grafana: Fix login after the Keycloak upgrade
Request the openid scope for auth against Keycloak.
Logging in to Grafana was broken, with the login form yielding:
Login failed
Internal server error
The server logs reported:
logger=oauth.generic_oauth t=2024-06-13T09:46:31.887290207Z
level=error
msg="Error getting email address"
url=https://login.collabora.com/auth/realms/master/protocol/openid-connect/userinfo/emails
error="unsuccessful response status code 404: {\"error\":\"HTTP 404 Not Found\",\"error_description\":\"For more on this error consult the server log at the debug level.\"}"
Apparently the new version of Keycloak that got deployed recently is a
bit more strict in the way it checks oauth scopes: since we are doing
OpenID-Connect authentication let's then set the required openid
scope to make Keycloak happy.
See also https://gitlab.collabora.com/sysadmin/ansible-core-services/-/merge_requests/59
Edited by Emanuele Aina