I am developing a datasource plugin for grafana to get data from Azure DevOps Services (Visual Studio Team Services) using it’s REST API. First step to start making requests is authenticate access to the API using Azure Active Directory. What grafana provides for this is routes which uses OAuth2.0 Client Credential Grant Flow. Unfortunately, that is not supported by the API. The API does not allow service to service oauth i.e. a confidential client making a silent request to receive a token response. Basically a server cannot access the API without user interaction. A browser redirect is needed to go to authorization endpoint where user logs in and then only token would be received at the callback url registered on AAD ( this is Implicit grant flow). Once the login in done, token can be acquired silently until a log in is needed again. This is effectively handled by ADAL (Azure Active Directory Authentication Library) which works in Native Applications (Browser Pop-up) and Web Applications (Browser redirects) but I can’t figure out how I can use the Grafana backend server to do this for me.
If I figure out a way to let my plugin make a browser redirect and come back to http://localhost:3000/.../# and extract the hash, I would have the token with me!