Is there a guide for how to integrate auth0 as an auth provider? I see mention of it, but no real guide to setup.
Thanks,
Matt.
Auth0 is supported, you need to create a new “client” in Auth0 for Grafana, select “Regular Web Application” and enter https://<your.grafana.url>/login/generic_oauth in the “Allowed callback URLs” box and click “save changes”.
Then in your Grafana config:
[auth.generic_oauth]
enabled = true
allow_sign_up = true
team_ids =
allowed_organizations =
name = Auth0
client_id = <client id>
client_secret = <client secret>
scopes = openid profile email
auth_url = https://<domain>/authorize
token_url = https://<domain>/oauth/token
api_url = https://<domain>/userinfo
Where <domain>, <client id> and <client secret> are replaced with the values from the client settings page in Auth0.
awesome. i’ll try to set this up with environment variables (to facilitate a docker deploy).
Interestingly, grafana doesn’t seem to pickup those settings from environment variables set through docker-compose…
GF_AUTH_GENERIC_OAUTH_ENABLED: 'True'
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: 'True'
GF_AUTH_GENERIC_OAUTH_TEAM_IDS: ''
GF_AUTH_GENERIC_OAUTH_ALLOWED_ORGANIZATIONS: ''
GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '<domains>'
GF_AUTH_GENERIC_OAUTH_NAME: Auth0
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: <client-id>
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: <client-secret>
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://<domain>/authorize
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://<domain>/oauth/token
GF_AUTH_GENERIC_OAUTH_API_URL: https://<domain>/userinfo
Settings page doesn’t show the values:
I confirmed that passing the env vars does work, it sounds like maybe they aren’t getting passed through properly be docker-compose.
Hi,
I’m trying the above using Grafana v5.0.0-beta4 (commit: 1de8891), but I get the following error:
login.OAuthLogin(NewTransportWithCode) logger=context userId=0 orgId=0 uname= error=“oauth2: cannot fetch token: 400 Bad Request\nResponse: {"error":"invalid_request","error_description":"missing access_token parameter"}”
Am I missing something in my config or this another issue?
Thanks,
Dimitris
For anybody coming across this, I had the following error:
t=2018-03-16T17:09:36+0000 lvl=eror msg="login.OAuthLogin(get info from generic_oauth)" logger=context userId=0 orgId=0 uname= error="Error getting email address: <!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /userinfo/emails</pre>\n</body>\n</html>\n"
I fixed it by adding a scopes line as per the Auth0 section of the docs: http://docs.grafana.org/installation/configuration/
The example above might be outdated for some use cases so remember to add in the scopes line.