|
@@ -17,7 +17,7 @@ can find examples using Okta, BitBucket, OneLogin and Azure.
|
|
|
|
|
|
|
|
This callback URL must match the full HTTP address that you use in your browser to access Grafana, but with the prefix path of `/login/generic_oauth`.
|
|
This callback URL must match the full HTTP address that you use in your browser to access Grafana, but with the prefix path of `/login/generic_oauth`.
|
|
|
|
|
|
|
|
-You may have to set the `root_url` option of `[server]` for the callback URL to be
|
|
|
|
|
|
|
+You may have to set the `root_url` option of `[server]` for the callback URL to be
|
|
|
correct. For example in case you are serving Grafana behind a proxy.
|
|
correct. For example in case you are serving Grafana behind a proxy.
|
|
|
|
|
|
|
|
Example config:
|
|
Example config:
|
|
@@ -209,6 +209,17 @@ allowed_organizations =
|
|
|
token_url = https://<your domain>.my.centrify.com/OAuth2/Token/<Application ID>
|
|
token_url = https://<your domain>.my.centrify.com/OAuth2/Token/<Application ID>
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
|
|
+## Set up OAuth2 with non-compliant providers
|
|
|
|
|
+
|
|
|
|
|
+Some OAuth2 providers might not support `client_id` and `client_secret` passed via Basic Authentication HTTP header, which
|
|
|
|
|
+results in `invalid_client` error. To allow Grafana to authenticate via these type of providers, the client identifiers must be
|
|
|
|
|
+send via POST body, which can be enabled via the following settings:
|
|
|
|
|
+
|
|
|
|
|
+ ```bash
|
|
|
|
|
+ [auth.generic_oauth]
|
|
|
|
|
+ send_client_credentials_via_post = true
|
|
|
|
|
+ ```
|
|
|
|
|
+
|
|
|
<hr>
|
|
<hr>
|
|
|
|
|
|
|
|
|
|
|
Tomas Dabasinskas