Grafana Generic OAuth Login Authentication

3 min readMar 10, 2019

This blog explain how to implement the grafana generic oauth login with source code.

Step 1:

Open the grafana.ini from /etc/grafana and go to [auth.generic_oauth] section. In this section have below details and change it.

;enabled = false
;name = OAuth
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;auth_url = https://foo.bar/login/oauth/authorize
;token_url = https://foo.bar/login/oauth/access_token
;api_url = https://foo.bar/user

Remove the first charector(;) from all lines and change the value similar into below.

enabled = true
name = OAuth
allow_sign_up = true
client_id = ius4jash44lqjs5psm1s3pfv1tk68nlr
client_secret = QLAnylF3eOe4wRbdrjVmsVYu
scopes = openid email nickname
auth_url = http://localhost/GrafanaOAuth/
token_url = http://localhost/GrafanaOAuth/token
api_url = http://localhost/GrafanaOAuth/userinfo

Params Explanations:

enabled: If true, the generic oauth login enabled. Otherwise is not enabled.
name: Set the login button name.
allow_sign_up: If true, You can create the new user using your generic oauth login. Otherwise you can only use login or sign_in.
client_id & client_secret: It is constent value and the client id comes with login redirect url.
auth_url: Set the authentication page url like google login page or fb login page.
token_url: Set the token page url
api_url: Set the api page url and this page return the user details like email.

Step 2:

Now we are create the GrafanaOAuth web app which is created by php. The GrafanaOAuth app is in github. Please find the full source code.

ManivannanMurugavel/GrafanaGenericOAuth

Contribute to ManivannanMurugavel/GrafanaGenericOAuth development by creating an account on GitHub.

github.com

Authentication page(auth_url):

First time you have use your emil id for login. Once you logged in, i will store the cookie value in browser. If you go to login again, you do not enter the email value, because i will get the cookie if stored and return with login redirect url.

Now i have implemented the user details using file. Once you logged in i will store your email id into the file.

The api_url link get the user details from file. But this is the not best idea. we will store the details using cookie or any method(now i am working).

Token Page(token_url):

I will use the access token and refresh token as constant. If yo want please change it.

User Details Page(api_url):

Demo Time:

Now we are in successfully implemented the generic grafana oauth login authentication.