Azure Monitor datasource "current user" authentication failure

Grafana Authentication
1

Hi Guys,

I am trying to configure an Azure monitor datasource with the “Current User” authentication method as described in this document

I have completed the configuration on both the Azure side and the grafana configuration, but I get an error when saving/testing the datasource.

Error connecting to Azure Monitor endpoint: health check failed: Get " https://management.azure.com/subscriptions?api-version=2020-01-01 ": failed to retrieve Azure access token: unable to acquire access token for user ' xxx@xxx.com ': failed to request token: request failed with status 400 Bad Request, body {"error":"invalid_grant","error_description":"AADSTS50013: Assertion failed signature validation. [Reason - The key was not found., Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '00000000-0000-0000-0000-000000000000'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as ' https://graph.microsoft.com/beta/applications/00000000-0000-0000-0000-000000000000 ']. Trace ID: fc5fd6eb-1510-4b15-a56e-794330461e00 Correlation ID: 00153541-f0c3-4405-b4e0-8f526a356de0 Timestamp: 2025-05-19 13:23:50Z","error_codes":[50013],"timestamp":"2025-05-19 13:23:50Z","trace_id":"fc5fd6eb-1510-4b15-a56e-794330461e00","correlation_id":"00153541-f0c3-4405-b4e0-8f526a356de0","error_uri":" https://login.microsoftonline.com/error?code=50013 "}

here is my current Grafana configuration

[auth.azuread] 
allow_assign_grafana_admin = true 
auth_url = https://login.microsoftonline.com/XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX/oauth2/v2.0/authorize 
client_id = XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX 
client_secret = XXXXXX 
enabled = true 
name = Azure AD 
client_authentication=client_secret_post 
role_attribute_strict = true 
scopes = .default openid email profile
skip_org_role_sync = true 
token_url = https://login.microsoftonline.com/XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX/oauth2/v2.0/token 
use_refresh_token = true 
[azure] 
user_identity_enabled = true

Grafana SSO works well and the email in the error message matches the SSO email address.

Any help will be appreciated!

image
image2257×761 124 KB

image
image1789×1003 74.4 KB

image
image1986×487 72.2 KB

image
image3491×1202 285 KB

Kenneth