Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth: Support OIDC Hybrid Flow #26350

Closed
dcbroad3 opened this issue Jul 15, 2020 · 5 comments
Closed

OAuth: Support OIDC Hybrid Flow #26350

dcbroad3 opened this issue Jul 15, 2020 · 5 comments
Labels
area/auth/oauth stale Issue with no recent activity type/feature-request

Comments

@dcbroad3
Copy link

What would you like to be added:

Support for the OIDC Hybrid Flow. See Auth0, Medium, Scott Brady

Why is this needed:

Some Identity Providers do not support Authorization Code flow or require PKCE for the Authorization Code flow. Hybrid Flow adds an additional layer of security on top of the normal Authorization Code flow without requiring PKCE and while still using a client secret.

Specifically, OSIsoft Cloud Services, my company's flagship cloud service, offers authorization only by Client Credentials, Authorization Code + PKCE, and Hybrid flow. Since the only compatible method with Grafana is Client Credentials, it is not feasible to have individual users log in, instead our customers must use an organization-wide client secret stored within the Grafana server. Hybrid flow is preferred over Auth+PKCE because, in our system, Auth+PKCE is not allowed to issue a refresh token while Hybrid is, and Grafana needs a refresh token to keep users logged in and leave dashboards open over long periods.

I created #26302 for this feature and it was rejected on the grounds that there is no community support for this; if you are interested in this feature please comment or thumbs-up.
@ivanahuckova ivanahuckova added this to Inbox in Backend Platform Backlog via automation Jul 15, 2020
@RichardWirnharter
Copy link

That is exactly what we would need. Then we could make use of Grafana in our company. Excellent!

@oslaby
Copy link

oslaby commented Jul 16, 2020

For using Grafana together with OCS in our company, this feature is essential. Please include it into Grafana release.

@marefr marefr removed this from Inbox in Backend Platform Backlog Oct 5, 2020
@nicolas17
Copy link

As suggested in #15312, maybe there should be a separate "OpenID Connect" auth plugin rather than adding this kind of feature to "Generic OAuth".

@github-actions GitHub Actions
Copy link
Contributor

This issue has been automatically marked as stale because it has not had activity in the last year. It will be closed in 30 days if no further activity occurs. Please feel free to leave a comment if you believe the issue is still relevant. Thank you for your contributions!

@github-actions github-actions bot added the stale Issue with no recent activity label Jan 21, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue has been automatically closed because it has not had any further activity in the last 30 days. Thank you for your contributions!

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/auth/oauth stale Issue with no recent activity type/feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nicolas17 @dcbroad3 @ivanahuckova @RichardWirnharter @oslaby