OAuh2 gitlab role_attribute_path JMESpath


I am trying to understand which API is called during the gitlab Oauth authentication, to determine the gitlab groups and gitlab roles memberships.

My goal be able to configure role_attribute_path to apply a matching between Oauth gitlab group role membership and grafana role matching rule.

gitlab grafana
admin, owner Admin
maintainer, dev Editor
guest Viewer

I explored and tried around from the following docs without success :

GF_AUTH_GITLAB_ROLE_ATTRIBUTE_PATH: (contains(info.access_level[*], '50') || contains(info.roles[*], 'admin' || is_admin) ) && 'Admin' || (contains(info.access_level[*], '40') || contains(info.roles[*], 'editor')) && 'Editor' || 'Viewer'

but so far no luck… :frowning:

Thanks for any suggestion !

Any update on this? as I am also trying to pull out groups from Dex (OIDC) to the grafana and assigned roles based on the groups. it looks like there seems to be no way so far.

Make sure you have Grafana v9.1.0-beta1+ version - OAuth: Allow role mapping from GitHub and GitLab groups by Jguer · Pull Request #52407 · grafana/grafana · GitHub