Fetch Keycloak Login event data using REST API in Grafana Dashboard

I have a REST API url, to which I need to pass authentication credentials and get the access token.

Using this access token then I need to run a different url and get the data.

How do I do this in Grafana using Infinity or any other REST API datasource plugin.

I am able to configure the infinity datasource and get the access token. but how can I use that when I have to run the second url.

How do I do that, is there any configuration we need to achieve this functionality.

Make the authentication a variable. Then use that variable as access token

Okay that can be done.

But I do not want the access token to be visible openly. How can we prevent that.
Like make a variable invisible

Read the documentation

:fish:

Thanks for the inputs :slight_smile:

I have gone through the documentation. We can configure a variable to be hidden.
But as you know, usually Access tokens are valid for a limited period of time.

And a variable can be of either types, interval type or query type.

But there is no option like which we can configure the variable to query the output every 1 minute.
We can achieve the variable output to be updated on time change or dashboard load if we configure it to be of query type.

But not all together, if there is anything I am missing, please correct.

Please share if any inputs on this issue.

Thanks and Regards,
Bhushan

1 Like

I doubt you have to refresh tokens every minute. I personally have never heard of such token refresh rate, that would be unusable?

And it says on reload of dashboard or time change so I would argue that is sufficient. If not maybe you have to configure a differentt mechanism outside of grafana that provides u this token?

Hello,

Thanks for all the inputs.

I solved it by setting the variable to update on time change instead of the Dashboard Load.
And setting the Variable as hidden. This way the key generated will not be visible to the users.

So whenever we load the dashboard it will need a time input to load the charts and tables, so the time change is also triggered, which is triggering my variable and generating the token key.

This output from the variable is then used for the authorization of the GET or POST api I am invoking to fetch the data I need.

Hope this implementation method helps someone.

Thanks & Regards,
Bhushan

1 Like

It works but it is inefficient - you are generating access token every request. But access token itself has information, when it will expire + refresh token should be used to generate new valid access token.

Security is also questionable - yes variable is hidden, but nothing stopping the user to use browser console and copy access token (maybe also client id/secret) from there and reuse it for own queries outside of Grafana.

2 Likes

Yes. It is an antipattern to use variables for such sensitive things. For the sake of security, please don’t use variables for such cases.

2 Likes

The token will expire in 60 seconds. So I don’t think it will be of an issue.

But will take a note and opt for different mechanism.

Thanks for all the inputs.

1 Like