Disable basic password login form

I want all of my services behind a reverse proxy with 2FA and Grafana is the only service I use that doesn’t support OTP, so I’m forced to use oauth2 provided by Nextcloud instead. Both Grafana and Nextcloud are running in containers behind the reverse proxy and it seems to work. Grafana has associated my existing user with the correct Nextcloud user (with the same email address).

However, I can still login with my email address as my user name and my password, which defeats the purpose of using oauth2 to begin with. How do I force oauth2 for login and prevent login via password only?

Grafana supports OIDC, so configure Grafana to use OIDC + disable local user/password auth.
Then configure all secure login options, which you need on used IDP server (TOTP, HOTP, passwordless, push notification, PKI card,…)

Yes but my question was how? I tried adding this to my config ini but it still allows password login:

[auth.basic]
enabled = false