grafana side :
Configure generic OAuth authentication | Grafana documentation
Configure GitLab OAuth2 Authentication | Grafana documentation

GF_AUTH_GITLAB_ROLE_ATTRIBUTE_PATH: (contains(info.access_level[*], '50') || contains(info.roles[*], 'admin' || is_admin) ) && 'Admin' || (contains(info.access_level[*], '40') || contains(info.roles[*], 'editor')) && 'Editor' || 'Viewer'

but so far no luck…

Thanks for any suggestion !

agoyalg · August 25, 2022, 7:16am

Any update on this? as I am also trying to pull out groups from Dex (OIDC) to the grafana and assigned roles based on the groups. it looks like there seems to be no way so far.

jangaraj · August 25, 2022, 2:39pm

Make sure you have Grafana v9.1.0-beta1+ version - OAuth: Allow role mapping from GitHub and GitLab groups by Jguer · Pull Request #52407 · grafana/grafana · GitHub

Topic		Replies	Views
OAuth2 (gitlab) & roles matching (JSMEpath) Authentication login , auth , oauth , grafana-roles	2	1328	July 26, 2024
Please support role_attribute_path for Github Oauth Authentication	2	1969	October 10, 2022
Map OIDC group to a role without the use of Team Sync Authentication oauth	2	1787	July 28, 2022
Generic OAuth and user role mapping Grafana	9	6707	August 25, 2020
Is it possible to match organization with `role_attribute_path` and GitHub oAuth2? Authentication auth , oauth	20	5693	December 17, 2024

OAuh2 gitlab role_attribute_path JMESpath

Related topics