From 8b249ca31b72665ba540dfbf6fb47cad2333fd11 Mon Sep 17 00:00:00 2001
From: Victor Rocheleau <victor.rocheleau@mcgill.ca>
Date: Mon, 19 Aug 2024 14:38:24 -0400
Subject: [PATCH 1/2] fix: allow grafana auth with keycloak users that dont
 have emails

---
 lib/logs/docker-compose.logs.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/logs/docker-compose.logs.yaml b/lib/logs/docker-compose.logs.yaml
index f8b3c0bb..ca99197f 100644
--- a/lib/logs/docker-compose.logs.yaml
+++ b/lib/logs/docker-compose.logs.yaml
@@ -23,6 +23,7 @@ services:
       - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://${BENTOV2_AUTH_DOMAIN}/realms/bentov2/protocol/openid-connect/token
       - GF_AUTH_GENERIC_OAUTH_API_URL=https://${BENTOV2_AUTH_DOMAIN}/realms/bentov2/protocol/openid-connect/userinfo
       - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH='GrafanaAdmin'
+      - GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH='@.email || @.sub'
       - GF_AUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true
     entrypoint:
       - sh

From 44a6e47851a06fff02c5a5f23c3ed9c7f23caa46 Mon Sep 17 00:00:00 2001
From: Victor Rocheleau <victor.rocheleau@mcgill.ca>
Date: Mon, 19 Aug 2024 17:13:02 -0400
Subject: [PATCH 2/2] add preferred_username paths

---
 lib/logs/docker-compose.logs.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/logs/docker-compose.logs.yaml b/lib/logs/docker-compose.logs.yaml
index ca99197f..1b20b7a8 100644
--- a/lib/logs/docker-compose.logs.yaml
+++ b/lib/logs/docker-compose.logs.yaml
@@ -16,14 +16,15 @@ services:
       - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${BENTO_GRAFANA_CLIENT_ID}
       - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${BENTO_GRAFANA_CLIENT_SECRET}
       - GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile offline_access roles
-      - GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=username
-      - GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name
+      - GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
+      - GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=preferred_username
       - GF_AUTH_GENERIC_OAUTH_USE_PKCE=true
       - GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://${BENTOV2_AUTH_DOMAIN}/realms/bentov2/protocol/openid-connect/auth
       - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://${BENTOV2_AUTH_DOMAIN}/realms/bentov2/protocol/openid-connect/token
       - GF_AUTH_GENERIC_OAUTH_API_URL=https://${BENTOV2_AUTH_DOMAIN}/realms/bentov2/protocol/openid-connect/userinfo
       - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH='GrafanaAdmin'
-      - GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH='@.email || @.sub'
+      # Allows authentication for users that don't have an email
+      - GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email || preferred_username || sub
       - GF_AUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true
     entrypoint:
       - sh