Hey, I’m trying to user generic_oauth to validate with bitbucket, it is actually working, but I need to set permissions for only one team_id, to avoid everyone with an Bitbucket account to log in into my dashboard, do you know the right way to do this? everytime I set a different api_url than api_url = https://api.bitbucket.org/2.0/user/ I get an error and api_url = https://api.bitbucket.org/2.0/user/permissions/teams is not working.
thanks
Try to configure
team_ids = ....
http://docs.grafana.org/installation/configuration/#set-up-oauth2-with-bitbucket
I did, but https://api.bitbucket.org/2.0/user/ does not return any team information, so I get an error.
I guess you don’t use the right scope: team.
Doc: https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html
this is what I get from grafana.log using that settings:
t=2018-09-03T19:50:08+0000 lvl=dbug msg="OAuthLogin Got token" logger=oauth token="&{AccessToken:wWVRAp9dmqMpFT2uPwSiDYMV9tR1HkNL2cLYrTYhPTcQOEQKrOatgJ33EBt33fJ6zEA0Ng_ImlLplsJPINI= TokenType:Bearer RefreshToken:TjvYYttcYPxtVmXXN2 Expiry:2018-09-03 21:50:08.057852797 +0000 UTC m=+7237.022441979 raw:map[expires_in:7200 refresh_token:TjvYYttcYPxtVmXXN2 token_type:bearer access_token:wWVRAp9dmqMpFT2uPwSiDYMV9tR1HkNL2cLYrTYhPTcQOEQKrOatgJ33EBt33fJ6zEA0Ng_ImlLplsJPINI= scopes:team account]}" t=2018-09-03T19:50:08+0000 lvl=dbug msg="No id_token found" logger=oauth.generic_oauth token="&{AccessToken:wWVRAp9dmqMpFT2uPwSiDYMV9tR1HkNL2cLYrTYhPTcQOEQKrOatgJ33EBt33fJ6zEA0Ng_ImlLplsJPINI= TokenType:Bearer RefreshToken:TjvYYttcYPxtVmXXN2 Expiry:2018-09-03 21:50:08.057852797 +0000 UTC m=+7237.022441979 raw:map[access_token:wWVRAp9dmqMpFT2uPwSiDYMV9tR1HkNL2cLYrTYhPTcQOEQKrOatgJ33EBt33fJ6zEA0Ng_ImlLplsJPINI= scopes:team account expires_in:7200 refresh_token:TjvYYttcYPxtVmXXN2 token_type:bearer]}" t=2018-09-03T19:50:08+0000 lvl=dbug msg="HTTP GET https://api.bitbucket.org/2.0/user: 200 OK {\"username\": \"lucasclavero\", \"website\": null, \"display_name\": \"Lucas Clavero\", \"account_id\": \"5b51e0cc978af72cc15b98b4\", \"links\": {\"hooks\": {\"href\": \"https://api.bitbucket.org/2.0/users/lucasclavero/hooks\"}, \"self\": {\"href\": \"https://api.bitbucket.org/2.0/users/lucasclavero\"}, \"repositories\": {\"href\": \"https://api.bitbucket.org/2.0/repositories/lucasclavero\"}, \"html\": {\"href\": \"https://bitbucket.org/lucasclavero/\"}, \"followers\": {\"href\": \"https://api.bitbucket.org/2.0/users/lucasclavero/followers\"}, \"avatar\": {\"href\": \"https://bitbucket.org/account/lucasclavero/avatar/\"}, \"following\": {\"href\": \"https://api.bitbucket.org/2.0/users/lucasclavero/following\"}, \"snippets\": {\"href\": \"https://api.bitbucket.org/2.0/snippets/lucasclavero\"}}, \"created_on\": \"2018-07-23T15:10:14.956661+00:00\", \"is_staff\": false, \"location\": null, \"type\": \"user\", \"uuid\": \"{4d4bea89-c4aa-4891-9e2b-6284ba552755}\"}" t=2018-09-03T19:50:08+0000 lvl=dbug msg="HTTP GET https://api.bitbucket.org/2.0/user/emails: 200 OK {\"pagelen\": 10, \"values\": [{\"is_primary\": true, \"is_confirmed\": true, \"type\": \"email\", \"email\": \"lclavero@xxxxxxx.com\", \"links\": {\"self\": {\"href\": \"https://api.bitbucket.org/2.0/user/emails/lclavero@xxxxxxx.com\"}}}], \"page\": 1, \"size\": 1}" t=2018-09-03T19:50:08+0000 lvl=eror msg="login.OAuthLogin(get info from generic_oauth)" logger=context userId=0 orgId=0 uname= error="User not a member of one of the required teams"
and this is my config at grafana.ini:
#################################### Generic OAuth ########################## [auth.generic_oauth] name = BitBucket enabled = true allow_sign_up = true client_id = xxxxxxxxxx client_secret = xxxxxxxxxxxxx scopes = account email team auth_url = https://bitbucket.org/site/oauth2/authorize token_url = https://bitbucket.org/site/oauth2/access_token api_url = https://api.bitbucket.org/2.0/user team_ids = xxxxxxx ;allowed_organizations =
still no luck: t=2018-09-03T19:50:08+0000 lvl=eror msg=“login.OAuthLogin(get info from generic_oauth)” logger=context userId=0 orgId=0 uname= error=“User not a member of one of the required teams”
t=2018-09-03T19:50:08+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=172.40.20.162 time_ms=166 size=1731 referer=https://id.atlassian.com/