Hello! I’m hoping someone can help me out here because I’m having a hard time figuring this out. I have configured a Grafana 7.1.3 container to use Azure AD for authentication and that piece is working fine. I can log in without issue. However, when I try to forward my Oauth credentials on to a Prometheus data source things seem to fall apart. I expected to see an Authorization: Bearer <TOKEN> header attached to the request but I found no such header. Is there some sort of specific configuration I need to add to the [auth.azuread] config to enable this functionality? All the recommended configurations from the Grafana docs have been applied on the Azure AD side. Find below the config I’m using.
[auth.azuread]
name = Azure AD
enabled = true
allow_sign_up = false
client_id = <MYID>
client_secret = <SHHHH>
scopes = openid email profile
auth_url = https://login.microsoftonline.com/<MYTENANT>/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/<MYTENANT>/oauth2/v2.0/token
allowed_domains = mydomain.com, mydomain.net
allowed_groups =
Edit for additional information:
Also strange to me is that upon trying to save and test adding the Prometheus data source to forward the Oauth credentials I’m prompted for a username and password. Is that expected behavior? Does a user that has authenticated via Azure AD need to re-authenticate when adding a data source?
