Add a couple of oauth options.

defaults/main.yml

@@ -11,6 +11,7 @@ grafana_packages:
   - grafana
 
 grafana_oauth_auto_assign_role: false
+grafana_oauth_use_refresh_token: true
 grafana_role_attribute_strict: "{% if grafana_oauth_auto_assign_role %}false{% else %}true{% endif %}"
 grafana_conf:
   - { section: "", option: app_mode, value: "{{ grafana_app_mode }}", state: present }
@@ -73,10 +74,6 @@ grafana_conf:
     value: "{{ grafana_u_auto_assign_org | default(true) | lower }}"
     state: present
   - { section: users, option: auto_assign_org_role, value: "{{ grafana_u_default_role | lower }}", state: "{% if grafana_oauth_auto_assign_role %}present{% else %}absent{% endif %}" }
-  - section: users
-    option: role_attribute_strict
-    value: "{{ grafana_role_attribute_strict }}"
-    state: "present"
   - { section: users, option: default_theme, value: "{{ grafana_u_default_theme  }}", state: present }
   - { section: auth, option: disable_login_form, value: "{{ grafana_u_disable_login_form | lower }}", state: present }
   - { section: auth, option: oauth_auto_login, value: "{{ grafana_oauth_auto_login | lower }}", state: present }
@@ -158,6 +155,14 @@ grafana_conf:
     option: role_attribute_path
     value: "{{ grafana_oauth_role_attribute_path }}"
     state: "{% if grafana_oauth_generic_enabled %}present{% else %}absent{% endif %}"
+  - section: auth.generic_oauth
+    option: role_attribute_strict
+    value: "{{ grafana_role_attribute_strict }}"
+    state: "present"
+  - section: auth.generic_oauth
+    option: use_refresh_token
+    value: "{{ grafana_oauth_use_refresh_token }}"
+    state: "present"
   - { section: auth.ldap, option: enabled, value: "{{grafana_ldap_auth | lower }}", state: present }
   - { section: auth.ldap, option: config_file, value: /etc/grafana/ldap.toml, state: present }
   - { section: log, option: mode, value: "{{ grafana_log_mode  }}", state: present }