Auth proxy authenticated user still shown login page

I’m attempting to get auth proxy to work in conjunction with an anonymous org for non-authenticated users. This is mostly working but for one small issue.

I’ve set up auth proxy as described in the Grafana docs, except for I’m redirecting to my auth provider only then the /login URL is hit. This way unauthenticated users can still access the page. Then, a user selecting login will get redirected to the 3rd party auth provider, and any user with a session should be treated as logged in.

What’s happening is that when a user clicks the login link they do get redirected to the 3rd party auth page, log in successfully, and get redirected back. But instead of landing on their default dashboard, they land on the Grafana login page. This happens even though the user session is definitely known to Grafana. This can be confirmed by viewing source on the login page, and the user id can be seen in window.grafanaBootData. Also, if you then just change the URL in the browser window by hand from the /login URL to the root URL, the the page loads in the context of the logged in user (userid set, editor role set instead of viewer role).

Is the fact that /login doesn’t redirect to the default dashboard a bug, or is there something I’m missing here?


It does seem like accessing /login while logged in should just take you to the same place as accessing /. I’m working on a PR that touches the login code at the moment and will see if I can make that happen.

Thanks for taking a look at this. Should I submit a Github issue, or is there one I can track? It would be good to be able to follow the progress for our own internal planning.