You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Third-party application access policy of Github is "Access restricted" by default for a couple of years now.
I took config from defaults.ini config file and tried to setup grafana to allow authenticate users from specific organizations only. "Access restricted" policy does not allow third party applications to view organization specific information when authenticating. Instead, there is a different endpoint to get user's organizations membership: "https://api.github.com/users//orgs", but grafana's [auth.github] api_url is set to "https://api.github.com/user" and grafana tries to get a list of organizations by just appending "/orgs" to the end of api_url, which shows only organizations with "Access allowed" application access policy.
What was the expected result?
I expect grafana to take organizations_url field from user data response from github and make another request to get organizations that the user is member of.
What happened instead?
Grafana just concatenates "/orgs" to the api_url config and makes a request, which is useless in this case.
The text was updated successfully, but these errors were encountered:
* master:
changelog: adds note about closing #10131
Explicitly specify default region in CloudWatch datasource (#9440)
wait for all sub routines to finish
changelog: adds ntoe about closing #10111
postgres: change $__timeGroup macro to include "AS time" column alias (#10119)
fixes broken test
Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to "Access restricted". "Access restricted" policy should not stop user to authenticate.
Third-party application access policy of Github is "Access restricted" by default for a couple of years now.
I took config from defaults.ini config file and tried to setup grafana to allow authenticate users from specific organizations only. "Access restricted" policy does not allow third party applications to view organization specific information when authenticating. Instead, there is a different endpoint to get user's organizations membership: "https://api.github.com/users//orgs", but grafana's [auth.github] api_url is set to "https://api.github.com/user" and grafana tries to get a list of organizations by just appending "/orgs" to the end of api_url, which shows only organizations with "Access allowed" application access policy.
What was the expected result?
I expect grafana to take
organizations_url
field from user data response from github and make another request to get organizations that the user is member of.What happened instead?
Grafana just concatenates "/orgs" to the
api_url
config and makes a request, which is useless in this case.The text was updated successfully, but these errors were encountered: