Auth0 authentication support

Is there a guide for how to integrate auth0 as an auth provider? I see mention of it, but no real guide to setup.

Thanks,

Matt.

Auth0 is supported, you need to create a new “client” in Auth0 for Grafana, select “Regular Web Application” and enter https://<your.grafana.url>/login/generic_oauth in the “Allowed callback URLs” box and click “save changes”.

Then in your Grafana config:

[auth.generic_oauth]
enabled = true
allow_sign_up = true
team_ids =
allowed_organizations =
name = Auth0
client_id = <client id>
client_secret = <client secret>
scopes = openid profile email
auth_url = https://<domain>/authorize
token_url = https://<domain>/oauth/token
api_url = https://<domain>/userinfo

Where <domain>, <client id> and <client secret> are replaced with the values from the client settings page in Auth0.

awesome. i’ll try to set this up with environment variables (to facilitate a docker deploy).

Interestingly, grafana doesn’t seem to pickup those settings from environment variables set through docker-compose…

  GF_AUTH_GENERIC_OAUTH_ENABLED: 'True'
  GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: 'True'
  GF_AUTH_GENERIC_OAUTH_TEAM_IDS: ''
  GF_AUTH_GENERIC_OAUTH_ALLOWED_ORGANIZATIONS: ''
  GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '<domains>'
  GF_AUTH_GENERIC_OAUTH_NAME: Auth0
  GF_AUTH_GENERIC_OAUTH_CLIENT_ID: <client-id>
  GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: <client-secret>
  GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
  GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://<domain>/authorize
  GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://<domain>/oauth/token
  GF_AUTH_GENERIC_OAUTH_API_URL: https://<domain>/userinfo

Settings page doesn’t show the values:

I confirmed that passing the env vars does work, it sounds like maybe they aren’t getting passed through properly be docker-compose.

Hi,

I’m trying the above using Grafana v5.0.0-beta4 (commit: 1de8891), but I get the following error:

login.OAuthLogin(NewTransportWithCode) logger=context userId=0 orgId=0 uname= error=“oauth2: cannot fetch token: 400 Bad Request\nResponse: {“error”:“invalid_request”,“error_description”:“missing access_token parameter”}”

Am I missing something in my config or this another issue?

Thanks,
Dimitris

For anybody coming across this, I had the following error:

t=2018-03-16T17:09:36+0000 lvl=eror msg="login.OAuthLogin(get info from generic_oauth)" logger=context userId=0 orgId=0 uname= error="Error getting email address: <!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /userinfo/emails</pre>\n</body>\n</html>\n"

I fixed it by adding a scopes line as per the Auth0 section of the docs: http://docs.grafana.org/installation/configuration/

The example above might be outdated for some use cases so remember to add in the scopes line.