New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth: Fix token refresh failure when custom SSL settings are configured for OAuth provider #27523
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… oauth provider (grafana#27514) OAuth token refresh fails when custom SSL settings are configured for oauth provider (grafana#27514) OAuth token refresh fails when custom SSL settings are configured for oauth provider (grafana#27514)
billoley
requested review from
papagian and
marefr
and removed request for
a team
September 11, 2020 00:05
marefr
added
area/backend
pr/external
This PR is from external contributor
area/auth/oauth
labels
Sep 11, 2020
marefr
requested changes
Sep 11, 2020
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great. However, I have some minor suggestions regarding code structure.
marefr
approved these changes
Sep 11, 2020
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great. LGTM
marefr
changed the title
OAuth token refresh fails when custom SSL settings are configured for…
OAuth: Fix token refresh failure when custom SSL settings are configured for OAuth provider
Sep 11, 2020
Thank you for contributing to Grafana! |
billoley
added a commit
to billoley/grafana
that referenced
this pull request
Sep 14, 2020
…red for OAuth provider (grafana#27523) OAuth token refresh fails when custom SSL settings are configured for oauth provider. These changes makes sure that custom SSL settings are applied for HTTP client before refreshing token. Fixes grafana#27514
billoley
added a commit
to billoley/grafana
that referenced
this pull request
Sep 25, 2020
…red for OAuth provider (grafana#27523) OAuth token refresh fails when custom SSL settings are configured for oauth provider. These changes makes sure that custom SSL settings are applied for HTTP client before refreshing token. Fixes grafana#27514
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
add to changelog
area/auth/oauth
area/backend
pr/external
This PR is from external contributor
type/bug
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #27514
OAuth token refresh fails when custom SSL settings are configured for oauth provider
When using generic oauth with SSL configured and tls_skip_verify_insecure=true, I was able to log in with my oauth provider, but when the token expired and grafana tried to fetch a new token (using the refresh token), I saw http ssl errors.
When the original token is fetched in login_oauth.go, the code gets an http client based on the appropriate oauth settings and setit into the context to be used. This same functionality should be centralized and used from wherever oauth token http operations are initiated.
Moved code for creating an http client using the OAuth SSL setting to a new package oauthtoken.
This allows code to be refactored from login_oauth.go so that it can be used from there, ds_proxy.go, and anywhere else that calls OAuth APIs and needs to configure a client.