Hello everyone, I hope you’re doing great.
I am having the following issue trying to integrate Grafana with AWS Cognito. Despite having my user set up with the ADMIN role in Cognito, when I log in, it is not assigning me the correct group.
I am providing evidence of my configurations grafana/latest.
ENV GF_AUTH_DISABLE_LOGIN_FORM=true
ENV GF_AUTH_GENERIC_OAUTH_ENABLED=true
ENV GF_AUTH_GENERIC_OAUTH_ENABLED_NAME=Cognito
ENV GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
ENV GF_AUTH_GENERIC_OAUTH_CLIENT_ID=XXXX
ENV GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=XXXXX
ENV GF_AUTH_GENERIC_OAUTH_SCOPES=“email profile aws.cognito.signin.user.admin openid”
ENV GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH = “(‘cognito:groups’ | contains([*], ‘Admin’) && ‘Admin’ || ‘Viewer’)”
When I log in, it always leaves me as VIEWER.
In the Docker logs, I see the following line:
WARN [04-25|21:04:00] No valid role found. Skipping role sync. In Grafana 10, this will result in the user being assigned the default role and overriding manual assignment. If role sync is not desired, set oauth_skip_org_role_update_sync to true logger=oauth.generic_oauth
If anyone has experienced the same issue or can help me, I will be eternally grateful. Thank you very much in advance.
When launching my container with the following configurations: