Challenge with /api/users requiring basic authentication whilst my users are on auth.jwt

  • What Grafana version and what operating system are you using?
    11.4

  • What are you trying to achieve?
    I am trying to use the api endpoints that require basic auth with admin account e.g. /api/users

  • How are you trying to achieve it?

  • I am using python with httpx.Client
  • I inform the header “Authorization” with the basic admin:$password
  • My Grafana setup is configured for [auth.jwt] and front-end by GCP IAP + ingress nginx container in Cloud Run.
  • What happened?
    The Grafana install works perfectly for users, I am just having challenge using the api with the admin account. I keep getting “[api-key.invalid] API key is invalid” in the logs.

  • What did you expect to happen?
    … a valid response from the /api/users endpoint.

  • Can you copy/paste the configuration(s) that you are having problems with?

Auth

ENV GF_AUTH_ANONYMOUS_ENABLED=false
ENV GF_AUTH_DISABLE_LOGIN=true
ENV GF_AUTH_DISABLE_LOGIN_FORM=true
ENV GF_AUTH_DISABLE_SIGNOUT_MENU=True
ENV GF_AUTH_BASIC_ENABLED=true

This part works perfectly:
ENV GF_AUTH_JWT_ENABLED=true
ENV GF_AUTH_JWT_HEADER_NAME=x-goog-iap-jwt-assertion
ENV GF_AUTH_JWT_EMAIL_CLAIM=email
ENV GF_AUTH_JWT_USERNAME_CLAIM=sub
ENV GF_AUTH_JWT_AUTO_SIGN_UP=true
ENV GF_AUTH_JWT_JWK_SET_URL=https://www.gstatic.com/iap/verify/public_key-jwk
ENV GF_AUTH_JWT_SKIP_ORG_ROLE_SYNC=true

Thanks in advance !!

Solved: basic auth is required to be enabled in order to access the /api/users endpoint.