DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(grafana): 🔒 Remove unnecessary role scope from OAuth

Browse source 
Remove the 'roles' scope from the Grafana OAuth configuration to streamline authentication requirements. This change enhances security by limiting access scopes to only what's necessary.
This commit is contained in:
Daniel Sy 2025-08-13 14:39:14 +02:00
parent 22c5ff75c8
commit f9b3b69b67
Signed by untrusted user: danielsy
GPG key ID: 1F39A8BBCD2EE3D3
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
View file

@ -52,7 +52,7 @@ spec:
use_refresh_token: "true"
client_id: grafana
client_secret: "thisisasecret" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
scopes: openid email profile offline_access roles
scopes: openid email profile offline_access
auth_url: https://dex.observability.t09.de/auth
token_url: https://dex.observability.t09.de/token
api_url: https://dex.observability.t09.de/userinfo