This continues the discussion from PR 33162.
Here’s my last post:
Personally, I’d like to see people using the auth proxy to move over to the new Grafana 8 JWT authentication introduced by #29995
In a scenario where a proxy web server takes care of authentication and passes on a set of headers in a trusted relationship/network to a backend server, I can see no gain by introducing another layer of complexity with JWT.
If I as an admin have an existing authentication and identity delegation scheme (say AD auth, SAML2, OAuth2/OIDC, LDAP auth, or whatever is en vogue 5 years from now) that’s handled by the proxy, I want to make use of it as much as possible, regardless whether Grafana supports it or not.
Being able to control all aspects of authentication and authorization via HTTP headers is a way of future-proofing Grafana in my opinion.