Add support for OAuth authentication

[mem]

Some use cases require support for OAuth authentication. This would have to be added in blackbox_exporter, but we can start discussing requirements here.

Since this is a non-interactive application, this is a good starting point:

https://auth0.com/blog/using-m2m-authorization/

[mem]

It's not necessarily true that this needs to be implemented in BBE.

I added the help wanted label to surface the issue. It would be nice if people can provide use cases where this is required.

[penguinairlines]

We could use support for session auth. Need to make 2 requests:

1. First request - send in a payload with the credentials, which returns a generic success message and inside the headers is a cookie. Need the ability to grab the value in the response header in order to pass along to subsequent requests.
2. Second request - use previously supplied cookie in the headers to send in a 2nd payload to query the API, and use this response to gather metrics.
3. Need the ability to parse the response payload for a string pattern that describes the cookie/session expiration, so that we can react an expired session by re-running step 1.

I would also like to see this as part of blackbox_exporter, so that I can use the metrics on either Grafana cloud or self-hosted instances, but if it needs to be done downstream then I can always collect with Grafana cloud and forward to on-prem instances for aggregation. Still, I think an enhancement to blackbox_exporter would be the more versatile one.

[spedersen-emailage]

+1

We need OAuth2 support in order to effectively test our API endpoints, which require authorization to access. Otherwise, it's not possible to run HTTP checks as they'll return an error, ex. HTTP 401 Unauthorized.

Both public and private probe support is needed.

[AmitKatyal-Sophos]

Any update on this ?

[peterschretlen]

Closing in favor of related issue https://github.com/grafana/synthetic-monitoring-agent/issues/356